IP addresses
Resources such as VM instances and load balancers have IP addresses in Google Cloud. These IP addresses let Google Cloud resources communicate with other resources in Google Cloud, in on-premises networks, or on the public internet. This page describes the IP address categorization used by Google Cloud.
Google Cloud uses the following labels to describe different IP address types. For example, an internal IP address is not publicly routed. An external IP address is a publicly routed IP address. You can assign an external IP address to the network interface of a Google Cloud VM.
- External IP address
External IP addresses are publicly advertised, meaning they are reachable by any host on the internet. External IP addresses must be publicly routable IP addresses. Resources with external IP addresses can communicate with the public internet.
External IPv4 addresses for resources can be provided by Google, or you can bring your own IP (BYOIP) addresses to Google Cloud. While BYOIP addresses are static external IPv4 addresses, and can be used with most resources that support static external IPv4 addresses, there are some exceptions.
External IPv6 addresses are provided by Google. For more information, see IPv6 subnet ranges.
- Internal IP address
Internal IP addresses cannot be reached from the internet and are not publicly routable.
Internal IP addresses are local to a VPC network, a VPC network connected by using VPC Network Peering, or an on-premises network connected to a VPC network by using Cloud VPN, Cloud Interconnect, or a Router appliance. Resources with internal IP addresses communicate with other resources as if they're all on the same private network.
Internal IPv4 addresses can be private IPv4 addresses, or they can be privately used public IPv4 addresses. For a list of valid internal IPv4 addresses, see Valid IPv4 ranges.
Internal IPv6 addresses are unique within Google Cloud. For more information, see IPv6 subnet ranges.
For details about how internal IP addresses are advertised when you connect your VPC network to another network, see Route advertisements and internal IP addresses.
- Private IP address
Private IP addresses are addresses that cannot be routed on the internet.
In Google Cloud, private IP addresses can only be used as internal IP addresses within a VPC network or an on-premises network connected to a VPC network.
For a list of private IPv4 ranges, see the entries for Private IP address ranges in the valid internal IPv4 address ranges table.
Unique local addresses (ULAs) are private IPv6 addresses. ULAs are used for internal IPv6 subnet ranges.
- Public IP address
Public IP addresses are internet routable. In Google Cloud, external IPv4 and IPv6 addresses are always public IP addresses.
You can also use public IPv4 addresses as internal addresses when you configure the primary or secondary IPv4 address range of a subnet in your VPC network. These addresses are referred to as privately used public IP addresses.
Regional and global IP addresses
When you list or describe IP addresses in your project, Google Cloud
labels addresses as global or regional, which indicates how a particular address
is being used. When you associate an address with a regional resource, such as
a VM, Google Cloud labels the address as regional. Regions are
Google Cloud regions, such as us-east4
or europe-west2
.
For more information about global and regional resources, see Global, regional, and zonal resources in the Compute Engine documentation.
Summary of IP address types
The following tables describes examples of different regional and global IP addresses.
Internal IP addresses
Internal IP addresses are always Premium Tier.
Classification | Definition and Tier | Purpose |
---|---|---|
Regional internal IPv4 address | A valid IPv4 range used as a subnet primary IPv4 range or subnet secondary IPv4 range | Addresses from a subnet primary IPv4 or secondary IPv4 range can be used as described in IPv4 subnet ranges. |
Regional internal IPv6 address | An internal IPv6 range automatically allocated for a subnet IPv6 range | Regional internal IPv6 addresses can be used as described in Internal IPv6 specifications. |
Global internal IPv4 addresses | Private Service Connect endpoints for Google APIs Allocated ranges for private services access |
For more information, see Access Google APIs through endpoints or private services access. |
External IP addresses
Some External IP addresses can be Standard Tier as well as Premium Tier.
Classification | Definition and Tier | Purpose |
---|---|---|
Regional external IPv4 address | Each region has its own set of external IP addresses for use by zonal or regional resources. Regional external IPv4 addresses can be provided by Google, or you can bring your own IPv4 address ranges to Google Cloud |
Premium Tier regional external IPv4 addresses can be used by:
Standard Tier regional external IPv4 addresses can be used by:
Regional external IPv4 addresses are also used by:
|
Regional external IPv6 address Exclusive to Premium tier |
An external IPv6 range automatically allocated for an IPv6 subnet range | Regional external IPv6 addresses can be used as described in External IPv6 specifications. |
Global external IPv4 addresses Exclusive to Premium tier |
Internet accessible anycast external IPv4 addresses for global load balancing. Global external IPv4 addresses can be provided by Google, or you can bring your own IPv4 address ranges to Google Cloud |
Global external IPv4 addresses always use Premium Tier. They can be used by:
|
Global external IPv6 addresses Exclusive to Premium tier |
Internet accessible anycast external IPv6 addresses for global load balancing. | Global external IPv6 addresses always use Premium Tier. They can be used by:
|
Ephemeral and static IP addresses
An ephemeral IP address is an IP address that doesn't persist beyond the life of the resource. For example, when you create an instance or forwarding rule without specifying an IP address, Google Cloud automatically assigns the resource an ephemeral IP address. In general, the ephemeral IP address is released if you stop or delete the resource.
Internal and external IP addresses can be ephemeral or static.
Reserving a static IP address assigns the address to your project until you explicitly release it. This is useful if you are dependent on a specific IP address for your service and need to prevent another resource from being able to use the address. Static addresses are useful if you need to move an IP address from one Google Cloud resource to another.
Some services have exceptions to the previous definitions:
For HA VPN, you cannot manually assign a static IPv4 address to the interface of an HA VPN gateway. Cloud VPN creates two regional external IPv4 addresses for you when you create the gateway, and those addresses remain assigned to the gateway until you delete it.
For Cloud NAT, when you configure Cloud NAT to automatically allocate external IPv4 addresses, those addresses appear as static; however, they are deleted if you delete the Cloud NAT gateway or if you change the Cloud NAT gateway to use manual addresses.
What's next
- For more information about reserving static IP addresses, see Reserve a static external IP address or Reserve a static internal IP address.