Dual-stack subnets let your Cloud Run services and jobs send IPv4 and internal IPv6 traffic to a VPC network with Direct VPC egress. You can change the stack type of an existing Cloud Run service or job or update an existing subnet to a dual-stack subnet.
Subnet types
VPC networks support the following Compute Engine subnet types:
IPv4 only (single-stack) subnets, with only IPv4 subnet ranges
IPv4 and IPv6 (dual-stack) subnets, with both IPv4 and internal IPv6 subnet ranges
Dual-stack limitations
Before you change the stack type on an existing Cloud Run service or job, consider the following limitations:
Cloud Run only supports subnets with the internal IPv6 access-type setting. Learn more about internal and external access types for IPv6 addresses.
Dual-stack support is only available with subnets in a custom-mode VPC network. To have the internal access type available for dual-stack subnets, the VPC network internal IPv6 range must be enabled. Set up or convert the VPC network to custom mode.
Compared to IPv4-only subnets, dual-stack subnets might experience elevated cold-start latencies, limiting how quickly your application can scale up.
NAT64 is not supported.
Add a dual-stack subnet on a service or job
Dual-stack subnets have both IPv4 and IPv6 address ranges. Cloud Run services and jobs can only send IPv6 traffic through a subnet that uses internal IPv6 addresses.
To add a dual-stack subnet with an internal IPv6 range on a Cloud Run service or job in the Google Cloud CLI, do the following:
To create a custom-mode network that supports dual-stack subnets, run the following command:
gcloud compute networks create NETWORK \ --subnet-mode=custom \ --enable-ula-internal-ipv6
Replace
NETWORKwith the name of the VPC network that will contain the new subnet.To convert to or update a custom-mode network so that it supports dual-stack subnets, run the following command:
gcloud compute networks update NETWORK \ --subnet-mode=custom \ --enable-ula-internal-ipv6
Replace
NETWORKwith the name of the VPC network that will contain the new subnet.To create a dual-stack subnet with an internal IPv6 range, run the
subnets createcommand using the dual-stack settings:gcloud compute networks subnets create SUBNET \ --network=NETWORK \ --range=PRIMARY_IPv4_RANGE \ --stack-type=IPV4_IPV6 \ --ipv6-access-type=INTERNAL \ --region=REGION
Replace the following:
SUBNET: a name for the new subnet.NETWORK: the name of the VPC network that will contain the new subnet.PRIMARY_IPv4_RANGE: the primary IPv4 range for the new subnet, in CIDR notation. For more information, see IPv4 subnet ranges.REGION: the Google Cloud region that the new subnet will be created in.
Deploy a Cloud Run service or execute a job on the dual-stack subnet that you created. The service or job is automatically provisioned with the subnet's stack type.
Change a subnet from single-stack to dual-stack
To add an internal IPv6 subnet range to an existing IPv4-only subnet in a custom-mode VPC network, see Change a subnet's stack type to dual-stack. Then, deploy the service or execute the job on the dual-stack subnet.
Change a subnet from dual-stack to single-stack
Changing the subnet's stack type from IPv4 and IPv6 (dual-stack) to IPv4 only (single-stack) is not supported because the Compute Engine IPv6 access type is internal. To change a service or job's dual-stack subnet to a single-stack subnet, deploy the service or execute the job on an IPv4-only (single-stack) subnet.
Verify the network and subnet
To check that your service or job is on the VPC network, run the following command:
gcloud run services describe SERVICE_NAME --region=REGION
Replace REGION with the Google Cloud region that the
new subnet was created in.
The following example output shows your network and subnet:
VPC Access:
Network: example-network
Subnet: example-subnet
Egress: private-ranges-only