IP addresses

Resources such as VM instances and load balancers have IP addresses in Google Cloud. These IP addresses enable Google Cloud resources to communicate with other resources in Google Cloud, in on-premises networks, or on the public internet. This page describes the IP address categorization used by Google Cloud.

Google Cloud uses the following labels to describe different IP address types. For example, subnet IP address ranges must be internal IP addresses, which are addresses that are not publicly routed. An external IP address is a publicly routed IP address. You can assign an external IP address to the network interface of a Google Cloud VM. Other Google Cloud resources, such as Cloud VPN gateways, external protocol forwarding, and external load balancers, require external IP addresses.

External IP address

External IP addresses are publicly advertised, meaning they are reachable by any host on the internet. External IP addresses must be publicly routable IP addresses. Resources with external IP addresses can communicate with the public internet.

Google provides external IP addresses for resources, or you can bring your own IP (BYOIP) addresses to Google. While BYOIP addresses are static external IP addresses, and can be used with most resources that support static external IP addresses, there are some exceptions.

Internal IP address

Internal IP addresses are local to a VPC network, a VPC network connected using VPC Network Peering, or an on-premises network connected to a VPC network using Cloud VPN, Cloud Interconnect, or a Router appliance. Resources with internal IP addresses communicate with other resources as if they're all on the same private network.

Internal IP addresses can be private addresses or they can be privately used public IP addresses. For a list of valid internal IP addresses, see Valid ranges. For details about how internal IP addresses are advertised when you connect your VPC network to another network, see Route advertisements and internal IP addresses.

Private IP address

Private IP addresses are addresses that cannot be routed on the internet. In Google Cloud, private IP addresses can only be used as internal IP addresses within a VPC network or an on-premises network connected to a VPC network. For a list of ranges, see the entries for Private IP address ranges in the valid internal IP address ranges table.

Public IP address

Public IP addresses are internet routable. In Google Cloud, external IP addresses are always public IP addresses. You can also use public IP addresses as internal IP addresses when you assign a public range to the primary or secondary IP address range of a subnet in your VPC network.

Regional and global IP addresses

When you list or describe IP addresses in your project, Google Cloud labels addresses as global or regional, which indicates how a particular address is being used. When you associate an address with a regional resource, such as a VM, Google Cloud labels the address as regional. Regions are Google Cloud regions, such as us-east4 or europe-west2.

For more information about global and regional resources, see Global, regional, and zonal resources in the Compute Engine documentation.


The following table describes examples of different regional and global IP addresses.

IP address type Definition Purpose
Regional internal addresses VPC subnet IPv4 ranges Used by VM instances, including GKE nodes, Pods, and Services; also used by internal protocol forwarding, Internal TCP/UDP Load Balancing, Internal HTTP(S) Load Balancing, Cloud DNS inbound forwarder entry points, and Private Service Connect endpoints except for the endpoints for Google APIs.
Global internal addresses For more information, refer to the documentation for Private Service Connect endpoints for Google APIs or private services access.
Regional external addresses Internet accessible external IPv4 addresses that are usable by regional resources Each region has its own set of external IP addresses for use by zonal or regional resources therein. These addresses can be used by the following scenarios:
  • Compute Engine external addresses
  • External protocol forwarding
  • Network Load Balancing in either Standard or Premium Tier
  • TCP Proxy, SSL Proxy, and external HTTP(S) load balancing in Standard Tier
  • External addresses for Cloud NAT
  • External addresses for Cloud VPN
Global external addresses Internet accessible anycast external IPv4 or IPv6 addresses for global load balancing Global external addresses can be used by TCP Proxy, SSL Proxy, and external HTTP(S) load balancing in Premium Tier.

Ephemeral and static IP addresses

Internal and external IP addresses can be ephemeral or static. An ephemeral IP address is an IP address that doesn't persist beyond the life of the resource. For example, when you create an instance or forwarding rule without specifying an IP address, Google Cloud automatically assigns the resource an ephemeral IP address. In general, the ephemeral IP address is released if you stop or delete the resource.

Reserving a static IP address assigns the address to your project until you explicitly release it. This is useful if you are dependent on a specific IP address for your service and need to prevent another resource from being able to use the address. Static addresses are useful if you need to move an IP address from one Google Cloud resource to another.

Some services have exceptions to the previous definitions:

  • For HA VPN, you cannot manually assign a static IP address to the interface of an HA VPN gateway. Cloud VPN creates two regional external IP addresses for you when you create the gateway, and those addresses remain assigned to the gateway until you delete it.

  • For Cloud NAT, when you configure Cloud NAT to automatically allocate external IP addresses, those addresses appear as static; however, they are deleted if you delete the Cloud NAT gateway or if you change the Cloud NAT gateway to use manual addresses.

What's next