VPC release notes

This page contains release notes for features and updates to Virtual Private Cloud (VPC) networking in Google Cloud.

You can see the latest product updates for all of Google Cloud on the Google Cloud page, browse and filter all release notes in the Google Cloud console, or programmatically access release notes in BigQuery.

To get the latest product updates delivered to you, add the URL of this page to your feed reader, or add the feed URL directly.

November 18, 2024

For auto mode VPC networks, added a new subnet 10.224.0.0/20 for the Mexico northamerica-south1 region. For more information, see Global Locations and Auto mode IP ranges.

October 31, 2024

Support for IPv6 static routes with a next hop internal passthrough Network Load Balancer (next-hop-ilb) is available in Preview.

September 27, 2024

Private Service Connect supports IPv6 in General Availability for the following supported configurations:

For more information, see IP version translation.

September 13, 2024

You can use Private Service Connect endpoints to access the regional service endpoints of supported Google APIs. This feature is available in General Availability.

August 23, 2024

VPC Flow Logs can sample traffic that is sent through VLAN attachments for Cloud Interconnect and Cloud VPN tunnels. This feature is available in Preview. For more information, see VPC Flow Logs.

The live migration feature for bring your own IP v1 has been removed. For new configurations, we recommend that you use bring your own IP v2, which lets you control when prefixes are advertised.

August 12, 2024

VPC Flow Logs includes the following metadata annotations in General Availability:

  • src_gateway and dest_gateway
  • src_google_service and dest_google_service
  • load_balancing
  • network_service
  • psc

For more information, see Record Format.

July 24, 2024

The following producer load balancers now support all Private Service Connect monitoring metrics:

  • Regional internal Application Load Balancer
  • Regional internal proxy Network Load Balancer

Predefined dashboards for monitoring Private Service Connect connections have been enhanced:

July 22, 2024

In the Google Cloud Console, the Effective routes tab on the Routes page shows only routes that are effective. You can optionally show suppressed routes by using the Show suppressed routes toggle. You can also view the reason why a given route is suppressed. For more information, see List routes for a VPC network.

July 17, 2024

Private Service Connect backends can be used to reach regional endpoints for supported Google APIs. Regional endpoints replace locational endpoints for Private Service Connect backends.

The list of supported regional endpoints that can be accessed by Private Service Connect endpoints and backends is updated to include additional supported Google APIs and regions.

June 28, 2024

Bring your own IP does not support creating BYOIP addresses in Shared VPC service projects. This limitation is documented, but was previously not enforced. Enforcement has been added to prevent the creation of BYOIP addresses in service projects. If you're using bring your own IP with Shared VPC, use the project architecture described in BYOIP addresses administration with Shared VPC.

June 17, 2024

June 14, 2024

Private Service Connect port mapping is available in Preview. Port mapping lets consumer virtual machine (VM) instances privately communicate with specific service ports on specific producer VMs through a single Private Service Connect endpoint.

Private Service Connect propagated connections are available in Preview. With propagated connections, services that are accessible in one consumer VPC spoke through Private Service Connect endpoints can be privately accessed by other consumer VPC spokes that are connected to the same Network Connectivity Center hub.

June 10, 2024

The following features of policy-based routes are available in Preview:

  • Applying policy-based routes to IPv6 traffic
  • Using a next hop that is in a peered VPC network

For more information, see Create policy-based routes.

VPC Flow Logs includes internet routing details for egress flows. For more information, see InternetRoutingDetails field format. This field is available in General Availability.

June 03, 2024

Support for IPv6 static routes with a next hop instance identified by address (next-hop-address) is available in Preview.

Bring your own IP lets you bring your own public IPv6 addresses to Google Cloud. IPv6 BYOIP addresses can be used with external passthrough Network Load Balancers. Bring your own IP for IPv6 addresses is available in General Availability.

May 03, 2024

Private Service Connect supports IPv6 in Preview for the following supported configurations:

For more information, see IP version translation.

May 02, 2024

Service producers are no longer charged producer data processing for ingress or egress traffic through a Private Service Connect service attachment. For more information, see pricing for published services.

Private Service Connect now offers consumers volume-based discounts for consumer data processing. For more information, see Consumer data processing.

April 26, 2024

Bring your own IP v2 for regional addresses is available in General Availability.

April 23, 2024

The Private Service Connect interface documentation has been updated. Google recommends avoiding multi-tenant architectures, where multiple consumers connect to the same Private Service Connect interface VM. In a multi-tenant architecture, if one consumer terminates their Private Service Connect interface connection, other consumers that are connected to the same VM also lose connectivity. For more information, see Limitations.

April 01, 2024

You can use Packet Mirroring to collect IPv6 traffic. This feature is available in General Availability.

March 07, 2024

Internal ranges are available in General Availability. Internal ranges let you allocate blocks of private IP addresses in VPC networks and specify how those addresses can be used.

February 26, 2024

The VPC documentation has been updated with a new page that describes which services in Google Cloud include support for IPv6. For more information, see IPv6 support in Google Cloud.

February 05, 2024

Support for IPv6 extension headers is available in General Availability.

January 31, 2024

Private Service Connect interfaces are available in General Availability. Private Service Connect interfaces let service producers initiate connections to consumer VPC networks.

For auto mode VPC networks, added a new subnet 10.218.0.0/20 for the Johannesburg africa-south1 region. For more information, see Auto mode IP ranges.

January 11, 2024

Regional service endpoints that are used with Private Service Connect backends are now referred to as locational service endpoints. Locational service endpoints are different from regional service endpoints.

Private Service Connect endpoints support accessing regional service endpoints. This feature is available in Preview.

December 19, 2023

You can use Packet Mirroring to collect IPv6 traffic. This feature is available in General Availability.

This note is incorrect. The feature was released in Preview on this date.

December 13, 2023

Accessing supported global Google APIs through Private Service Connect backends is available in Preview.

November 20, 2023

October 02, 2023

Private Service Connect service connectivity automation is available in General Availability. Service connectivity automation lets service producers automate deployment and service connectivity to eligible managed services on behalf of consumers.

September 29, 2023

Private Service Connect backends support using an external regional TCP proxy load balancer or an internal regional TCP proxy load balancer to access published services. These features are available in General Availability.

September 19, 2023

For auto mode VPC networks, added a new subnet 10.216.0.0/20 for the Dammam me-central2 region. For more information, see Auto mode IP ranges.

September 14, 2023

Policy-based routing is available in General Availability. You can select a next hop based on more than a packet's destination IP address. You can match traffic by protocol and source IP address as well.

If you've used Google provider for Terraform versions earlier than 4.76.0 to create Private Service Connect service attachments, do not upgrade to versions 4.76.0 through 4.81.x. When you run terraform apply after the upgrade, Terraform might unintentionally delete and recreate the service attachments and close existing Private Service Connect connections. Recreated service attachments do not automatically re-establish Private Service Connect connections.

Upgrading to version 4.82.0 or later ensures that service attachments are not recreated.

Versions 4.76.0 and later turn on connection reconciliation by default, which might result in different service attachments having different settings for this field, depending on when they were created.

For more information and workarounds, see Disconnections after upgrading the Google provider for Terraform.

September 05, 2023

Support for IPv6 static routes with the following next hops is generally available (GA):

  • next-hop-gateway
  • next-hop-instance

August 30, 2023

You can add Resource Manager tags to supported VPC resources. For more information, see Create and manage tags for VPC resources.

August 22, 2023

For auto mode VPC networks, added a new subnet 10.214.0.0/20 for the Berlin europe-west10 region. For more information, see Auto mode IP ranges.

August 14, 2023

VLAN attachments for Cloud Interconnect that have Dataplane v1 can access Private Service Connect endpoints from hybrid networks. For more information, see access endpoints from hybrid networks.

Private Service Connect endpoints that have global access enabled can access published services that are based on the following load balancer configurations:

  • Internal Application Load Balancer with global access enabled
  • Regional internal proxy Network Load Balancer with global access enabled

August 02, 2023

Connection reconciliation is available in General Availability. When connection reconciliation is enabled for a service attachment, updating the service attachment's consumer accept or reject lists affects existing Private Service Connect connections in addition to new and pending connections.

July 28, 2023

New pages for Private Service Connect:

July 18, 2023

All service attachments, including those created before March 1, 2023, consume one NAT IP address for each connected endpoint or backend. For more information, see NAT subnet sizing.

July 17, 2023

You can publish a service that is hosted on an internal passthrough Network Load Balancer that forwards traffic on all ports (--ports=all). This feature is available in General Availability.

July 10, 2023

By default, public advertised prefixes can be used only to create regional public delegated prefixes. If you need to create global public delegated prefixes, you must request access. For more information about this behavior change and how to request access, see Behavior changes for BYOIP.

July 05, 2023

Moving a reserved external IPv4 address from one project to another is available in General Availability.

June 30, 2023

You can use custom constraints to provide more granular and customizable control over specific fields for some VPC resources. For more information, see Manage VPC resources by using custom constraints. This feature is available in Preview.

June 20, 2023

The connection preference for a Private Service Connect published service can be configured on the VPC network level in addition to project level. For more information, see Publish a service with explicit approval. This feature is available in General Availability.

Service consumers can use organization policies with the compute.restrictPrivateServiceConnectProducer list constraint to block Private Service Connect endpoints and backends from connecting to service attachments in other organizations. For more information, see Block endpoints and backends from connecting to unauthorized service attachments.

Service producers can use organization policies with the compute.restrictPrivateServiceConnectConsumer list constraint to control which endpoints and backends can connect to Private Service Connect service attachments within a producer organization or project. For more information, see Block unauthorized endpoints and backends from connecting to service attachments.

These constraints are available in General Availability.

June 13, 2023

Private Service Connect interfaces are available in Preview. Private Service Connect interfaces let service producers initiate connections to consumer VPC networks.

June 04, 2023

Support for IPv6 static routes with the following next hops is available in Preview:

  • next-hop-gateway
  • next-hop-instance

May 26, 2023

General Availability: You can use the private.googleapis.com and restricted.googleapis.com virtual IP addresses (VIPs) to access Google APIs and services with IPv6 addresses. For more information, see the following pages:

May 23, 2023

Reserving static regional external IPv6 addresses is available in General Availability.

Reserving static regional internal IPv6 addresses is available in General Availability.

Internal ranges are available in Preview. Internal ranges let you allocate blocks of private IP addresses in VPC networks and specify how those addresses can be used.

Support for IPv6 extension headers is available in Preview.

May 18, 2023

Private Service Connect service connectivity automation is available in Preview. Service connectivity automation lets service producers automate deployment and service connectivity to eligible managed services on behalf of consumers.

May 17, 2023

Global access for Private Service Connect endpoints for published services is available in General Availability. When global access is configured, clients in any region can send traffic to Private Service Connect endpoints.

April 20, 2023

April 19, 2023

Private Service Connect endpoints for published services can be configured with global access. When global access is configured, clients in any region can send traffic to endpoints. Global access for endpoints is available in Preview.

April 10, 2023

Documentation updates for Private Service Connect:

April 05, 2023

General Availability: Private Service Connect endpoints with consumer HTTP(S) controls support accessing regional Google APIs and published services using the following load balancers:

  • Regional internal HTTP(S) load balancer
  • Regional external HTTP(S) load balancer

March 30, 2023

For auto mode VPC networks, added a new subnet 10.212.0.0/20 for the Doha me-central1 region. For more information, see Auto mode IP ranges.

March 23, 2023

For auto mode VPC networks, added a new subnet 10.210.0.0/20 for the Turin europe-west12 region. For more information, see Auto mode IP ranges.

March 20, 2023

March 14, 2023

Hybrid subnets are available in Preview. A hybrid subnet combines an on-premises subnet and a VPC subnet into a single logical subnet. You can migrate individual workloads and instances from the on-premises subnet to the VPC subnet over time without needing to change IP addresses.

March 10, 2023

Connectivity to Private Service Connect endpoints used to access a managed service is supported over VLAN attachments for Cloud Interconnect. This feature is available in General Availability.

Consumption of IP addresses in Private Service Connect NAT subnets is improved for service attachments that are created after March 1st, 2023. For more information, see NAT subnets. This improvement is available in General Availability.

January 26, 2023

Policy-based routing is available in Preview. You can select a next hop based on more than a packet's destination IP address. You can match traffic by protocol and source IP address as well.

December 20, 2022

Preview: You can use geo-location objects in firewall policy rules to filter external IPv4 and external IPv6 traffic based on specific geographic locations or regions.

Preview: You can use Threat Intelligence for firewall policy rules to secure your network by allowing or blocking traffic based on threat intelligence data.

Preview: You can use address groups to combine multiple IP addresses and IP ranges into a single named logical unit. You can then use this unit across multiple rules in the same or different firewall policies. 

Preview: You can use fully qualified domain name (FQDN) objects in firewall policy rules to filter incoming or outgoing traffic from specific domain names.

December 14, 2022

General Availability: VPC Peering supports the exchange of IPv6 routes between peered VPC networks.

December 13, 2022

November 17, 2022

Preview: Connectivity to Private Service Connect endpoints used to access a managed service is supported over VLAN attachments for Cloud Interconnect

November 16, 2022

Preview: Private Service Connect endpoints with consumer HTTP(S) controls now support accessing regional Google APIs and managed services using the following load balancers:

  • Regional internal HTTP(S) load balancer
  • Regional external HTTP(S) load balancer

November 08, 2022

Preview: You use the private.googleapis.com and restricted.googleapis.com VIPs to access Google APIs and services using IPv6 addresses. For more information, see the following pages:

November 01, 2022

Private Service Connect supports internal regional TCP proxy load balancers as a service attachment target in General Availability. This lets you create hybrid TCP/UDP services where a clients in a VPC network can connect to an on-premise service by going through Private Service Connect and a TCP proxy with hybrid NEGs to reach a hybrid endpoint.

October 21, 2022

You can specify the source IP ranges for egress rules and the destination IP ranges for ingress rules. This feature is available in Preview.

October 14, 2022

Moving a reserved external IPv4 address from one project to another is available in Preview.

October 05, 2022

For auto mode VPC networks, added a new subnet 10.208.0.0/20 for the Tel Aviv me-west1 region. For more information, see Auto mode IP ranges.

October 04, 2022

Accessing managed services using Private Service Connect with consumer HTTP(S) controls is available in General Availability for the global external HTTP(S) load balancer.

September 26, 2022

General Availability: You can monitor the following Private Service Connect producer metrics using Cloud Monitoring:

  • Connected consumer forwarding rules
  • Used NAT IP addresses

For more information, see Monitor Private Service Connect published services.

September 23, 2022

VPC Service Controls ingress and egress rules are no longer required to establish Private Service Connect connections from inside a VPC Service Controls perimeter.

Establishing a Private Service Connect connection between consumer and producer projects that are not in the same VPC Service Controls perimeter does not require explicit authorization with egress policies. However, all communication to VPC Service Controls-supported services through the Private Service Connect endpoint is protected by the VPC Service Controls perimeter.

For more information, see VPC Service Controls.

August 08, 2022

Internal and external IPv6 addresses are available in all regions in General Availability:

August 05, 2022

Network firewall policies and regional firewall policies are now available in General Availability.

July 14, 2022

Private Service Connect supports publishing a service that is hosted on the following load balancers:

These features are available in General Availability.

June 22, 2022

Private Service Connect supports publishing a service that is hosted on an internal regional TCP proxy load balancer in a service producer VPC network. The backends can be located in Google Cloud, in other clouds, in an on-premises environment, or any combination of these locations.

This feature is available in Preview.

June 13, 2022

VPC networks now support jumbo frame MTUs within the same subnet. MTU can be set from 1300 to 8896. For details, see the maximum transmission unit overview.

June 07, 2022

For auto mode VPC networks, added a new subnet 10.206.0.0/20 for the Dallas us-south1 region. For more information, see Auto mode IP ranges.

May 24, 2022

For auto mode VPC networks, added a new subnet 10.202.0.0/20 for the Columbus us-east5 region. For more information, see Auto mode IP ranges.

May 17, 2022

Accessing Google APIs and services from Compute Engine instances using either internal IPv6 addresses with Private Google Access or external IPv6 addresses is available in General Availability.

May 10, 2022

For auto mode VPC networks, added a new subnet 10.204.0.0/20 for the Madrid europe-southwest1 region. For more information, see Auto mode IP ranges.

May 09, 2022

Reserving static regional external IPv6 addresses is available as a limited Preview feature. Contact your sales representative for access.

May 02, 2022

For auto mode VPC networks, added a new subnet 10.200.0.0/20 for the Paris europe-west9 region. For more information, see Auto mode IP ranges.

April 25, 2022

Automatic DNS configuration for Private Service Connect endpoints is available in General Availability.

For service producers: When you publish a managed service with Private Service Connect, you can optionally specify a domain name for the service.

For service consumers: When you create a Private Service Connect endpoint to connect to a managed service that has a specified domain name, a DNS entry for the Private Service Connect endpoint is created in a Service Directory DNS zone.

April 20, 2022

For auto mode VPC networks, added a new subnet 10.198.0.0/20 for the Milan europe-west8 region. For more information, see Auto mode IP ranges.

January 24, 2022

January 06, 2022

By default, Google Cloud blocks egress packets sent to TCP destination port 25 of an external IP address (including an external IP address of another Google Cloud resource). This restriction has been removed from projects owned by select Google Cloud customers.

For more information, see Blocked and limited traffic.

December 15, 2021

When you create a custom mode VPC network, you can select predefined firewall rules which address common use cases for connectivity to instances. This feature is available in General Availability.

December 13, 2021

Accessing published services using a Private Service Connect endpoint from on-premises hosts that are connected to a VPC network using Cloud VPN is now available in General Availability.

Connectivity from on-premises hosts to a Private Service Connect endpoint that is used to access managed services now correctly establishes for all service attachment configurations.

November 16, 2021

For auto mode VPC networks, added a new subnet 10.194.0.0/20 for the Santiago southamerica-west1 region. For more information, see Auto mode IP ranges.

November 12, 2021

Private Service Connect endpoints used to access a managed service are now automatically registered with Service Directory. This feature is available in General Availability.

Converting a single-region legacy network to a custom mode VPC network is now available in Preview.

November 02, 2021

Changes in status for Private Service Connect endpoints that you use access managed services are now logged in Cloud Logging.

October 21, 2021

This issue is now fixed: Connectivity from on-premises hosts to a Private Service Connect endpoint that is used to access published services might not establish for some existing Cloud VPN connections. As a workaround, recreate the VPN gateway and the VPN tunnels.

October 12, 2021

Using Private Service Connect to publish services that are hosted on the backends of an internal HTTP(S) load balancer is now Generally Available.

Accessing published services using a Private Service Connect endpoint is now available from on-premises hosts that are connected to a VPC network using Cloud VPN. This feature is available in Preview.

Connectivity from on-premises hosts to a Private Service Connect endpoint that is used to access published services might not establish for some existing Cloud VPN connections. As a workaround, recreate the VPN gateway and the VPN tunnels.

Connectivity from on-premises hosts to a Private Service Connect endpoint that is used to access managed services does not establish if both of the following conditions are met:

  • The service is published with explicit project approval

  • Your project is not already approved before you create the endpoint.

See known issues for a workaround while this feature is in Preview.

October 04, 2021

The number of Private Service Connect endpoints that are connected to a service attachment is now correctly adjusted when an endpoint is deleted.

If you are using Private Service Connect endpoints to access services in another VPC network, and you create more endpoints than are allowed by the limit set by the service producer, any endpoints created after the limit is reached have a status of Pending, as expected. Now, if you remove endpoints to get below the limit, the status of those endpoints correctly changes to Accepted.

September 16, 2021

Enabling or disabling PROXY protocol after a Private Service Connect service attachment is created now correctly changes the configuration.

September 14, 2021

Full control over which protocols are mirrored by Packet Mirroring is now available in General Availability.

August 25, 2021

Private Service Connect service attachment deletions are now logged in Cloud Logging.

August 23, 2021

August 17, 2021

If you are using Private Service Connect endpoints to access services in another VPC network, deleting an endpoint no longer fails if you try to delete multiple endpoints in a short period of time.

August 03, 2021

For auto mode VPC networks, added a new subnet 10.188.0.0/20 for the Toronto northamerica-northeast2 region. For more information, see Auto mode IP ranges.

July 28, 2021

Publishing services and accessing published services using Private Service Connect is now available in General Availability.

If you are using Private Service Connect to publish or consume services, the following items are not logged in Cloud Logging: changes in endpoint status, and service attachment deletions.

The number of Private Service Connect endpoints that are connected to a service attachment is not adjusted when an endpoint is deleted. See workaround information.

July 20, 2021

External IPv6 addresses for VM instances are now available in General Availability in supported regions.

The following features are also available in General Availability:

July 14, 2021

Private Service Connect service attachment details now correctly shows the status for consumer endpoints. Consumer endpoints can have a status other than Accepted.

If you're creating a Private Service Connect endpoint in a Shared VPC network, the endpoint no longer needs to be in the same project that contains the virtual machines (VMs) that send requests to the endpoint.

June 30, 2021

Deleting a private services access connection now also removes configurations created by the service producer, if Google is the service producer (for example, Cloud SQL). The improved deletion process simplifies administration if you delete a private services access connection, but later want to recreate it. This feature is now available in General Availability.

The billing issue for non-RFC 1918 addresses for Private Service Connect endpoints that you use to access Google APIs and services has been fixed.

June 29, 2021

For auto mode VPC networks, added a new subnet 10.190.0.0/20 for the Delhi asia-south2 region. For more information, see Auto mode IP ranges.

June 23, 2021

If you are using Private Service Connect endpoints to access services in another VPC network, and you delete multiple endpoints in a short period of time, one or more of the deletions might fail. To avoid this issue, wait 20 seconds between deletions.

If you are using Private Service Connect endpoints to access services in another VPC network, and you create more endpoints than are allowed by the limit set by the service producer, any endpoints created after the limit is reached have a status of Pending, as expected. However, if you remove endpoints to get below the limit, the status of those endpoints does not change to Accepted.

June 21, 2021

For auto mode VPC networks, added a new subnet 10.192.0.0/20 for the Melbourne australia-southeast2 region. For more information, see Auto mode IP ranges.

June 16, 2021

Private Service Connect endpoints in consumer networks now won't become unresponsive if they are connected to a service attachment that references a load balancer without backend VMs.

June 15, 2021

Bring your own IP (BYOIP) is now available in General Availability.

June 14, 2021

Enabling or disabling PROXY protocol after a Private Service Connect service attachment is created does not change the configuration. However, the status shown in the service attachment details incorrectly shows that the status has changed. To enable or disable PROXY protocol, delete the service attachment and recreate it with the correct PROXY protocol configuration.

June 09, 2021

If you enable PROXY protocol for a Private Service Connect service attachment, the PROXY protocol header value was previously either 0xEA or 0xE0. Starting today, the value will always be 0xE0.

June 04, 2021

The Private Service Connect Published Services tab in the Google Cloud Console now correctly displays service attachments. You can now view and manage service attachments using the Console, the gcloud command-line tool, or the API

When a Private Service Connect consumer endpoint is deleted, the service attachment details now correctly reflects this change.

June 02, 2021

Private Service Connect service attachment details always show a status of Accepted for consumer endpoints, even if they have a different status. The status is correctly displayed in the consumer endpoint details.

When a Private Service Connect consumer endpoint is deleted, the service attachment details do not reflect this change.

Updating a Private Service Connect service attachment using the PATCH API method requires that you provide all values in the request body, not just the values that you are updating. This affects Managing access requests for a service and Changing the connection preference for a service.

If you enable PROXY protocol for a Private Service Connect service attachment, the PROXY protocol header value might be 0xEA or 0xE0. After General Availability, the value will always be 0xE0.

If you publish a service using Private Service Connect, and the referenced load balancer does not have any backend VMs, all Private Service Connect endpoints in the consumer network might become unresponsive. Make sure that that all load balancers that are referenced by a service attachment have backend VMs.

If you want to create a Private Service Connect endpoint in a Shared VPC network, the endpoint must be created in the same project that contains the virtual machines (VMs) that send requests to the endpoint.

The Private Service Connect Published Services tab in the Google Cloud Console does not display service attachments. Use the gcloud command-line tool or the API to view and manage service attachments.

May 07, 2021

GRE support for VPC networks is now available in General Availability.

April 14, 2021

Access to Google APIs and services using Private Service Connect is now available in General Availability.

Using non-RFC 1918 addresses for Private Service Connect endpoints results in unexpected costs due to a billing issue. To prevent this issue, avoid using non-RFC 1918 IP addresses and instead use RFC 1918 IP addresses for Private Service Connect endpoints. If you are affected by this issue, contact your account team for remediation.

March 24, 2021

For auto mode VPC networks, added a new subnet 10.186.0.0/20 for the Warsaw europe-central2 region. For more information, see Auto mode IP ranges.

The ability to connect VM interfaces other than nic0 to a Shared VPC is now available in General Availability for instance templates and managed instance groups. This feature is available in the gcloud command-line tool and the API.

March 18, 2021

Serverless VPC Access support for Shared VPC is now available in General availability.

February 26, 2021

Hierarchical firewall policies are now available in General Availability.

February 23, 2021

The ability to connect VM interfaces other than nic0 to a Shared VPC is now available in General Availability. This feature presently only GA for individual VM instances. Support for instance templates and managed instance groups is still Preview.

January 11, 2021

Support for 1500 MTU for Cloud Interconnect is now available in General Availability.

December 16, 2020

Access to Google APIs and services using Private Service Connect is now available in Preview.

DNS peering for private services access is now available in General Availability.

December 15, 2020

The ability to connect VM interfaces other than nic0 to a Shared VPC is now available in Preview. This feature presently only works with individual VM instances, not with instance templates or managed instance groups.

December 07, 2020

Packet Mirroring direction control is now available in General Availability.

DNS peering for private services access is now available in Preview.

October 15, 2020

Support for 1500 MTU in VPC networks is now available in General Availability.

September 02, 2020

Firewall Rules Logging metadata controls is now available in General Availability.

August 13, 2020

GRE support for VPC networks is now available in Beta.

July 23, 2020

Serverless VPC Access support for Shared VPC is now available in Beta.

June 12, 2020

Firewall Rules Logging metadata controls is now available in Beta.

June 08, 2020

For auto mode VPC networks, added a new subnet 10.184.0.0/20 for the Jakarta asia-southeast2 region. For more information, see Auto mode IP ranges.

June 03, 2020

Hierarchical firewall policies are now available in Beta.

May 29, 2020

GKE annotations and advanced controls for VPC Flow Logs is now available in General Availability.

May 18, 2020

Subnets in VPC networks now support IP addresses other than RFC 1918 addresses. For more information, see Subnet ranges.

April 29, 2020

Google Cloud now encrypts VPC traffic within the boundaries of the data centers in asia-east2. We will roll out this feature gradually to other regions. Google Cloud already encrypts VPC traffic between all data centers as described in Encryption in Transit in Google Cloud.

April 24, 2020

Private Google Access for on-premises hosts permits on-premises hosts to send traffic from any internal IP addresses, not just RFC 1918 addresses. This feature is now Generally Available.

April 20, 2020

For auto mode VPC networks, added a new subnet 10.182.0.0/20 for the Las Vegas us-west4 region. For more information, see Auto mode IP ranges.

Packet Mirroring pricing will come into effect from June 20, 2020. There is no charge for Packet Mirroring until that time.

March 03, 2020

Packet MIrroring is now available in General Availability.

February 24, 2020

For auto mode VPC networks, added a new subnet 10.180.0.0/20 for the Salt Lake City us-west3 region. For more information, see Auto mode IP ranges.

January 24, 2020

For auto mode VPC networks, added a new subnet 10.178.0.0/20 for the Seoul asia-northeast3 region. For more information, see Auto mode IP ranges.

January 01, 2020

Google now charges for static external IPv4 addresses that are in use, except for ones that are used by forwarding rules. For more information, see the Network pricing.

December 19, 2019

Private Google Access for on-premises hosts now permits on-premises hosts to send traffic from any internal IP addresses, not just RFC 1918 addresses. This feature is now available in Beta.

December 11, 2019

Serverless VPC Access is now Generally Available.

November 22, 2019

Virtual machines with 2 or 4 vCPUs now have a maximum egress rate of 10 Gbps. This feature is Generally Available. For more information, see Machine types in the Compute Engine documentation.

November 18, 2019

The private.googleapis.com virtual IP address range for Private Google Access for on-premises hosts is Generally Available.

November 13, 2019

For VPC Network Peering, importing and exporting custom routes are now General Available.

Packet MIrroring is now available in Beta.

September 23, 2019

The quotas for subnet ranges per network and per peering group have changed.

September 20, 2019

VPC Flow Logs log volume reduction is now available in General Availability.

August 13, 2019

The private.googleapis.com virtual IP address range for Private Google Access for on-premises hosts is in Beta.

June 19, 2019

The increased egress rate of 32Gbps of network I/O for virtual machines that use either the Skylake CPU platform or ultramem machine types, is now available in General Availability.

April 09, 2019

Serverless VPC Access is now available in Beta.

April 05, 2019

You can get up to 32Gbps of network I/O for virtual machines that use either the Skylake CPU platform or ultramem machine types. This increased egress rate is now available in Beta.

April 04, 2019

VPC Flow Logs log volume reduction is now available in Beta.

April 01, 2019

For VPC Network Peering, importing and exporting custom routes is now available in Beta.

March 27, 2019

Private services access is now available in General Availability.

February 07, 2019

You can disable the default network creation for new projects. You must create an organization policy and add the compute.skipDefaultNetworkCreation constraint.

February 01, 2019

The private access option for on-premises hosts is now Generally Available. On-premises hosts with only private IP addresses can access Google APIs through a Cloud VPN or Cloud Interconnect connections (hybrid connectivity scenarios).

January 24, 2019

The IPv4Range field for creating legacy networks is now deprecated and will shut down on June 1, 2021.

January 09, 2019

Firewall rules logging is now available in General Availability.

December 20, 2018

IP address allocation for private services access is now available in General Availability.

October 19, 2018

Private Google Access for on-premises hosts is now available in Beta. On-premises hosts with only private IP addresses can now access Google APIs through Cloud VPN or Cloud Interconnect connections (hybrid connectivity scenarios).

September 26, 2018

Private services access provides a private connection between your VPC network and a network owned by Google or a third party. Private services access is in Beta.

September 18, 2018

Firewall rules logging is now available in Beta.

September 05, 2018

The ability to Disable firewall rules is now available in General Availability.

July 31, 2018

In Shared VPC service projects, listing usable subnets in the host project is now available in General Availability.

June 28, 2018

VPC Flow Logs are now available in General Availability.

May 09, 2018

Folder support for Shared VPC is now available in Beta.

May 01, 2018

The ability to Disable firewall rules is now available in Beta.

April 23, 2018

Add/Delete Alias IP Ranges is now available in General Availability.

March 29, 2018

VPC Flow Logs are now available in Beta.

November 13, 2017

VPC Networks documentation has moved to https://cloud.google.com/vpc/docs.

September 05, 2017

Alias IP Ranges allows you to assign additional IP addresses to a VM instance. These addresses can be used by containers running on the VM. Alias IP Ranges is now available in General Availability.

Firewall Rules egress and deny rules allows you to create firewall rules that govern egress as well as ingress traffic. You can now also create deny rules and you can prioritize the order in which rules are evaluated. Firewall Rules egress and deny rules is now available in General Availability.

August 18, 2017

Multiple Network Interfaces allows a VM instance to have more than one virtual network interfaces. Each interface must point to a different VPC network. Multiple Network Interfaces is now available in General Availability.

August 11, 2017

Add support for specifying a static internal IP to Beta. See Reserving a Static Internal IP Address for more information.

July 14, 2017

VPC Network Peering allows you to peer VPC networks, even networks in different organizations, so that the networks can communicate with each other using internal IP addresses. VPC Network Peering is now available in General Availability.

June 21, 2017

Multiple Network Interfaces allows a VM instance to have more than one virtual network interface. Each interface must point to a different VPC network. Multiple Network Interfaces is now available in Beta.

June 07, 2017

Shared VPC (Previously Cross-Project Networking (XPN)) is now available in General Availability.

May 22, 2017

Alias IP Ranges allows you to assign additional IP addresses to a VM instance. These addresses can be used by containers running on the VM. Alias IP Ranges is now available in Beta.

May 08, 2017

VPC Network Peering allows you to peer VPC networks, even networks in different organizations, so that the networks can communicate with each other using internal IP addresses. VPC Network Peering is now available in Beta.

May 04, 2017

Private Google Access allows Compute Engine VM instances to access Google APIs using an internal IP address only. Private Google Access is now available in General Availability.

May 01, 2017

Decoupled labels and tags so that creating either a label or a tag will not create the opposing resource. For example, creating a label will no longer create a tag and vice-versa. For more information, read Relationship between instance labels and network tags.

You can now find information about network tags in the VPC networking documentation.

April 17, 2017

Firewall Rules egress and deny rules allows you to create firewall rules that govern egress as well as ingress traffic. You can now also create deny rules and you can prioritize the order in which rules are evaluated. Firewall Rules egress and deny rules is now available in Beta.

March 09, 2017

Shared VPC allows you to share a VPC network with other GCP projects. Shared VPC is now available in Beta.

March 07, 2017

Private Google Access allows Compute Engine VM instances to access Google APIs using an internal IP address only. Private Google Access is now available in Beta.

December 21, 2016

Added ICMP support for forwarding rules.

May 11, 2016

The following VPC IAM roles are now generally available: roles/compute.networkAdmin, roles/compute.securityAdmin, roles/iam.serviceAccountActor

For more information, read the IAM documentation.

November 04, 2014

Lowered network pricing. See Network pricing for more information.

May 05, 2014

Updated default firewall rule names. Default firewall rules are automatically created with every project. These rules were previously named default-internal and default-ssh. New projects will have the same default firewalls but with the following new names:

  • default-allow-internal - Allows network connections of any protocol and port between any two instances.
  • default-allow-ssh - Allows TCP connections from any source to any instance on the network, over port 22.

Introduced new default firewall rule that will be created with each new project.

  • default-allow-icmp - Allows ICMP traffic from any source to any instance on the network.

December 17, 2013

Released new Protocol Forwarding feature. Forwarding rules allows you to forward traffic to a single virtual machine instance, using a target.instance. Protocol forwarding provides support for these additional features:

Added support for new Target Instance resources, which allows for non-NAT'ed traffic to be forwarded to a single virtual machine instance. See Forwarding rules for more information.