This page explains Cloud Memorystore for Redis network settings.
Basic network settings
To connect to a Cloud Memorystore for Redis instance, clients must be in the same Google Cloud project, region, and VPC network. For example, if you want to connect to a Redis instance with a Compute Engine instance, create the Compute Engine instance in the same project and region as the Redis Instance. Resources created in the same project automatically share a default VPC network, but you can specify a different VPC network to connect your resources, if you want.
Limited and unsupported networks
If you want to connect to your Redis instance from a resource in another project using Shared VPC, your Redis instance must be deployed in the Shared VPC host project; additionally, the resource and your Redis instance must either be on the same Shared VPC network or the networks must be peered. Connecting to a Redis instance that is deployed on a shared VPC network in a service project is not supported.
VPNs and legacy networks are not supported on Cloud Memorystore for Redis instances.
Compute Engine VM instances that have an internal IP address within the range
172.17.0.0/16 cannot access Cloud Memorystore for Redis instances, because that range
is reserved for an internal component.
The first time you create a Cloud Memorystore for Redis instance, a peered network
is created to enable network connectivity between clients in your project and
the Redis instance. The peered network name for your Redis instance will be
redis-peer-[PROJECT_NUMBER], and appears in the VPC Network Peering page.
Don't delete the peered network, because this will cause you to lose connectivity with your Redis instances. If you accidentally delete the peered network, the easiest way to recreate it is to create another Redis instance. Cloud Memorystore for Redis will recognize that there is no connectivity between your project and the new instance, and will re-create the peered network. You can delete the new Redis instance after that if you don't need it for anything else.
IP address range
Each Cloud Memorystore for Redis instance must have an IP address range associated
with it. The IP address range must be from within the internal IP address ranges
192.168.0.0/16) and have a block size of 29.
Examples of valid Cloud Memorystore for Redis instance IP address ranges are
You can assign the IP address range if there's a specific one you want to use, otherwise Cloud Memorystore for Redis picks a random range to use from within the internal IP address ranges. If the range is already in use, the service tries again until it finds one that is free. If you assign an IP address range, make sure it doesn't overlap with any existing subnets in the VPC network that the Redis instance uses, or with the IP address ranges assigned to any other existing Redis instances in that network.
Make sure not to create network firewall rules that block the IP range of your Redis instance.
Cloud Memorystore for Redis service account
- project-number is the project number of the project in which your Cloud Memorystore for Redis instance resides.
If the service account is deleted, you cannot create any new instances until you recreate the service account for your project.
To recreate the service account, run the following command replacing the variables with the appropriate values:
gcloud projects add-iam-policy-binding project-id --member='serviceAccount:email@example.com' --role='roles/redis.serviceAgent'
Enable VPC-native/IP aliasing for Kubernetes Clusters
You cannot connect to a Cloud Memorystore for Redis instance from a Kubernetes cluster without VPC-native/IP aliasing enabled. It is easiest to enable VPC-native/IP aliasing during cluster creation. When creating your cluster, select VPC Native under advanced options. For more details, see Creating VPC-native clusters using Alias IPs.