Establishing a private services access connection

This page explains how to establish a private services access connection for a network. Establishing a private services access connection for a network is a prerequisite for creating a Redis instance with the private services access connection mode designated for that network. For more details, see Networking.

Private services access setup instructions

Follow these steps to setup a private services access connection for your network:

Gcloud

  1. Enable the Service Networking API:
    Enable the Service Networking API

    If you are using Shared VPC, enable the API in both the Service Project and the Host Project.

  2. Check to see if a private service access connection has been established for your network.

    • If the connection has already been established, see Creating Redis instances for instructions on how to create a Redis instance.
  3. Open a terminal window.

  4. Set your default project by running the following command, replacing variables with appropriate values:

    gcloud config set core/project project-id
    
  5. Reserve an IP address range in your network by running the following command:

    gcloud beta compute addresses create reserved-range-name --global --prefix-length=24 --description=description --network=vpc-network --purpose=vpc_peering
    
    • In the command above, the CIDR prefix length is set to 24. This value must be 24 or less. For example, 23 is an acceptable prefix. Note that smaller CIDR prefixes create larger IP address ranges.

    • For information on managing private services access, see Configuring private services access.

  6. Create a private connection between your network and the private services access network by running the following command:

    gcloud services vpc-peerings connect --service=servicenetworking.googleapis.com --ranges=reserved-range-name --network=vpc-network --project=project-id
    

Console: VPC network

  1. Enable the Service Networking API:
    Enable the Service Networking API

    If you are using Shared VPC, enable the API in both the Service Project and the Host Project.

  2. Check to see if a private service access connection has been established for your network.

    • If the connection has already been established, see Creating Redis instances for instructions on how to create a Redis instance.
  3. Go to the VPC Networks page in the Google Cloud Console.
    Go to the VPC networks page

  4. Click the name of your network. Usually it is named "default".

  5. Click Private service connection.

  6. Click Allocate IP ranges for services.

  7. Click Allocate IP range.

    • Enter a name for your range, such as "private-services-access-range".
    • Enter a description for your range, such as "Range of IP addresses to be used for the Private services access connection".
    • Select Automatic if you want Google to choose your range for you.
      1. Enter a CIDR prefix of /24 or less. For example, /23 is an acceptable prefix. Note that smaller CIDR prefixes create larger IP address ranges.
    • Select Custom if you want to choose the range yourself.
      1. Enter your desired range with a CIDR prefix of /24 or less.
    • Click Allocate.
  8. Click Private connections to services.

  9. Click the Create connection button.

  10. Under the Assigned allocation dropdown, select the range you just created in the steps above.

  11. Click Ok.

  12. Click Connect.

  13. Refresh the page to see your new connection listed under the Private connections to services tab.

Console: Redis

  1. Enable the Service Networking API:
    Enable the Service Networking API

    If you are using Shared VPC, enable the API in both the Service Project and the Host Project.

  2. Follow the steps at Creating a Redis instance until you see the Advanced network options expander, and open it.

  3. Click the Set Up Connection button in the Private service connection panel. Doing so opens a slide-out panel for setting up private services access.

  4. Allocate an IP range using one of the following methods:

    • Select an existing IP range.
    • Allocate a new IP range.
      • Enter a name for your range.
      • Enter a valid CIDR range with a block size of /24. For example: 10.0.0.0/24.
    • Use an automatically allocated IP range.
  5. Click the Create Connection button.