IPv6 support in Google Cloud

This document describes which services in Google Cloud include support for IPv6.

IPv6 has a much larger address space than IPv4, with 128 bits per address. IPv6 has many more addresses available than IPv4 does, which helps mitigate the growing shortage of IPv4 addresses.

IPv6 support is widely available in Google Cloud through dual-stack (IPv4 and IPv6) compute and networking services. You can deploy dual-stack subnets, which lets you deploy IPv6 workloads.

You can control IPv6 configurations by using organization policy constraints as described in the organization policy constraints section of the VPC networks overview.

Core compute and networking services

The following table summarizes dual-stack IPv6 support in core compute and networking services in Google Cloud.

For more information about a given service, see the corresponding documentation.

Service Dual-stack IPv6 support Documentation
Compute
Compute Engine instances
Compute Engine instance templates
Compute Engine managed instance groups (MIGs)*
Google Kubernetes Engine (GKE) nodes and pods
Networking
Subnets
VPC Network Peering
Static routes
Policy-based routes
(Preview)
Static IP address reservation
Cloud Router
Dedicated Interconnect
Partner Interconnect
HA VPN
Classic VPN
Cloud DNS
Cloud Next Generation Firewall
Classic Application Load Balancer (IPv6 termination)
Global external Application Load Balancer
Regional external Application Load Balancer (IPv6 backends)
Regional internal Application Load Balancer (IPv6 backends)
Cross-region internal Application Load Balancer (IPv6 backends)
Classic proxy Network Load Balancer (IPv6 termination)
Global external proxy Network Load Balancer
Regional external proxy Network Load Balancer (IPv6 backends)
Regional internal proxy Network Load Balancer (IPv6 backends)
Cross-region internal proxy Network Load Balancer (IPv6 backends)
External passthrough Network Load Balancer
Internal passthrough Network Load Balancer
Private Service Connect published services
Private Service Connect endpoints for published services
Private Service Connect interfaces
Private Service Connect backends
* For MIGs, the autohealing endpoint supports only IPv4.
For static routes, some next hop types don't support IPv6. For more information, see Next hops and features.
If labeled with IPv6 termination, Cloud Load Balancing terminates the IPv6 connection, and backends with IPv6 addresses are not supported. If labeled with IPv6 backends, backends with IPv6 addresses are supported, but IPv6 termination is not supported.

Application services

The following table summarizes support for IPv6 in commonly used Google APIs and services.

For services that support private IPv6 access, private access from IPv6 clients is supported by Private Google Access.

For more information, see Additional details about application services and IPv6.

Service Public IPv6 access Private IPv6 access
AlloyDB for PostgreSQL API
AlloyDB for PostgreSQL instances*
Bigtable
BigQuery
Dataflow
Dataproc
Cloud Deploy
Firestore
Cloud Identity
Cloud Logging
Memorystore for Memcached API
Memorystore for Memcached instances*
Memorystore for Redis API
Memorystore for Redis instances*
Cloud Monitoring
Pub/Sub
Spanner
Cloud SQL Admin API for MySQL
Cloud SQL for MySQL instances*
Cloud SQL Admin API for PostgreSQL
Cloud SQL for PostgreSQL instances*
Cloud SQL Admin API for SQL Server
Cloud SQL for SQL Server instances*
Cloud Storage
Cloud Tasks
Cloud Trace
Workflows
Container Registry / Artifact Registry
Secret Manager
* Some products have an administrative API that runs on Google's production infrastructure and can be accessed by IPv6 clients, but the API creates VPC-hosted resources that can't be accessed by IPv6 clients. For example, Memorystore for Memcached has an administrative API at memcache.googleapis.com. Using this API lets you perform some administrative tasks for your Memorystore for Memcached instances, but you must use private services access to access the Memorystore for Memcached instances.

Additional details about application services and IPv6

There are two varieties of Google APIs and services:

  • Services that run on Google's production infrastructure, including all *.googleapis.com service endpoints.
  • Services that run in VPC networks that are run by Google (also known as VPC-hosted services), such as Cloud SQL and Filestore.

Most services that run on Google's production infrastructure support access by clients with IPv6 addresses:

  • Public access from IPv6 clients is supported.
  • Private access from IPv6 clients is supported by Private Google Access. For more information about Private Google Access and supported services, see Domain options. You can't use Private Service Connect endpoints for global Google APIs or regional Google APIs to access services from IPV6 clients.

For more information about services that run on Google's infrastructure, see the Google APIs Explorer.

For VPC-hosted services, support for access by IPv6 clients depends on the private access option that you use:

  • You can create IPv6 Private Service Connect endpoints to let clients with IPv6 addresses access published services.
  • Private services access doesn't support access by clients that have IPv6 addresses. For more information, see the Supported services in the private services access documentation.