Using Network Service Tiers

This page shows you how to specify a network tier for your workloads. Before manually setting a network tier, review the information in the Network Service Tiers overview.

Specifications

Network Service Tiers is only supported by eligible Google Cloud resources. Standard Tier is only available in select regions. Premium Tier is available in every Google Cloud region.

External IP address pools

Whether an external IP address is regional or global (and if regional, what its network tier is) determines the pool from which the IP address is chosen. IP addresses in one pool cannot be moved to another.

In Standard Tier, the pool of regional external IP addresses is unique to its respective region, not to the type of eligible resource. For example, virtual machine (VM) instances and Google Cloud load balancers that use Standard Tier (external HTTP(S) load balancers, SSL proxy load balancers, TCP proxy load balancers, and network load balancers) all use IP addresses from the chosen region's Standard Tier pool.

In Premium Tier, external HTTP(S) load balancers, SSL proxy load balancers, and TCP proxy load balancers use global external IP addresses, while network load balancers and VM instances use regional external IP addresses. In each region, the pool of regional external IP addresses for Premium Tier is separate from the pool of global external IP addresses.

Unassigned IP addresses

Unused regional external IP addresses in Standard Tier behave differently from unused IP addresses in Premium Tier.

Standard Tier IP addresses are automatically parked when they are not assigned to an eligible resource. When an IP address is parked, the load balancer answers certain requests to that IP address; for example, HTTP requests sent to a parked Standard Tier IP address are sent to a Google-hosted HTTP 404 (Not Found) web page. Traffic sent to parked Standard Tier IP addresses is not simply dropped. In addition, Standard Tier IP addresses that are being processed for assignment to a resource can behave as if they are parked.

A Standard Tier external IP address assigned to a VM instance might be moved to a parked state during live migration if the migration takes more than 20 minutes. A Premium Tier external IP address assigned to a VM drops traffic during long live migrations.

Setting the default network tier for a project

Follow these directions to define a default network tier for your project. This tier is used by newly-created eligible resources in the project unless you specify a tier for the resources themselves. Changing the default network tier for a project does not change the tier for any existing resources.

Console

  1. In the Google Cloud Console, go to the Network Service Tiers page.

    Go to the Network Service Tiers page

  2. Click Change tier.

  3. Select Premium or Standard, and then click Change.

gcloud

gcloud compute project-info update \
    --default-network-tier NETWORK_TIER

Replace NETWORK_TIER with PREMIUM or STANDARD. The default is PREMIUM.

API

POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/setNetworkTier
{
  "networkTier": "STANDARD"
}

Replace PROJECT_ID with your project ID.

The network tier that you specify for a resource always takes precedence over the default network tier that you define for your project. For example, if your project's default network tier is Premium, you can still create an instance or a load balancer in Standard Tier.

Tier configuration level (click to enlarge)
Tier configuration level (click to enlarge)

Creating static external IP addresses

When creating a static regional external IP address, you can specify either PREMIUM or STANDARD for its network tier.

To reserve a static regional external IP address that uses Standard Tier, do the following.

Console

  1. In the Cloud Console, go to the External IP addresses page.

    Go to the External IP addresses page

  2. Click Reserve static address.

  3. Under Type, select Regional, and then select a region where Standard Tier is supported.

  4. Under Network Service Tier, select Standard.

  5. Populate other fields as appropriate.

  6. Click Reserve.

gcloud

gcloud compute addresses create my-standard-tier-ip-address \
     --region REGION \
     --network-tier STANDARD

Replace REGION with the region where you are creating the regional IP address.

For other command-line flags, see gcloud compute addresses.

API

  POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/regions/REGION/addresses
{
  "name": "my-standard-tier-ip-address",
  "networkTier": "STANDARD"
}

Replace the following:

  • PROJECT_ID: your project ID
  • REGION: the region where you are creating the forwarding rule

Creating forwarding rules

When creating a new forwarding rule, you can specify the network tier; the possible values are PREMIUM (default) and STANDARD:

  • If you specify an external IP address with the --address flag, that IP address must be in the same tier that you specify for the forwarding rule.
  • If you create a forwarding rule and do not specify the --address flag, Google Cloud allocates an ephemeral IP address of the appropriate tier.

Standard Tier is only available for regional forwarding rules. Global forwarding rules always use Premium Tier.

A load balancer can use both Premium Tier and Standard Tier by having two different forwarding rules, one for each tier. This can be useful in scenarios where one application requires the lower latency that Premium Tier can provide, and another application, perhaps serving static content, works well with higher latency and can be in Standard Tier.

Console

To create a Standard Tier forwarding rule in the Cloud Console, you must create or update an existing load balancer. Load balancers that have backend services in more than one region cannot use Standard Tier. For instructions about choosing and creating a load balancer, see the load balancing documentation.

  1. In the Cloud Console, go to the Load balancing page.

    Go to the Load balancing page

  2. Click the name of an existing load balancer, and then click Edit .

  3. Click Frontend configuration.

  4. Click Add Frontend IP and port.

  5. Under Network Service Tier, click Standard.

  6. Populate other fields as appropriate.

  7. Click Done, and then click Update.

gcloud

gcloud compute forwarding-rules create my-standard-tier-regional-rule \
     --network-tier STANDARD \
     --address my-standard-tier-ip-address \
     --region REGION \
     --ports PORTS \
     --target-http-proxy=TARGET_HTTP_PROXY \
     | --target-https-proxy=TARGET_HTTPS_PROXY \
     | --target-ssl-proxy=TARGET_SSL_PROXY \
     | --target-tcp-proxy=TARGET_TCP_PROXY \
     | --target-pool=TARGET_POOL \
     | --target-instance=TARGET_INSTANCE

Replace the following:

  • REGION: the region where you are creating the forwarding rule
  • TARGET_HTTP_PROXY or TARGET_HTTPS_PROXY or TARGET_SSL_PROXY or TARGET_TCP_PROXY or TARGET_POOL or TARGET_INSTANCE: the appropriate target for the rule, depending on which target flag you specified

For other command-line flags, see gcloud compute forwarding-rules.

API

  POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/regions/REGION/forwardingRules
{
  "name": "my-standard-tier-regional-rule",
  "networkTier": "STANDARD",
    "IPAddress": "https://www.googleapis.com/compute/v1/projects/PROJECT_ID/regions/REGION/addresses/my-standard-tier-ip-address",
  "IPProtocol": "tcp",
    "target": "https://www.googleapis.com/compute/v1/projects/PROJECT_ID/regions/REGION/targetPools/TARGET_POOL"
}

Replace the following:

  • PROJECT_ID: your project ID
  • REGION: the region where you are creating the forwarding rule
  • TARGET_HTTP_PROXY or TARGET_HTTPS_PROXY or TARGET_SSL_PROXY or TARGET_TCP_PROXY or TARGET_POOL or TARGET_INSTANCE: the appropriate target for the rule, depending on which target flag you specified

VM instances

Creating VM instances

When creating an instance that connects directly to the internet, you can specify the network tier. The possible values are PREMIUM (default) and STANDARD. The network tier is only relevant if the instance communicates directly with the internet. If the instance can only reach the internet through a load balancer, you do not need to specify a network tier because the connection uses the tier specified for the load balancer forwarding rule.

If assigning a static external IP address by using a reserved IP address, the network tier of the IP address must match the network tier of the instance. If assigning an ephemeral external IP address, the network tier of the instance is used to assign an IP address from the corresponding pool.

Console

  1. In the Cloud Console, go to the VM instances page.

    Go to the VM instances page

  2. Click Create instance.

  3. Click Management, security, disks, networking, sole tenancy.

  4. Click the Networking tab.

  5. Under Network interfaces, on the default network interface, click Edit .

  6. Under Network Service Tier, select Standard.

  7. Populate other fields as appropriate.

  8. Click Create.

gcloud

gcloud compute instances create my-standard-tier-instance \
    --network-tier STANDARD

For other command-line flags, see gcloud compute instances.

API

  POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/zones/ZONE/instances
{
  "name": "my-standard-tier-instance",
  "networkInterfaces":[
   {
    "network": "global/networks/default",
    "name": "nic0",
    "accessConfigs": [
     {
     "name": "External NAT",
     "type":"ONE_TO_ONE_NAT",
     "networkTier":"STANDARD"
     }
    ]
   }
  ],
    "IPAddress": "https://www.googleapis.com/compute/v1/projects/PROJECT_ID/regions/REGION/addresses/my-standard-tier-ip-address",
  ... other parameters
}

Replace the following:

  • PROJECT_ID: your project ID
  • ZONE: the zone where you are creating the instance
  • REGION: the region of the resource

    For a list of other required and optional parameters, see REST Resource: instances.

Adding an access configuration to an instance

When creating an access configuration for an instance (that is, assigning an ephemeral or static external IP address to an instance), you can also specify the tier of the instance. If you specify an existing IP address, it must be the same tier as you are specifying for the instance. The possible values are PREMIUM and STANDARD.

gcloud

gcloud compute instances add-access-config INSTANCE_NAME \
    [--network-interface INTERFACE_NAME; default="nic0"] \
    [--access-config-name=ACCESS_CONFIG_NAME; default="external-nat" \
    [--address=IP_ADDRESS \
    [--network-tier PREMIUM | STANDARD; default=”PREMIUM”]]

Replace the following:

  • INSTANCE_NAME: the name of the instance
  • INTERFACE_NAME: the name of the interface; default is nic0 (the name of the default interface on the instance)
  • ACCESS_CONFIG_NAME: the name of the access configuration for the interface
  • IP_ADDRESS: the URL of the IP address resource, if you are specifying an IP address

API

  POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/zones/ZONE/instances/INSTANCE_NAME/addAccessConfig?networkInterface=nic0
{
  "name": INSTANCE_NAME,
  "networkTier": "STANDARD",
  ... other parameters
}

Replace the following:

  • PROJECT_ID: your project ID
  • ZONE: the zone of the instance
  • INSTANCE_NAME: the name of the instance

For a list of other required and optional parameters, see REST Resource: instances.

Updating the network tier of an instance

You can use update-access-config to change the tier of an instance. The possible values for the network tier are PREMIUM and STANDARD. If the instance has an IP address, or if you are assigning one, it must be the same tier as you are specifying with this command.

Console

  1. In the Cloud Console, go to the VM instances page.

    Go to the VM instances page

  2. Click the name of an instance.

  3. Click Edit .

  4. Under Network interfaces, on the default network interface, click Edit .

  5. Under Network Service Tier, select Standard.

  6. Click Save.

gcloud

gcloud compute instances update-access-config INSTANCE_NAME \
    --network-interface nic0 \
    --network-tier STANDARD

Replace INSTANCE_NAME with the name of the instance.

API

  POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/zones/ZONE/instances/INSTANCE_NAME/updateAccessConfig?networkInterface=nic0
{
  "networkTier": "STANDARD",
  ... other parameters
}

Replace the following:

  • PROJECT_ID: your project ID
  • ZONE: the zone of the instance
  • INSTANCE_NAME: the name of the instance

Creating an instance template that uses Standard Tier

When you configure the network tier during instance template creation, do the following.

Console

  1. In the Cloud Console, go to the Instance templates page.

    Go to the Instance templates page

  2. Click Create instance template.

  3. Click Management, security, disks, networking, sole tenancy.

  4. Click the Networking tab.

  5. Under Network Service Tier, select Standard.

  6. Populate other fields as appropriate.

  7. Click Create.

gcloud

gcloud compute instance-templates create my-standard-tier-instance-template \
    --network-tier STANDARD

For other command-line flags, see gcloud compute instance-templates.

API

  POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/zones/ZONE/instanceTemplates
{
  "name": "my-standard-tier-instance-template",
  "networkInterfaces[].accessConfigs[].networkTier": "STANDARD",
  ... other parameters
}

Replace the following:

  • PROJECT_ID: your project ID
  • ZONE: the zone of the instance template

For a list of other required and optional parameters, see REST Resource: instanceTemplates.