Internal ranges overview

Internal ranges let you allocate blocks of internal IP addresses and specify how those addresses can be used. You can use internal ranges to help you manage Virtual Private Cloud (VPC) network topology as networks grow more complex with features like VPC Network Peering and Shared VPC.

Specifications

  • An internal range resource represents an internal CIDR block that is allocated from within a VPC network.
  • When you create an internal range, you configure the following:
    • If the range can be used by Google Cloud resources in its parent VPC network.
    • If the range is reserved for external usage.
    • How the range can be used if VPC Network Peering is configured.
  • You can't create an internal range that overlaps with IP addresses that are used by Google Cloud resources in the range's VPC network.

  • You can't create Google Cloud resources that use IP addresses from an existing internal range unless you explicitly associate the resource with the internal range.

    For example, consider an internal range for 10.0.0.0/24. If you try to create a subnet in the internal range's VPC network that uses the range 10.0.0.0/25, the subnet creation will fail, unless you associate the subnet with the internal range.

Usage types

The usage type of an internal range resource specifies whether the allocated CIDR block can be associated with other Google Cloud resources in its parent VPC network. The usage type for an internal range can be one of the following:

  • FOR_VPC: the range can be associated with other Google Cloud resources in its parent VPC network. This is the default setting.

  • EXTERNAL_TO_VPC: the range cannot be associated with other Google Cloud resources in its parent VPC network.

Peering types

The peering type of an internal range specifies the range's behavior with respect to VPC Network Peering. The peering type can be one of the following:

  • FOR_SELF: the internal range can only be used in the VPC network where it was created. The range is accessible from its associated VPC network and peers of that VPC network. Peers of peer networks, however, cannot use this range. This is the default setting.

  • FOR_PEER: the internal range can only be associated with resources in peer networks. No resource within the range's parent VPC network can be associated with the range, but resources in peer networks can.

  • NOT_SHARED: the internal range can only be associated with resources in the network where the range was created, without sharing the range with its peers. A peered network can't use the internal range in a way that is visible to the parent VPC network. A peered network can use the same range if the peering type is NOT_SHARED in both networks.

Quota

There is a limit to how many internal range resources you can create in a single project. For more information, see the per-project quotas in the VPC documentation.

What's next