IP addresses

Resources such as VM instances and load balancers have IP addresses in Google Cloud. These IP addresses enable Google Cloud resources to communicate with other resources in Google Cloud, in on-premises networks, or on the public internet. This page describes the IP address categorization used by Google Cloud.

Google Cloud uses the following labels to describe different IP address types. For example, subnet IP address ranges must be internal IP addresses, which are addresses that are not publicly routed. An external IP address is a publicly routed IP address. You can assign an external IP address to the network interface of a Google Cloud VM. Other Google Cloud resources, such as Cloud VPN gateways, external protocol forwarding, and external load balancers, require external IP addresses.

External IP address
External IP addresses are publicly advertised. Resources with external IP addresses can communicate with the public internet. All external IP addresses must be public addresses. However, you can use certain public IP addresses as internal addresses as well.
Internal IP address
Internal IP addresses are not publicly advertised. They are used only within a network. Every VPC network or on-premises network has at least one internal IP address range. Resources with internal IP addresses communicate with other resources as if they're all on the same private network. Internal IP addresses can be private addresses or privately reused public IP addresses.
Private IP address
Private IP addresses are internal and cannot be internet routable, such as RFC 1918 addresses. All private IP addresses are internal IP addresses; however, not all internal IP addresses are private IP addresses.
Public IP address
Public IP addresses are internet routable. In Google Cloud, external IP addresses are always public IP addresses. However, public IP addresses are not always external; you can reuse certain public IP addresses as internal IP addresses.

Regional and global IP addresses

When you list or describe IP addresses in your project, Google Cloud labels addresses as global or regional, which indicates how a particular address is being used. When you associate an address with a regional resource, such as a VM, Google Cloud labels the address as regional. Regions are Google Cloud regions, such as us-east4 or europe-west2.

For more information about global and regional resources, see Global, regional, and zonal resources in the Compute Engine documentation.

Examples

The following table describes examples of different regional and global IP addresses.

IP address type Definition Purpose
Regional internal addresses VPC subnet ranges Used by VM instances, including GKE nodes, Pods, and Services; also used by internal protocol forwarding, Internal TCP/UDP Load Balancing, and Internal HTTP(S) Load Balancing
Global internal addresses Allocated ranges for private services access For more information about private services access, see Private access options.
Regional external addresses Internet accessible external IPv4 addresses that are usable by regional resources Each region has its own set of external IP addresses for use by zonal or regional resources therein. These addresses can be used by the following scenarios:
  • Compute Engine external addresses
  • External protocol forwarding
  • Network Load Balancing in either Standard or Premium Tier
  • TCP Proxy, SSL Proxy, and external HTTP(S) load balancing in Standard Tier
  • External addresses for Cloud NAT
  • External addresses for Cloud VPN
Global external addresses Internet accessible anycast external IPv4 or IPv6 addresses for global load balancing Global external addresses can be used by TCP Proxy, SSL Proxy, and external HTTP(S) load balancing in Premium Tier.

Ephemeral and static IP addresses

Internal and external IP addresses can be ephemeral or static. An ephemeral IP address is an IP address that doesn't persist beyond the life of the resource. For example, when you create an instance or forwarding rule without specifying an IP address, Google Cloud automatically assigns the resource an ephemeral IP address. In general, the ephemeral IP address is released if you stop or delete the resource.

Reserving a static IP address assigns the address to your project until you explicitly release it. This is useful if you are dependent on a specific IP address for your service and need to prevent another resource from being able to use the address. Static addresses are useful if you need to move an IP address from one Google Cloud resource to another.

Some services have exceptions to the previous definitions:

  • For HA VPN, you cannot manually assign a static IP address to the interface of an HA VPN gateway. Cloud VPN creates two regional external IP addresses for you when you create the gateway, and those addresses remain assigned to the gateway until you delete it.

  • For Cloud NAT, when you configure Cloud NAT to automatically allocate external IP addresses, those addresses appear as static; however, they are deleted if you delete the Cloud NAT gateway or if you change the Cloud NAT gateway to use manual addresses.

What's next