This page gives an overview of networking for Memorystore for Memcached. For a list of common networking errors, see Networking error scenarios.
Private services access
Memorystore for Memcached uses private services access to create a network peering between your project and an internal network for some Google Cloud services like Cloud SQL, Memorystore for Redis, and Memorystore for Memcached.
This means that you must first establish a private services access connection for a network before you can create a Memcached instance using that network.
Using a private services access connection offers you the benefit of centralized, customizable IP address ranges for the aforementioned services. For instructions on selecting a specific IP range allocation, see Creating a Memcached instance that uses a specific IP address range.
On-premises access with private services access
You can connect from a client in an on-premises network if the on-premises network is connected to the VPC network to which your Memorystore for Memcached instance is connected. To permit connections from an on-premises network, do the following:
- Ensure your Shared VPC network is connected to your on-premises
network using a one of the following options
- Cloud VPN tunnel
- an interconnect attachment (VLAN) for Dedicated Interconnect or Partner Interconnect.
-
Identify the peering produced by the private services connection.
The peering used by Memorystore for Memcached is named
servicenetworking-googleapis-com
. -
Update the peering connection to exchange custom routes by setting both
--import-custom-routes
and--export-custom-routes
flag - Identify the allocated range used by the private services connection.
- Create a Cloud Router custom advertised route for the allocated range on the Cloud Routers managing BGP sessions for your Cloud VPN tunnels or Cloud Interconnect attachments (VLANs).
Communicating networking requirements
Usually the networking team and/or network admin for your organization is responsible for setting up a private services access connection. This allows the networking team to ensure that no IP addresses or ranges used for other Google Cloud resources overlap, which can cause connectivity issues.
We recommend that you contact the network\security team in your organization to set up the private service connection for you, especially if you encounter an error during the setup process. When reaching out to your networking team, send them the following information:
The Memorystore for Memcached instance cannot be created due to the following error: "Google private services access is not enabled. Enable privates service access and try again." Before an instance can be created, a private service access connection needs to be established for network <project name: network>. Please refer to the following Memorystore documentation links for more information on how to create this connection: * Networking. * Establishing a private services access connection. * Verifying a private services access connection.
IP addresses
Each Memorystore for Memcached instance has a discovery endpoint,
and each node in the instance has its own IP address. You can view these IP
addresses in the Google Cloud console, or by using gcloud memcache instances describe
.
IP addresses for nodes and for the discovery endpoint do not change.
Supported networks and client IP ranges
The following network or instances with RFC 1918 IP addresses are supported:
- VPC networks except legacy networks
- Shared VPC networks
- on-premise systems
- Compute Engine VM instances except for 172.17.0.0/16 because this IP range is reserved for internal components
- We recommend using a private services access range with a block size of at
least
/24
to support Memorystore for Memcached and other services. However, the minimum block size needed to support Memorystore for Memcached is/26
.