This page explains how to establish a private services access connection for a network. Any network on which you provision a Memorystore for Memcached instance must have a private services access connection. Otherwise, you cannot select that network when creating a Memorystore for Memcached instance. See Networking for more details.
We recommend that your organization's networking team / networking admin manage these steps for setting up a private services access connection before allowing application developers to provision Memcached instances.
If you are an application developer, usually your networking team should manage establishing a private services access connection. For more details, see Communicating networking requirements.
There are three ways to set up a private services access connection.
Gcloud (Recommended)
- Establishes a private services access connection before the Memcached instance creation process.
Console: VPC network
- Establishes the connection before the Memcached instance creation process.
Console: Memcached
- Establishes the connection during the Memcached instance creation process.
Gcloud
Enable the Service Networking API:
Enable the Service Networking APICheck to see if a private service access connection has been established for your network.
- If the connection has already been established, see Creating Memcached instances for instructions on how to create a Memcached instance.
Open a terminal window.
Set your default project by running the following command, replacing variables with appropriate values:
gcloud config set core/project project-id
Reserve an IP address range in your network by running the following command:
gcloud beta compute addresses create reserved-range-name --global --prefix-length=24 --description=description --network=vpc-network --purpose=vpc_peering
In the command above, the CIDR prefix length is set to
24
. This value must be at least24
, but you can set it to any smaller prefix, such as23
, which creates a larger IP address range.For information on managing private services access, see Configuring private services access.
Create a private connection between your network and the private services access network by running the following command:
gcloud services vpc-peerings connect --service=servicenetworking.googleapis.com --ranges=reserved-range-name --network=vpc-network --project=project-id
Console: VPC network
Enable the Service Networking API:
Enable the Service Networking APICheck to see if a private service access connection has been established for your network.
- If the connection has already been established, see Creating Memcached instances for instructions on how to create a Memcached instance.
Go to the VPC Networks page in the Google Cloud console.
Go to the VPC networks pageClick the name of your network. Usually it is named "default".
Click Private service connection.
Click Allocate IP ranges for services.
Click Allocate IP range.
- Enter a name for your range, such as "private-services-access-range".
- Enter a description for your range, such as "Range of IP addresses to be used for the Private services access connection".
- Select Automatic if you want Google to choose your range for you.
- Enter a CIDR prefix of
/24
or less. For example,/23
is an acceptable prefix.
- Enter a CIDR prefix of
- Select Custom if you want to choose the range yourself.
- Enter your desired range with a CIDR prefix of
/24
or less.
- Enter your desired range with a CIDR prefix of
- Click Allocate.
Click Private connections to services.
Click the Create connection button.
Under the Assigned allocation dropdown, select the range you just created in the steps above.
Click Ok.
Click Connect.
Refresh the page to see your new connection listed under the Private connections to services tab.
Console: Memcached
Enable the Service Networking API:
Enable the Service Networking APICheck to see if a private service access connection has been established for your network.
- If the connection has already been established, see Creating Memcached instances for instructions on how to create a Memcached instance.
Follow the steps at Creating Memcached instances until you see a panel that says, Private service connection required.
Click the Set Up Connection button in the Private service connection panel. Doing so opens a slide out panel for setting up private services access.
Enable the Service Networking API.
Allocate an IP range using one of the following methods:
- Select an existing IP range.
- Allocate a new IP range.
- Enter a name for your range.
- Enter a valid CIDR range with a block size of
/24
. For example:10.0.0.0/24
.
- Use an automatically allocated IP range.
Click the Create Connection button.