Using Network Service Tiers

Introduction

This page shows you how to specify a Network Service Tier for your workloads. Before manually setting a network tier, review the information in the Cloud Network Service Tiers Overview.

Specifications

Network Service Tiers are only supported by eligible GCP resources. Standard Tier is only available in select regions, but Premium Tier is available in every GCP region.

External IP pools

Whether an external IP address is global or regional, and, if regional, what its network tier is, determines the pool from which the address is chosen. IP addresses in one pool cannot be moved to another.

The pool of regional external Standard Tier IP addresses is unique to its respective region, not to the type of eligible resource. For example, VM instances, HTTP(S), SSL Proxy, TCP Proxy, and Network load balancers using Standard Tier all use IPs from the chosen region's Standard Tier pool.

In Premium Tier, HTTP(S), SSL Proxy, and TCP Proxy load balancers use global external IP addresses, while Network load balancers and VM instances use regional external IP addresses. Each region has its own pool of regional external IP addresses for Premium Tier which are separate from the pool of global external IP addresses.

Unassigned IP addresses

Unused regional external IP addresses in Standard Tier behave differently than unused Premium Tier IP addresses.

Standard Tier IP addresses are automatically "parked" when they are not assigned to an eligible resource. While parked, the IP address will answer certain requests; for example, HTTP requests sent to a parked Standard Tier IP address will be sent a Google hosted HTTP 404 (Not Found) web page. Traffic sent to parked Standard Tier IP addresses is not simply dropped. Further, Standard Tier IP addresses that are being processed for assignment to a resource can behave as if they are parked.

A Standard Tier external IP address assigned to a VM instance might be moved to a parked state during live migration if the migration takes a more than 20 minutes. A Premium Tier external IP address assigned to a VM simply drops traffic during very long live migrations.

Setting the default tier for a project

Follow these directions to define a default network tier for your project. This tier will be used by newly-created eligible resources in the project unless you specify a tier for the resources themselves. Changing the default teir for a project does not change the tier for any existing resources.

Console

  1. Go to the Network service tier page in the Google Cloud Platform Console.
    Go to the Network service tier page
  2. Click the Change tier button.
  3. Select Premium or Standard.
  4. Click Change.

gcloud

gcloud compute project-info update \
    --default-network-tier [NETWORK_TIER]

where [NETWORK_TIER] is PREMIUM or STANDARD. Default: PREMIUM

API

POST https://www.googleapis.com/compute/v1/projects/[PROJECT_ID]/setNetworkTier
{
  "networkTier": "STANDARD"
}

where you would replace [PROJECT_ID] with your project ID.

The network tier you specify for a resource always takes precedence over the default tier you define for your project. For example, if your project's default tier is Standard, you can still create a global external IP address (which must use Premium Tier) and a global forwarding rule for a HTTP(S) load balancer in Premium Tier.

Tier configuration level (click to enlarge)
Tier configuration level (click to enlarge)

Creating static external addresses

When creating a static regional external IP address, you can specify either PREMIUM or STANDARD for its network tier.

To reserve a static regional external IP address using Standard Tier, do the following:

Console

  1. Go to the External IP address page in the Google Cloud Platform Console.
    Go to the External IP address page
  2. Click Reserve static address.
  3. Under Type, select Regional, then select a region where Standard Tier is supported.
  4. Under Network service tier, select Standard.
  5. Populate other fields as appropriate.
  6. Click Reserve.

gcloud

gcloud compute addresses create my-standard-tier-ip-address \
     --region [REGION] \
     --network-tier STANDARD

where you would replace the following:

  • [REGION] with the region where you are creating the regional address.

For other command line flags, see the gcloud docs

API

POST https://www.googleapis.com/compute/v1/projects/[PROJECT_ID]/regions/[REGION]/addresses
{
  "name": "my-standard-tier-ip-address",
  "networkTier": "STANDARD"
}

where you would replace the following:

  • [PROJECT_ID] with your project ID.
  • [REGION] with the region where you are creating the forwarding rule.

Creating forwarding rules

When creating a new forwarding rule, you can specify the network tier. The possible values are PREMIUM (default) and STANDARD.

If you specify an external IP address with the --address flag, that address must be the same tier as you specify for the forwarding rule. If you create a forwarding rule and do not specify the --address flag, GCP will allocate an ephemeral IP address of the appropriate tier.

The Standard Tier is only available for regional forwarding rules. Global forwarding rules must use the Premium Tier.

A load balancer can use both the Premium Tier and the Standard Tier by having two different forwarding rules, one for each tier. You select the tier for a given connection by specifying the relevant IP address in your request.

Console

To create a Standard Tier forwarding rule in the console, you must create or update an existing load balancer. Load balancers that have backend services in more than one region cannot use the Standard Tier. See the load balancing documentation for instructions on choosing and creating a load balancer.

  1. Go to the Load balancing page in the Google Cloud Platform Console.
    Go to the Load balancing page
  2. Click the name of an existing load balancer, then click Edit.
  3. Click Frontend configuration.
  4. Click Add frontend IP and port.
  5. Under Network service tier, click Standard.
  6. Populate other fields as appropriate.
  7. Click Done.
  8. Click Update.

gcloud

gcloud compute forwarding-rules create my-standard-tier-regional-rule \
     --network-tier STANDARD \
     --address my-standard-tier-ip-address \
     --region [REGION] \
     --ports [PORTS] \
     --target-http-proxy=[TARGET_HTTP_PROXY] \
     | --target-https-proxy=[TARGET_HTTPS_PROXY] \
     | --target-ssl-proxy=[TARGET_SSL_PROXY] \
     | --target-tcp-proxy=[TARGET_TCP_PROXY] \
     | --target-pool=[TARGET_POOL] \
     | --target-instance=[TARGET_INSTANCE]

where you would replace the following:

  • [REGION] with the region where you are creating the forwarding rule.
  • [TARGET_HTTP_PROXY] or [TARGET_HTTPS_PROXY] or [TARGET_SSL_PROXY] or [TARGET_TCP_PROXY] or [TARGET_POOL] or [TARGET_INSTANCE] with the appropriate target for the rule, depending on which target flag you specified.

For other command line flags, see the gcloud docs

API

POST https://www.googleapis.com/compute/v1/projects/[PROJECT_ID]/regions/[REGION]/forwardingRules
{
  "name": "my-standard-tier-regional-rule",
  "networkTier": "STANDARD",
  "IPAddress": "https://www.googleapis.com/compute/v1/projects/[PROJECT_ID]/regions/[REGION]/addresses/my-standard-tier-ip-address",
  "IPProtocol": "tcp",
  "target": "https://www.googleapis.com/compute/v1/projects/[PROJECT_ID]/regions/[REGION]/targetPools/[TARGET_POOL]"
}

where you would replace the following:

  • [PROJECT_ID] with your project ID.
  • [REGION] with the region where you are creating the forwarding rule.
  • [TARGET_HTTP_PROXY] or [TARGET_HTTPS_PROXY] or [TARGET_SSL_PROXY] or [TARGET_TCP_PROXY] or [TARGET_POOL] or [TARGET_INSTANCE] with the appropriate target for the rule, depending on which target flag you specified.

Instances

Creating instances

When creating an instance that will connect directly to the Internet, you can specify the network tier. The possible values are PREMIUM (default) and STANDARD. The network tier is only relevant if the instance will communicate directly with the Internet. If the instance can only reach the Internet via a load balancer, you do not need to specify a network tier as the connection will use the tier specified for the load balancer forwarding rule.

If assigning a static external IP using a reserved address, the network tier of the address must match the network tier of the instance. If assigning an ephemeral external IP address, the network tier of the instance is used to assign an IP address from the corresponding pool.

Console

  1. Go to the VM instances page in the Google Cloud Platform Console.
    Go to the VM instances page
  2. Click Create instance.
  3. Click Management, security, disks, networking, sole tenancy.
  4. Click the Networking tab.
  5. Under Network interfaces, click the Edit pencil for the default network interface.
  6. Under Network service tier, select Standard.
  7. Populate other fields as appropriate.
  8. Click Create.

gcloud

gcloud compute instances create my-standard-tier-instance \
    --network-tier STANDARD

For other command line flags, see the gcloud docs

API

POST https://www.googleapis.com/compute/v1/projects/[PROJECT_ID]/zones/[ZONE]/instances
{
  "name": "my-standard-tier-instance",
  "networkInterfaces":[
   {
    "network": "global/networks/default",
    "name": "nic0",
    "accessConfigs": [
     {
     "name": "External NAT",
     "type":"ONE_TO_ONE_NAT",
     "networkTier":"STANDARD"
     }
    ]
   }
  ],
  "IPAddress": "https://www.googleapis.com/compute/v1/projects/[PROJECT_ID]/regions/[REGION]/addresses/my-standard-tier-ip-address",
  ... other parameters
}

where you would replace the following:

  • [PROJECT_ID] with your project ID.
  • [REGION] with the region of the resource.
  • [ZONE] with the zone where you are creating the instance.

See the API documentation for a list of other required and optional parameters.

Adding an access configuration to an instance

When creating an access configuration for an instance (i.e., assigning an ephemeral or static external IP to an instance), you can also specify the tier of the instance. If you specify an existing address, it must be the same tier as you are specifying for the instance. The possible values are PREMIUM and STANDARD.

gcloud

gcloud compute instances add-access-config [INSTANCE_NAME] \
    [--network-interface [INTERFACE_NAME]; default=”nic0” \
    [--access-config-name=[ACCESS_CONFIG_NAME]; default="external-nat"] \
    [--address=[ADDRESS]] \
    [--network-tier PREMIUM | STANDARD; default=”PREMIUM”]]

where you would replace the following:

  • [INSTANCE_NAME] with the name of the instance.
  • [INTERFACE_NAME] with the name of the interface. Default is nic0, the name of the default interface on the instance.
  • [ACCESS_CONFIG_NAME] with the name of the access config for the interface.
  • [ADDRESS] with the url of the IP address resource, if you are specifying an IP address.

API

POST https://www.googleapis.com/compute/v1/projects/[PROJECT_ID]/zones/[ZONE]/instances/[INSTANCE_NAME]/addAccessConfig?networkInterface=nic0
{
  "name": [INSTANCE_NAME],
  "networkTier": "STANDARD",
  ... other parameters
}
  • [INSTANCE_NAME] with the name of the instance.
  • [PROJECT_ID] with your project ID.
  • [ZONE] with the zone of the instance.

See the API documentation for a list of other required and optional parameters.

Creating an instance template that uses the Standard Tier

When configuring the network tier upon instance template creation, the following command can be used.

Console

  1. Go to the Instance templates page in the Google Cloud Platform Console.
    Go to the Instance templates page
  2. Click Create instance template.
  3. Click Management, security, disks, networking, sole tenancy.
  4. Click the Networking tab.
  5. Under Network service tier, select Standard.
  6. Populate other fields as appropriate.
  7. Click Create.

gcloud

gcloud compute instance-templates create my-standard-tier-instance-template \
    --network-tier STANDARD

For other command line flags, see the gcloud docs

API

POST https://www.googleapis.com/compute/v1/projects/[PROJECT_ID]/zones/[ZONE]/instanceTemplates
{
  "name": "my-standard-tier-instance-template",
  "networkInterfaces[].accessConfigs[].networkTier": "STANDARD",
  ... other parameters
}

See the API documentation for a list of other required and optional parameters.

What's next

  • See the Compute Engine Instances documentation for more information about instances.
  • See the Load Balancing documentation for more information about load balancers and forwarding rules.
  • See the Compute Engine Instance Templates documentation for more information about instance templates.
Was this page helpful? Let us know how we did:

Send feedback about...

Network Service Tiers Documentation