You can see the latest product updates for all of Google Cloud on the Google Cloud page, browse and filter all release notes in the Google Cloud console, or programmatically access release notes in BigQuery.
To get the latest product updates delivered to you, add the URL of this page to your feed reader, or add the feed URL directly.
September 27, 2024
Private Service Connect supports IPv6 in General Availability for the following supported configurations:
- Service consumers can access published services by using Private Service Connect endpoints that have IPv6 addresses.
- Service producers that use supported load balancers can publish services by using service attachments that have IPv6 addresses.
For more information, see IP version translation.
September 13, 2024
You can use Private Service Connect endpoints to access the regional service endpoints of supported Google APIs. This feature is available in General Availability.
August 23, 2024
VPC Flow Logs can sample traffic that is sent through VLAN attachments for Cloud Interconnect and Cloud VPN tunnels. This feature is available in Preview. For more information, see VPC Flow Logs.
The live migration feature for bring your own IP v1 has been removed. For new configurations, we recommend that you use bring your own IP v2, which lets you control when prefixes are advertised.
August 12, 2024
VPC Flow Logs includes the following metadata annotations in General Availability:
src_gateway
anddest_gateway
src_google_service
anddest_google_service
load_balancing
network_service
psc
For more information, see Record Format.
July 24, 2024
The following producer load balancers now support all Private Service Connect monitoring metrics:
- Regional internal Application Load Balancer
- Regional internal proxy Network Load Balancer
Predefined dashboards for monitoring Private Service Connect connections have been enhanced:
- The dashboard for monitoring published services now includes more metrics.
- A new dashboard is available for monitoring endpoints that connect to published services.
July 22, 2024
In the Google Cloud Console, the Effective routes tab on the Routes page shows only routes that are effective. You can optionally show suppressed routes by using the Show suppressed routes toggle. You can also view the reason why a given route is suppressed. For more information, see List routes for a VPC network.
July 17, 2024
Private Service Connect backends can be used to reach regional endpoints for supported Google APIs. Regional endpoints replace locational endpoints for Private Service Connect backends.
The list of supported regional endpoints that can be accessed by Private Service Connect endpoints and backends is updated to include additional supported Google APIs and regions.
June 28, 2024
Bring your own IP does not support creating BYOIP addresses in Shared VPC service projects. This limitation is documented, but was previously not enforced. Enforcement has been added to prevent the creation of BYOIP addresses in service projects. If you're using bring your own IP with Shared VPC, use the project architecture described in BYOIP addresses administration with Shared VPC.
June 17, 2024
Private Service Connect backends support using a cross-regional internal Application Load Balancer to access global Google API targets. This feature is available in Preview.
June 14, 2024
Private Service Connect port mapping is available in Preview. Port mapping lets consumer virtual machine (VM) instances privately communicate with specific service ports on specific producer VMs through a single Private Service Connect endpoint.
Private Service Connect propagated connections are available in Preview. With propagated connections, services that are accessible in one consumer VPC spoke through Private Service Connect endpoints can be privately accessed by other consumer VPC spokes that are connected to the same Network Connectivity Center hub.
June 10, 2024
The following features of policy-based routes are available in Preview:
- Applying policy-based routes to IPv6 traffic
- Using a next hop that is in a peered VPC network
For more information, see Create policy-based routes.
VPC Flow Logs includes internet routing details for egress flows. For more information, see InternetRoutingDetails field format. This field is available in General Availability.
June 03, 2024
Support for IPv6 static routes with a next hop instance identified by address (next-hop-address
) is available in Preview.
Bring your own IP lets you bring your own public IPv6 addresses to Google Cloud. IPv6 BYOIP addresses can be used with external passthrough Network Load Balancers. Bring your own IP for IPv6 addresses is available in General Availability.
May 03, 2024
Private Service Connect supports IPv6 in Preview for the following supported configurations:
- Service consumers can access published services by using Private Service Connect endpoints that have IPv6 addresses.
- Service producers that use supported load balancers can publish services by using service attachments that have IPv6 addresses.
For more information, see IP version translation.
May 02, 2024
Service producers are no longer charged producer data processing for ingress or egress traffic through a Private Service Connect service attachment. For more information, see pricing for published services.
Private Service Connect now offers consumers volume-based discounts for consumer data processing. For more information, see Consumer data processing.
April 26, 2024
Bring your own IP v2 for regional addresses is available in General Availability.
- v2 public advertised prefixes are provisioned in approximately two weeks.
- v2 public delegated prefixes are provisioned in minutes.
- v2 prefixes are not automatically announced when provisioned; you control when to announce or withdraw advertisements.
April 23, 2024
The Private Service Connect interface documentation has been updated. Google recommends avoiding multi-tenant architectures, where multiple consumers connect to the same Private Service Connect interface VM. In a multi-tenant architecture, if one consumer terminates their Private Service Connect interface connection, other consumers that are connected to the same VM also lose connectivity. For more information, see Limitations.
April 01, 2024
You can use Packet Mirroring to collect IPv6 traffic. This feature is available in General Availability.
March 07, 2024
Internal ranges are available in General Availability. Internal ranges let you allocate blocks of private IP addresses in VPC networks and specify how those addresses can be used.
February 26, 2024
The VPC documentation has been updated with a new page that describes which services in Google Cloud include support for IPv6. For more information, see IPv6 support in Google Cloud.
February 05, 2024
Support for IPv6 extension headers is available in General Availability.
January 31, 2024
Private Service Connect interfaces are available in General Availability. Private Service Connect interfaces let service producers initiate connections to consumer VPC networks.
For auto mode VPC networks, added a new subnet 10.218.0.0/20
for the Johannesburg africa-south1
region. For more information, see Auto mode IP ranges.
January 11, 2024
Regional service endpoints that are used with Private Service Connect backends are now referred to as locational service endpoints. Locational service endpoints are different from regional service endpoints.
Private Service Connect endpoints support accessing regional service endpoints. This feature is available in Preview.
December 19, 2023
You can use Packet Mirroring to collect IPv6 traffic. This feature is available in General Availability.
This note is incorrect. The feature was released in Preview on this date.
December 13, 2023
Accessing supported global Google APIs through Private Service Connect backends is available in Preview.
November 20, 2023
You can use Private Service Connect backends to access published services that are hosted on regional internal Application Load Balancers and regional internal proxy Network Load Balancers.
October 02, 2023
Private Service Connect service connectivity automation is available in General Availability. Service connectivity automation lets service producers automate deployment and service connectivity to eligible managed services on behalf of consumers.
Private Service Connect backends with published service targets can be added to global external TCP proxy Network Load Balancers. This feature is available in Preview.
September 29, 2023
Private Service Connect backends support using an external regional TCP proxy load balancer or an internal regional TCP proxy load balancer to access published services. These features are available in General Availability.
September 19, 2023
For auto mode VPC networks, added a new subnet 10.216.0.0/20
for the Dammam me-central2
region. For more information, see Auto mode IP ranges.
September 14, 2023
Policy-based routing is available in General Availability. You can select a next hop based on more than a packet's destination IP address. You can match traffic by protocol and source IP address as well.
If you've used Google provider for Terraform versions earlier than 4.76.0 to create Private Service Connect service attachments, do not upgrade to versions 4.76.0 through 4.81.x. When you run terraform apply
after the upgrade, Terraform might unintentionally delete and recreate the service attachments and close existing Private Service Connect connections. Recreated service attachments do not automatically re-establish Private Service Connect connections.
Upgrading to version 4.82.0 or later ensures that service attachments are not recreated.
Versions 4.76.0 and later turn on connection reconciliation by default, which might result in different service attachments having different settings for this field, depending on when they were created.
For more information and workarounds, see Disconnections after upgrading the Google provider for Terraform.
September 05, 2023
Support for IPv6 static routes with the following next hops is generally available (GA):
next-hop-gateway
next-hop-instance
August 30, 2023
You can add Resource Manager tags to supported VPC resources. For more information, see Create and manage tags for VPC resources.
August 22, 2023
For auto mode VPC networks, added a new subnet 10.214.0.0/20
for the Berlin europe-west10
region. For more information, see Auto mode IP ranges.
August 14, 2023
Private Service Connect backends with published service targets can be added to cross-region Application Load Balancers. This feature is available in Preview.
VLAN attachments for Cloud Interconnect that have Dataplane v1 can access Private Service Connect endpoints from hybrid networks. For more information, see access endpoints from hybrid networks.
Private Service Connect endpoints that have global access enabled can access published services that are based on the following load balancer configurations:
- Internal Application Load Balancer with global access enabled
- Regional internal proxy Network Load Balancer with global access enabled
August 02, 2023
Connection reconciliation is available in General Availability. When connection reconciliation is enabled for a service attachment, updating the service attachment's consumer accept or reject lists affects existing Private Service Connect connections in addition to new and pending connections.
July 28, 2023
New pages for Private Service Connect:
July 18, 2023
All service attachments, including those created before March 1, 2023, consume one NAT IP address for each connected endpoint or backend. For more information, see NAT subnet sizing.
July 17, 2023
You can publish a service that is hosted on an internal passthrough Network Load Balancer that forwards traffic on all ports (--ports=all
). This feature is available in General Availability.
July 10, 2023
By default, public advertised prefixes can be used only to create regional public delegated prefixes. If you need to create global public delegated prefixes, you must request access. For more information about this behavior change and how to request access, see Behavior changes for BYOIP.
July 05, 2023
Moving a reserved external IPv4 address from one project to another is available in General Availability.
June 30, 2023
You can use custom constraints to provide more granular and customizable control over specific fields for some VPC resources. For more information, see Manage VPC resources by using custom constraints. This feature is available in Preview.
June 20, 2023
The connection preference for a Private Service Connect published service can be configured on the VPC network level in addition to project level. For more information, see Publish a service with explicit approval. This feature is available in General Availability.
Service consumers can use organization policies with the compute.restrictPrivateServiceConnectProducer
list constraint to block Private Service Connect endpoints and backends from connecting to service attachments in other organizations. For more information, see Block endpoints and backends from connecting to unauthorized service attachments.
Service producers can use organization policies with the compute.restrictPrivateServiceConnectConsumer
list constraint to control which endpoints and backends can connect to Private Service Connect service attachments within a producer organization or project. For more information, see Block unauthorized endpoints and backends from connecting to service attachments.
These constraints are available in General Availability.
June 13, 2023
Private Service Connect interfaces are available in Preview. Private Service Connect interfaces let service producers initiate connections to consumer VPC networks.
June 04, 2023
Support for IPv6 static routes with the following next hops is available in Preview:
next-hop-gateway
next-hop-instance
May 26, 2023
General Availability: You can use the private.googleapis.com
and restricted.googleapis.com
virtual IP addresses (VIPs) to access Google APIs and services with IPv6 addresses. For more information, see the following pages:
Private Service Connect backends support using an external regional TCP proxy load balancer to access published services. This feature is available in Preview.
May 23, 2023
Reserving static regional external IPv6 addresses is available in General Availability.
Reserving static regional internal IPv6 addresses is available in General Availability.
Internal ranges are available in Preview. Internal ranges let you allocate blocks of private IP addresses in VPC networks and specify how those addresses can be used.
Support for IPv6 extension headers is available in Preview.
May 18, 2023
Private Service Connect service connectivity automation is available in Preview. Service connectivity automation lets service producers automate deployment and service connectivity to eligible managed services on behalf of consumers.
May 17, 2023
Global access for Private Service Connect endpoints for published services is available in General Availability. When global access is configured, clients in any region can send traffic to Private Service Connect endpoints.
April 20, 2023
Private Service Connect backends support using an internal regional TCP proxy load balancer to access published services. This feature is available in Preview.
April 19, 2023
Private Service Connect endpoints for published services can be configured with global access. When global access is configured, clients in any region can send traffic to endpoints. Global access for endpoints is available in Preview.
April 10, 2023
Documentation updates for Private Service Connect:
- Private Service Connect endpoints with consumer HTTP(S) controls are now called Private Service Connect backends. The documentation is updated to reflect this change.
- The Private Service Connect overview page is updated.
- New pages for Private Service Connect:
- Private Service Connect compatibility: describes the features and compatibility of all Private Service Connect configurations and supported services.
- About accessing published services through endpoints
- About accessing Google APIs through endpoints
- About published services
- DNS configuration for published services
April 05, 2023
General Availability: Private Service Connect endpoints with consumer HTTP(S) controls support accessing regional Google APIs and published services using the following load balancers:
- Regional internal HTTP(S) load balancer
- Regional external HTTP(S) load balancer
March 30, 2023
For auto mode VPC networks, added a new subnet 10.212.0.0/20 for the Doha me-central1 region. For more information, see Auto mode IP ranges.
March 23, 2023
For auto mode VPC networks, added a new subnet 10.210.0.0/20 for the Turin europe-west12 region. For more information, see Auto mode IP ranges.
March 20, 2023
Managing Shared VPC with the Shared VPC Admin role at the folder level is available in General Availability.
March 14, 2023
Hybrid subnets are available in Preview. A hybrid subnet combines an on-premises subnet and a VPC subnet into a single logical subnet. You can migrate individual workloads and instances from the on-premises subnet to the VPC subnet over time without needing to change IP addresses.
March 10, 2023
Connectivity to Private Service Connect endpoints used to access a managed service is supported over VLAN attachments for Cloud Interconnect. This feature is available in General Availability.
Consumption of IP addresses in Private Service Connect NAT subnets is improved for service attachments that are created after March 1st, 2023. For more information, see NAT subnets. This improvement is available in General Availability.
January 26, 2023
Policy-based routing is available in Preview. You can select a next hop based on more than a packet's destination IP address. You can match traffic by protocol and source IP address as well.
December 20, 2022
Preview: You can use geo-location objects in firewall policy rules to filter external IPv4 and external IPv6 traffic based on specific geographic locations or regions.
Preview: You can use Threat Intelligence for firewall policy rules to secure your network by allowing or blocking traffic based on threat intelligence data.
Preview: You can use address groups to combine multiple IP addresses and IP ranges into a single named logical unit. You can then use this unit across multiple rules in the same or different firewall policies.
Preview: You can use fully qualified domain name (FQDN) objects in firewall policy rules to filter incoming or outgoing traffic from specific domain names.
December 14, 2022
General Availability: VPC Peering supports the exchange of IPv6 routes between peered VPC networks.
December 13, 2022
Reserving static regional internal IPv6 addresses is available in Preview.
November 17, 2022
Preview: Connectivity to Private Service Connect endpoints used to access a managed service is supported over VLAN attachments for Cloud Interconnect
November 16, 2022
Preview: Private Service Connect endpoints with consumer HTTP(S) controls now support accessing regional Google APIs and managed services using the following load balancers:
- Regional internal HTTP(S) load balancer
- Regional external HTTP(S) load balancer
November 08, 2022
Preview: You use the private.googleapis.com
and restricted.googleapis.com
VIPs to access Google APIs and services using IPv6 addresses. For more information, see the following pages:
November 01, 2022
Private Service Connect supports internal regional TCP proxy load balancers as a service attachment target in General Availability. This lets you create hybrid TCP/UDP services where a clients in a VPC network can connect to an on-premise service by going through Private Service Connect and a TCP proxy with hybrid NEGs to reach a hybrid endpoint.
October 21, 2022
You can specify the source IP ranges for egress rules and the destination IP ranges for ingress rules. This feature is available in Preview.
October 14, 2022
Moving a reserved external IPv4 address from one project to another is available in Preview.
October 05, 2022
For auto mode VPC networks, added a new subnet 10.208.0.0/20
for the Tel Aviv me-west1
region. For more information, see Auto mode IP ranges.
October 04, 2022
Accessing managed services using Private Service Connect with consumer HTTP(S) controls is available in General Availability for the global external HTTP(S) load balancer.
September 26, 2022
General Availability: You can monitor the following Private Service Connect producer metrics using Cloud Monitoring:
- Connected consumer forwarding rules
- Used NAT IP addresses
For more information, see Monitor Private Service Connect published services.
September 23, 2022
VPC Service Controls ingress and egress rules are no longer required to establish Private Service Connect connections from inside a VPC Service Controls perimeter.
Establishing a Private Service Connect connection between consumer and producer projects that are not in the same VPC Service Controls perimeter does not require explicit authorization with egress policies. However, all communication to VPC Service Controls-supported services through the Private Service Connect endpoint is protected by the VPC Service Controls perimeter.
For more information, see VPC Service Controls.
August 08, 2022
Internal and external IPv6 addresses are available in all regions in General Availability:
Subnets: Dual-stack subnets that have both IPv4 and IPv6 subnet ranges.
Routes: Subnet routes for IPv6 subnet ranges.
Instances: Dual-stack instances with both IPv4 and IPv6 addresses, including instances with multiple network interfaces.
August 05, 2022
Network firewall policies and regional firewall policies are now available in General Availability.
July 14, 2022
Private Service Connect supports publishing a service that is hosted on the following load balancers:
- Internal TCP/UDP load balancer with global access enabled
- Internal protocol forwarding (target instances)
These features are available in General Availability.
June 22, 2022
Private Service Connect supports publishing a service that is hosted on an internal regional TCP proxy load balancer in a service producer VPC network. The backends can be located in Google Cloud, in other clouds, in an on-premises environment, or any combination of these locations.
This feature is available in Preview.
June 13, 2022
VPC networks now support jumbo frame MTUs within the same subnet. MTU can be set from 1300
to 8896
. For details, see the maximum transmission unit overview.
June 07, 2022
For auto mode VPC networks, added a new subnet 10.206.0.0/20
for the Dallas us-south1
region. For more information, see Auto mode IP ranges.
May 24, 2022
For auto mode VPC networks, added a new subnet 10.202.0.0/20
for the Columbus us-east5
region. For more information, see Auto mode IP ranges.
May 17, 2022
Accessing Google APIs and services from Compute Engine instances using either internal IPv6 addresses with Private Google Access or external IPv6 addresses is available in General Availability.
May 10, 2022
For auto mode VPC networks, added a new subnet 10.204.0.0/20
for the Madrid europe-southwest1
region. For more information, see Auto mode IP ranges.
May 09, 2022
Reserving static regional external IPv6 addresses is available as a limited Preview feature. Contact your sales representative for access.
May 02, 2022
For auto mode VPC networks, added a new subnet 10.200.0.0/20
for the Paris europe-west9
region. For more information, see Auto mode IP ranges.
April 25, 2022
Automatic DNS configuration for Private Service Connect endpoints is available in General Availability.
For service producers: When you publish a managed service with Private Service Connect, you can optionally specify a domain name for the service.
For service consumers: When you create a Private Service Connect endpoint to connect to a managed service that has a specified domain name, a DNS entry for the Private Service Connect endpoint is created in a Service Directory DNS zone.
April 20, 2022
For auto mode VPC networks, added a new subnet 10.198.0.0/20
for the Milan europe-west8
region. For more information, see Auto mode IP ranges.
January 24, 2022
Accessing supported regional service endpoints using Private Service Connect with consumer HTTP(S) controls is available in General Availability.
Accessing managed services using Private Service Connect with consumer HTTP(S) controls is available in Preview.
January 06, 2022
By default, Google Cloud blocks egress packets sent to TCP destination port 25 of an external IP address (including an external IP address of another Google Cloud resource). This restriction has been removed from projects owned by select Google Cloud customers.
For more information, see Blocked and limited traffic.
December 15, 2021
When you create a custom mode VPC network, you can select predefined firewall rules which address common use cases for connectivity to instances. This feature is available in General Availability.
December 13, 2021
Accessing published services using a Private Service Connect endpoint from on-premises hosts that are connected to a VPC network using Cloud VPN is now available in General Availability.
Connectivity from on-premises hosts to a Private Service Connect endpoint that is used to access managed services now correctly establishes for all service attachment configurations.
November 16, 2021
For auto mode VPC networks, added a new subnet 10.194.0.0/20
for the Santiago southamerica-west1
region. For more information, see Auto mode IP ranges.
November 12, 2021
Private Service Connect endpoints used to access a managed service are now automatically registered with Service Directory. This feature is available in General Availability.
Converting a single-region legacy network to a custom mode VPC network is now available in Preview.
November 02, 2021
Changes in status for Private Service Connect endpoints that you use access managed services are now logged in Cloud Logging.
October 21, 2021
This issue is now fixed: Connectivity from on-premises hosts to a Private Service Connect endpoint that is used to access published services might not establish for some existing Cloud VPN connections. As a workaround, recreate the VPN gateway and the VPN tunnels.
October 12, 2021
Using Private Service Connect to publish services that are hosted on the backends of an internal HTTP(S) load balancer is now Generally Available.
Accessing published services using a Private Service Connect endpoint is now available from on-premises hosts that are connected to a VPC network using Cloud VPN. This feature is available in Preview.
Connectivity from on-premises hosts to a Private Service Connect endpoint that is used to access published services might not establish for some existing Cloud VPN connections. As a workaround, recreate the VPN gateway and the VPN tunnels.
Connectivity from on-premises hosts to a Private Service Connect endpoint that is used to access managed services does not establish if both of the following conditions are met:
The service is published with explicit project approval
Your project is not already approved before you create the endpoint.
See known issues for a workaround while this feature is in Preview.
October 04, 2021
The number of Private Service Connect endpoints that are connected to a service attachment is now correctly adjusted when an endpoint is deleted.
If you are using Private Service Connect endpoints to access services in another VPC network, and you create more endpoints than are allowed by the limit set by the service producer, any endpoints created after the limit is reached have a status of Pending, as expected. Now, if you remove endpoints to get below the limit, the status of those endpoints correctly changes to Accepted.
September 16, 2021
Enabling or disabling PROXY protocol after a Private Service Connect service attachment is created now correctly changes the configuration.
September 14, 2021
Full control over which protocols are mirrored by Packet Mirroring is now available in General Availability.
August 25, 2021
Private Service Connect service attachment deletions are now logged in Cloud Logging.
August 23, 2021
Using Private Service Connect with consumer HTTP(S) service controls to access supported regional service endpoints is now available in Preview.
August 17, 2021
If you are using Private Service Connect endpoints to access services in another VPC network, deleting an endpoint no longer fails if you try to delete multiple endpoints in a short period of time.
August 03, 2021
For auto mode VPC networks, added a new subnet 10.188.0.0/20
for the Toronto northamerica-northeast2
region. For more information, see Auto mode IP ranges.
July 28, 2021
Publishing services and accessing published services using Private Service Connect is now available in General Availability.
If you are using Private Service Connect to publish or consume services, the following items are not logged in Cloud Logging: changes in endpoint status, and service attachment deletions.
The number of Private Service Connect endpoints that are connected to a service attachment is not adjusted when an endpoint is deleted. See workaround information.
July 20, 2021
External IPv6 addresses for VM instances are now available in General Availability in supported regions.
The following features are also available in General Availability:
- System-generated default IPv6 route with next-hop default-internet-gateway
- Firewall rules and hierarchical firewall rules that reference IPv6 address ranges.
July 14, 2021
Private Service Connect service attachment details now correctly shows the status for consumer endpoints. Consumer endpoints can have a status other than Accepted.
If you're creating a Private Service Connect endpoint in a Shared VPC network, the endpoint no longer needs to be in the same project that contains the virtual machines (VMs) that send requests to the endpoint.
June 30, 2021
Deleting a private services access connection now also removes configurations created by the service producer, if Google is the service producer (for example, Cloud SQL). The improved deletion process simplifies administration if you delete a private services access connection, but later want to recreate it. This feature is now available in General Availability.
The billing issue for non-RFC 1918 addresses for Private Service Connect endpoints that you use to access Google APIs and services has been fixed.
June 29, 2021
For auto mode VPC networks, added a new subnet 10.190.0.0/20
for the Delhi asia-south2
region. For more information, see Auto mode IP ranges.
June 23, 2021
If you are using Private Service Connect endpoints to access services in another VPC network, and you delete multiple endpoints in a short period of time, one or more of the deletions might fail. To avoid this issue, wait 20 seconds between deletions.
If you are using Private Service Connect endpoints to access services in another VPC network, and you create more endpoints than are allowed by the limit set by the service producer, any endpoints created after the limit is reached have a status of Pending, as expected. However, if you remove endpoints to get below the limit, the status of those endpoints does not change to Accepted.
June 21, 2021
For auto mode VPC networks, added a new subnet 10.192.0.0/20
for the Melbourne australia-southeast2
region. For more information, see Auto mode IP ranges.
June 16, 2021
Private Service Connect endpoints in consumer networks now won't become unresponsive if they are connected to a service attachment that references a load balancer without backend VMs.
June 15, 2021
Bring your own IP (BYOIP) is now available in General Availability.
June 14, 2021
Enabling or disabling PROXY protocol after a Private Service Connect service attachment is created does not change the configuration. However, the status shown in the service attachment details incorrectly shows that the status has changed. To enable or disable PROXY protocol, delete the service attachment and recreate it with the correct PROXY protocol configuration.
June 09, 2021
If you enable PROXY protocol for a Private Service Connect service attachment, the PROXY protocol header value was previously either 0xEA
or 0xE0
. Starting today, the value will always be 0xE0
.
June 04, 2021
The Private Service Connect Published Services tab in the Google Cloud Console now correctly displays service attachments. You can now view and manage service attachments using the Console, the gcloud command-line tool, or the API
When a Private Service Connect consumer endpoint is deleted, the service attachment details now correctly reflects this change.
June 02, 2021
Publishing services and accessing published services using Private Service Connect is now available in Preview.
Private Service Connect service attachment details always show a status of Accepted for consumer endpoints, even if they have a different status. The status is correctly displayed in the consumer endpoint details.
When a Private Service Connect consumer endpoint is deleted, the service attachment details do not reflect this change.
Updating a Private Service Connect service attachment using the PATCH
API method requires that you provide all values in the request body, not just the values that you are updating. This affects Managing access requests for a service and Changing the connection preference for a service.
If you enable PROXY protocol for a Private Service Connect service attachment, the PROXY protocol header value might be 0xEA
or 0xE0
. After General Availability, the value will always be 0xE0
.
If you publish a service using Private Service Connect, and the referenced load balancer does not have any backend VMs, all Private Service Connect endpoints in the consumer network might become unresponsive. Make sure that that all load balancers that are referenced by a service attachment have backend VMs.
If you want to create a Private Service Connect endpoint in a Shared VPC network, the endpoint must be created in the same project that contains the virtual machines (VMs) that send requests to the endpoint.
The Private Service Connect Published Services tab in the Google Cloud Console does not display service attachments. Use the gcloud command-line tool or the API to view and manage service attachments.
May 07, 2021
GRE support for VPC networks is now available in General Availability.
April 14, 2021
Access to Google APIs and services using Private Service Connect is now available in General Availability.
Using non-RFC 1918 addresses for Private Service Connect endpoints results in unexpected costs due to a billing issue. To prevent this issue, avoid using non-RFC 1918 IP addresses and instead use RFC 1918 IP addresses for Private Service Connect endpoints. If you are affected by this issue, contact your account team for remediation.
March 24, 2021
For auto mode VPC networks, added a new subnet 10.186.0.0/20
for the Warsaw europe-central2
region. For more information, see Auto mode IP ranges.
The ability to connect VM interfaces other than nic0 to a Shared VPC is now available in General Availability for instance templates and managed instance groups. This feature is available in the gcloud
command-line tool and the API.
March 18, 2021
Serverless VPC Access support for Shared VPC is now available in General availability.
February 26, 2021
Hierarchical firewall policies are now available in General Availability.
February 23, 2021
The ability to connect VM interfaces other than nic0 to a Shared VPC is now available in General Availability. This feature presently only GA for individual VM instances. Support for instance templates and managed instance groups is still Preview.
January 11, 2021
Support for 1500 MTU for Cloud Interconnect is now available in General Availability.
December 16, 2020
Access to Google APIs and services using Private Service Connect is now available in Preview.
DNS peering for private services access is now available in General Availability.
December 15, 2020
The ability to connect VM interfaces other than nic0 to a Shared VPC is now available in Preview. This feature presently only works with individual VM instances, not with instance templates or managed instance groups.
December 07, 2020
Packet Mirroring direction control is now available in General Availability.
DNS peering for private services access is now available in Preview.
October 15, 2020
Support for 1500 MTU in VPC networks is now available in General Availability.
September 02, 2020
Firewall Rules Logging metadata controls is now available in General Availability.
August 13, 2020
GRE support for VPC networks is now available in Beta.
July 23, 2020
Serverless VPC Access support for Shared VPC is now available in Beta.
June 12, 2020
Firewall Rules Logging metadata controls is now available in Beta.
June 08, 2020
For auto mode VPC networks, added a new subnet 10.184.0.0/20
for the Jakarta asia-southeast2
region. For more information, see Auto mode IP ranges.
June 03, 2020
Hierarchical firewall policies are now available in Beta.
May 29, 2020
GKE annotations and advanced controls for VPC Flow Logs is now available in General Availability.
May 18, 2020
Subnets in VPC networks now support IP addresses other than RFC 1918 addresses. For more information, see Subnet ranges.
April 29, 2020
Google Cloud now encrypts VPC traffic within the boundaries of the data centers in asia-east2. We will roll out this feature gradually to other regions. Google Cloud already encrypts VPC traffic between all data centers as described in Encryption in Transit in Google Cloud.
April 24, 2020
Private Google Access for on-premises hosts permits on-premises hosts to send traffic from any internal IP addresses, not just RFC 1918 addresses. This feature is now Generally Available.
April 20, 2020
For auto mode VPC networks, added a new subnet 10.182.0.0/20
for the Las Vegas us-west4
region. For more information, see Auto mode IP ranges.
Packet Mirroring pricing will come into effect from June 20, 2020. There is no charge for Packet Mirroring until that time.
March 03, 2020
Packet MIrroring is now available in General Availability.
February 24, 2020
For auto mode VPC networks, added a new subnet 10.180.0.0/20
for the Salt Lake City us-west3
region. For more information, see Auto mode IP ranges.
January 24, 2020
For auto mode VPC networks, added a new subnet 10.178.0.0/20
for the Seoul asia-northeast3
region. For more information, see Auto mode IP ranges.
January 01, 2020
Google now charges for static external IPv4 addresses that are in use, except for ones that are used by forwarding rules. For more information, see the Network pricing.
December 19, 2019
Private Google Access for on-premises hosts now permits on-premises hosts to send traffic from any internal IP addresses, not just RFC 1918 addresses. This feature is now available in Beta.
December 11, 2019
Serverless VPC Access is now Generally Available.
November 22, 2019
Virtual machines with 2 or 4 vCPUs now have a maximum egress rate of 10 Gbps. This feature is Generally Available. For more information, see Machine types in the Compute Engine documentation.
November 18, 2019
The private.googleapis.com
virtual IP address range for Private Google Access for on-premises hosts is Generally Available.
November 13, 2019
For VPC Network Peering, importing and exporting custom routes are now General Available.
Packet MIrroring is now available in Beta.
September 23, 2019
The quotas for subnet ranges per network and per peering group have changed.
September 20, 2019
VPC Flow Logs log volume reduction is now available in General Availability.
August 13, 2019
The private.googleapis.com
virtual IP address range for Private Google Access for on-premises hosts is in Beta.
June 19, 2019
The increased egress rate of 32Gbps of network I/O for virtual machines that use either the Skylake CPU platform or ultramem machine types, is now available in General Availability.
April 09, 2019
Serverless VPC Access is now available in Beta.
April 05, 2019
You can get up to 32Gbps of network I/O for virtual machines that use either the Skylake CPU platform or ultramem machine types. This increased egress rate is now available in Beta.
April 04, 2019
VPC Flow Logs log volume reduction is now available in Beta.
April 01, 2019
For VPC Network Peering, importing and exporting custom routes is now available in Beta.
March 27, 2019
Private services access is now available in General Availability.
February 07, 2019
You can disable the default network creation for new projects. You must create an organization policy and add the compute.skipDefaultNetworkCreation
constraint.
February 01, 2019
The private access option for on-premises hosts is now Generally Available. On-premises hosts with only private IP addresses can access Google APIs through a Cloud VPN or Cloud Interconnect connections (hybrid connectivity scenarios).
January 24, 2019
The IPv4Range field for creating legacy networks is now deprecated and will shut down on June 1, 2021.
January 09, 2019
Firewall rules logging is now available in General Availability.
December 20, 2018
IP address allocation for private services access is now available in General Availability.
October 19, 2018
Private Google Access for on-premises hosts is now available in Beta. On-premises hosts with only private IP addresses can now access Google APIs through Cloud VPN or Cloud Interconnect connections (hybrid connectivity scenarios).
September 26, 2018
Private services access provides a private connection between your VPC network and a network owned by Google or a third party. Private services access is in Beta.
September 18, 2018
Firewall rules logging is now available in Beta.
September 05, 2018
The ability to Disable firewall rules is now available in General Availability.
July 31, 2018
In Shared VPC service projects, listing usable subnets in the host project is now available in General Availability.
June 28, 2018
VPC Flow Logs are now available in General Availability.
May 09, 2018
Folder support for Shared VPC is now available in Beta.
May 01, 2018
The ability to Disable firewall rules is now available in Beta.
April 23, 2018
Add/Delete Alias IP Ranges is now available in General Availability.
March 29, 2018
VPC Flow Logs are now available in Beta.
November 13, 2017
VPC Networks documentation has moved to https://cloud.google.com/vpc/docs.
September 05, 2017
Alias IP Ranges allows you to assign additional IP addresses to a VM instance. These addresses can be used by containers running on the VM. Alias IP Ranges is now available in General Availability.
Firewall Rules egress and deny rules allows you to create firewall rules that govern egress as well as ingress traffic. You can now also create deny rules and you can prioritize the order in which rules are evaluated. Firewall Rules egress and deny rules is now available in General Availability.
August 18, 2017
Multiple Network Interfaces allows a VM instance to have more than one virtual network interfaces. Each interface must point to a different VPC network. Multiple Network Interfaces is now available in General Availability.
August 11, 2017
Add support for specifying a static internal IP to Beta. See Reserving a Static Internal IP Address for more information.
July 14, 2017
VPC Network Peering allows you to peer VPC networks, even networks in different organizations, so that the networks can communicate with each other using internal IP addresses. VPC Network Peering is now available in General Availability.
June 21, 2017
Multiple Network Interfaces allows a VM instance to have more than one virtual network interface. Each interface must point to a different VPC network. Multiple Network Interfaces is now available in Beta.
June 07, 2017
Shared VPC (Previously Cross-Project Networking (XPN)) is now available in General Availability.
May 22, 2017
Alias IP Ranges allows you to assign additional IP addresses to a VM instance. These addresses can be used by containers running on the VM. Alias IP Ranges is now available in Beta.
May 08, 2017
VPC Network Peering allows you to peer VPC networks, even networks in different organizations, so that the networks can communicate with each other using internal IP addresses. VPC Network Peering is now available in Beta.
May 04, 2017
Private Google Access allows Compute Engine VM instances to access Google APIs using an internal IP address only. Private Google Access is now available in General Availability.
May 01, 2017
Decoupled labels and tags so that creating either a label or a tag will not create the opposing resource. For example, creating a label will no longer create a tag and vice-versa. For more information, read Relationship between instance labels and network tags.
You can now find information about network tags in the VPC networking documentation.
April 17, 2017
Firewall Rules egress and deny rules allows you to create firewall rules that govern egress as well as ingress traffic. You can now also create deny rules and you can prioritize the order in which rules are evaluated. Firewall Rules egress and deny rules is now available in Beta.
March 09, 2017
Shared VPC allows you to share a VPC network with other GCP projects. Shared VPC is now available in Beta.
March 07, 2017
Private Google Access allows Compute Engine VM instances to access Google APIs using an internal IP address only. Private Google Access is now available in Beta.
December 21, 2016
Added ICMP support for forwarding rules.
May 11, 2016
The following VPC IAM roles are now generally available: roles/compute.networkAdmin
, roles/compute.securityAdmin
, roles/iam.serviceAccountActor
For more information, read the IAM documentation.
November 04, 2014
Lowered network pricing. See Network pricing for more information.
May 05, 2014
Updated default firewall rule names. Default firewall rules are automatically created with every project. These rules were previously named default-internal
and default-ssh
. New projects will have the same default firewalls but with the following new names:
default-allow-internal
- Allows network connections of any protocol and port between any two instances.default-allow-ssh
- Allows TCP connections from any source to any instance on the network, over port 22.
Introduced new default firewall rule that will be created with each new project.
default-allow-icmp
- Allows ICMP traffic from any source to any instance on the network.
December 17, 2013
Released new Protocol Forwarding feature. Forwarding rules allows you to forward traffic to a single virtual machine instance, using a target.instance. Protocol forwarding provides support for these additional features:
AH
: IP Authentication Header protocolESP
: IP Encapsulating Security Payload protocolSCTP
: Stream Control Transmission protocol
Added support for new Target Instance resources, which allows for non-NAT'ed traffic to be forwarded to a single virtual machine instance. See Forwarding rules for more information.