Establish a private services access connection

This page explains how to establish a private services access connection for a network. Any network on which you provision a Memorystore for Memcached instance must have a private services access connection. Otherwise, you cannot select that network when creating a Memorystore for Memcached instance. See Networking for more details.

We recommend that your organization's networking team / networking admin manage these steps for setting up a private services access connection before allowing application developers to provision Memcached instances.

If you are an application developer, usually your networking team should manage establishing a private services access connection. For more details, see Communicating networking requirements.

There are three ways to set up a private services access connection.

  1. Gcloud (Recommended)

    • Establishes a private services access connection before the Memcached instance creation process.

  2. Console: VPC network

    • Establishes the connection before the Memcached instance creation process.

  3. Console: Memcached

    • Establishes the connection during the Memcached instance creation process.

Gcloud

  1. Enable the Service Networking API:
    Enable the Service Networking API

  2. Check to see if a private service access connection has been established for your network.

  3. Open a terminal window.

  4. Set your default project by running the following command, replacing variables with appropriate values:

    gcloud config set core/project project-id

  5. Reserve an IP address range in your network by running the following command:

    gcloud beta compute addresses create reserved-range-name --global --prefix-length=24 --description=description --network=vpc-network --purpose=vpc_peering

    • In the command above, the CIDR prefix length is set to 24. This value must be at least 24, but you can set it to any smaller prefix, such as 23, which creates a larger IP address range.

    • For information on managing private services access, see Configuring private services access.

  6. Create a private connection between your network and the private services access network by running the following command:

    gcloud services vpc-peerings connect --service=servicenetworking.googleapis.com --ranges=reserved-range-name --network=vpc-network --project=project-id

Console: VPC network

  1. Enable the Service Networking API:
    Enable the Service Networking API

  2. Check to see if a private service access connection has been established for your network.

  3. Go to the VPC Networks page in the Google Cloud console.
    Go to the VPC networks page

  4. Click the name of your network. Usually it is named "default".

  5. Click Private service connection.

  6. Click Allocate IP ranges for services.

  7. Click Allocate IP range.

    • Enter a name for your range, such as "private-services-access-range".
    • Enter a description for your range, such as "Range of IP addresses to be used for the Private services access connection".
    • Select Automatic if you want Google to choose your range for you.
      1. Enter a CIDR prefix of /24 or less. For example, /23 is an acceptable prefix.
    • Select Custom if you want to choose the range yourself.
      1. Enter your desired range with a CIDR prefix of /24 or less.
    • Click Allocate.

  8. Click Private connections to services.

  9. Click the Create connection button.

  10. Under the Assigned allocation dropdown, select the range you just created in the steps above.

  11. Click Ok.

  12. Click Connect.

  13. Refresh the page to see your new connection listed under the Private connections to services tab.

Console: Memcached

  1. Enable the Service Networking API:
    Enable the Service Networking API

  2. Check to see if a private service access connection has been established for your network.

  3. Follow the steps at Creating Memcached instances until you see a panel that says, Private service connection required.

  4. Click the Set Up Connection button in the Private service connection panel. Doing so opens a slide out panel for setting up private services access.

  5. Enable the Service Networking API.

  6. Allocate an IP range using one of the following methods:

    • Select an existing IP range.
    • Allocate a new IP range.
      • Enter a name for your range.
      • Enter a valid CIDR range with a block size of /24. For example: 10.0.0.0/24.
    • Use an automatically allocated IP range.

  7. Click the Create Connection button.

What's next