Resources such as VM instances and load balancers have IP addresses in Google Cloud. These IP addresses enable Google Cloud resources to communicate with other resources in Google Cloud, in on-premises networks, or on the public internet. This page describes the IP address categorization used by Google Cloud.
Google Cloud uses the following labels to describe different IP address types. For example, subnet IP address ranges must be internal IP addresses, which are addresses that are not publicly routed. An external IP address is a publicly routed IP address. You can assign an external IP address to the network interface of a Google Cloud VM. Other Google Cloud resources, such as Cloud VPN gateways, external protocol forwarding, and external load balancers, require external IP addresses.
- External IP address
- External IP addresses are publicly advertised, meaning they are reachable by any host on the internet. External IP addresses must be publicly routable IP addresses. Resources with external IP addresses can communicate with the public internet.
- Internal IP address
- Internal IP addresses are not publicly advertised. They are used only within a network. Every VPC network or on-premises network has at least one internal IP address range. Resources with internal IP addresses communicate with other resources as if they're all on the same private network. Internal IP addresses can be private addresses, such as RFC 1918 addresses, or they can be public addresses that have been allocated to be used internally only. For a list of valid internal IP addresses, see Valid ranges.
- Private IP address
- Private IP addresses are addresses that cannot be routed on the internet. In Google Cloud, private IP addresses can only be used as internal IP addresses within a VPC network or an on-premises network connected to a VPC network.
- Public IP address
- Public IP addresses are internet routable. In Google Cloud, external IP addresses are always public IP addresses. You can also use public IP addresses as internal IP addresses when you assign a public range to the primary or secondary IP address range of a subnet in your VPC network.
Regional and global IP addresses
When you list or describe IP addresses in your project, Google Cloud
labels addresses as global or regional, which indicates how a particular address
is being used. When you associate an address with a regional resource, such as
a VM, Google Cloud labels the address as regional. Regions are
Google Cloud regions, such as
For more information about global and regional resources, see Global, regional, and zonal resources in the Compute Engine documentation.
The following table describes examples of different regional and global IP addresses.
|IP address type||Definition||Purpose|
|Regional internal addresses||VPC subnet ranges||Used by VM instances, including GKE nodes, Pods, and Services; also used by internal protocol forwarding, Internal TCP/UDP Load Balancing, and Internal HTTP(S) Load Balancing|
|Global internal addresses||Allocated ranges for private services access||For more information about private services access, see private services access.|
|Regional external addresses||Internet accessible external IPv4 addresses that are usable by regional resources||Each region has its own set of external IP addresses for use by zonal or
regional resources therein. These addresses can be used by the
|Global external addresses||Internet accessible anycast external IPv4 or IPv6 addresses for global load balancing||Global external addresses can be used by TCP Proxy, SSL Proxy, and external HTTP(S) load balancing in Premium Tier.|
Ephemeral and static IP addresses
Internal and external IP addresses can be ephemeral or static. An ephemeral IP address is an IP address that doesn't persist beyond the life of the resource. For example, when you create an instance or forwarding rule without specifying an IP address, Google Cloud automatically assigns the resource an ephemeral IP address. In general, the ephemeral IP address is released if you stop or delete the resource.
Reserving a static IP address assigns the address to your project until you explicitly release it. This is useful if you are dependent on a specific IP address for your service and need to prevent another resource from being able to use the address. Static addresses are useful if you need to move an IP address from one Google Cloud resource to another.
Some services have exceptions to the previous definitions:
For HA VPN, you cannot manually assign a static IP address to the interface of an HA VPN gateway. Cloud VPN creates two regional external IP addresses for you when you create the gateway, and those addresses remain assigned to the gateway until you delete it.
For Cloud NAT, when you configure Cloud NAT to automatically allocate external IP addresses, those addresses appear as static; however, they are deleted if you delete the Cloud NAT gateway or if you change the Cloud NAT gateway to use manual addresses.
- For more information about reserving static IP addresses, see Reserving a static external IP address or Reserving a static internal IP address.