Release notes

This page contains release notes for features and updates to Google Cloud Platform VPC networking.

You can see the latest product updates for all of Google Cloud on the Google Cloud page, browse and filter all release notes in the Google Cloud Console, or you can programmatically access release notes in BigQuery.

To get the latest product updates delivered to you, add the URL of this page to your feed reader, or add the feed URL directly: https://cloud.google.com/feeds/vpc-release-notes.xml

October 12, 2021

Using Private Service Connect to publish services that are hosted on the backends of an internal HTTP(S) load balancer is now Generally Available.

Accessing published services using a Private Service Connect endpoint is now available from on-premises hosts that are connected to a VPC network using Cloud VPN. This feature is available in Preview.

Connectivity from on-premises hosts to a Private Service Connect endpoint that is used to access published services might not establish for some existing Cloud VPN connections. As a workaround, recreate the VPN gateway and the VPN tunnels.

Connectivity from on-premises hosts to a Private Service Connect endpoint that is used to access published services does not establish if the service is published with explicit project approval. As a workaround, ask the service producer to publish the service with automatic project approval.

October 04, 2021

The number of Private Service Connect endpoints that are connected to a service attachment is now correctly adjusted when an endpoint is deleted.

If you are using Private Service Connect endpoints to access services in another VPC network, and you create more endpoints than are allowed by the limit set by the service producer, any endpoints created after the limit is reached have a status of Pending, as expected. Now, if you remove endpoints to get below the limit, the status of those endpoints correctly changes to Accepted.

September 16, 2021

Enabling or disabling PROXY protocol after a Private Service Connect service attachment is created now correctly changes the configuration.

September 14, 2021

Full control over which protocols are mirrored by Packet Mirroring is now available in General Availability.

August 25, 2021

Private Service Connect service attachment deletions are now logged in Cloud Logging.

August 23, 2021

August 17, 2021

If you are using Private Service Connect endpoints to access services in another VPC network, deleting an endpoint no longer fails if you try to delete multiple endpoints in a short period of time.

August 03, 2021

For auto mode VPC networks, added a new subnet 10.188.0.0/20 for the Toronto northamerica-northeast2 region. For more information, see Auto mode IP ranges.

July 28, 2021

Publishing services and accessing published services using Private Service Connect is now available in General Availability.

If you are using Private Service Connect to publish or consume services, the following items are not logged in Cloud Logging: changes in endpoint status, and service attachment deletions.

The number of Private Service Connect endpoints that are connected to a service attachment is not adjusted when an endpoint is deleted. See workaround information.

July 20, 2021

External IPv6 addresses for VM instances is now available in General Availability in supported regions.

July 14, 2021

Private Service Connect service attachment details now correctly shows the status for consumer endpoints. Consumer endpoints can have a status other than Accepted.

If you're creating a Private Service Connect endpoint in a Shared VPC network, the endpoint no longer needs to be in the same project that contains the virtual machines (VMs) that send requests to the endpoint.

June 30, 2021

Deleting a private services access connection now also removes configurations created by the service producer, if Google is the service producer (for example, Cloud SQL). The improved deletion process simplifies administration if you delete a private services access connection, but later want to recreate it. This feature is now available in General Availability.

The billing issue for non-RFC 1918 addresses for Private Service Connect endpoints that you use to access Google APIs and services has been fixed.

June 29, 2021

For auto mode VPC networks, added a new subnet 10.190.0.0/20 for the Delhi asia-south2 region. For more information, see Auto mode IP ranges.

June 23, 2021

If you are using Private Service Connect endpoints to access services in another VPC network, and you delete multiple endpoints in a short period of time, one or more of the deletions might fail. To avoid this issue, wait 20 seconds between deletions.

If you are using Private Service Connect endpoints to access services in another VPC network, and you create more endpoints than are allowed by the limit set by the service producer, any endpoints created after the limit is reached have a status of Pending, as expected. However, if you remove endpoints to get below the limit, the status of those endpoints does not change to Accepted.

June 21, 2021

For auto mode VPC networks, added a new subnet 10.192.0.0/20 for the Melbourne australia-southeast2 region. For more information, see Auto mode IP ranges.

June 16, 2021

Private Service Connect endpoints in consumer networks now won't become unresponsive if they are connected to a service attachment that references a load balancer without backend VMs.

June 15, 2021

Bring your own IP (BYOIP) is now available in General Availability.

June 14, 2021

Enabling or disabling PROXY protocol after a Private Service Connect service attachment is created does not change the configuration. However, the status shown in the service attachment details incorrectly shows that the status has changed. To enable or disable PROXY protocol, delete the service attachment and recreate it with the correct PROXY protocol configuration.

June 09, 2021

If you enable PROXY protocol for a Private Service Connect service attachment, the PROXY protocol header value was previously either 0xEA or 0xE0. Starting today, the value will always be 0xE0.

June 04, 2021

The Private Service Connect Published Services tab in the Google Cloud Console now correctly displays service attachments. You can now view and manage service attachments using the Console, the gcloud command-line tool, or the API

When a Private Service Connect consumer endpoint is deleted, the service attachment details now correctly reflects this change.

June 02, 2021

Private Service Connect service attachment details always show a status of Accepted for consumer endpoints, even if they have a different status. The status is correctly displayed in the consumer endpoint details.

When a Private Service Connect consumer endpoint is deleted, the service attachment details do not reflect this change.

Updating a Private Service Connect service attachment using the PATCH API method requires that you provide all values in the request body, not just the values that you are updating. This affects Managing access requests for a service and Changing the connection preference for a service.

If you enable PROXY protocol for a Private Service Connect service attachment, the PROXY protocol header value might be 0xEA or 0xE0. After General Availability, the value will always be 0xE0.

If you publish a service using Private Service Connect, and the referenced load balancer does not have any backend VMs, all Private Service Connect endpoints in the consumer network might become unresponsive. Make sure that that all load balancers that are referenced by a service attachment have backend VMs.

If you want to create a Private Service Connect endpoint in a Shared VPC network, the endpoint must be created in the same project that contains the virtual machines (VMs) that send requests to the endpoint.

The Private Service Connect Published Services tab in the Google Cloud Console does not display service attachments. Use the gcloud command-line tool or the API to view and manage service attachments.

May 07, 2021

GRE support for VPC networks is now available in General Availability.

April 14, 2021

Access to Google APIs and services using Private Service Connect is now available in General Availability.

Using non-RFC 1918 addresses for Private Service Connect endpoints results in unexpected costs due to a billing issue. To prevent this issue, avoid using non-RFC 1918 IP addresses and instead use RFC 1918 IP addresses for Private Service Connect endpoints. If you are affected by this issue, contact your account team for remediation.

March 24, 2021

For auto mode VPC networks, added a new subnet 10.186.0.0/20 for the Warsaw europe-central2 region. For more information, see Auto mode IP ranges.

The ability to connect VM interfaces other than nic0 to a Shared VPC is now available in General Availability for instance templates and managed instance groups. This feature is available in the gcloud command-line tool and the API.

March 18, 2021

Serverless VPC Access support for Shared VPC is now available in General availability.

February 26, 2021

Hierarchical firewall policies are now available in General Availability.

February 23, 2021

The ability to connect VM interfaces other than nic0 to a Shared VPC is now available in General Availability. This feature presently only GA for individual VM instances. Support for instance templates and managed instance groups is still Preview.

January 11, 2021

Support for 1500 MTU for Cloud Interconnect is now available in General Availability.

December 16, 2020

Access to Google APIs and services using Private Service Connect is now available in Preview.

DNS peering for private services access is now available in General Availability.

December 15, 2020

The ability to connect VM interfaces other than nic0 to a Shared VPC is now available in Preview. This feature presently only works with individual VM instances, not with instance templates or managed instance groups.

December 07, 2020

Packet Mirroring direction control is now available in General Availability.

DNS peering for private services access is now available in Preview.

October 15, 2020

Support for 1500 MTU in VPC networks is now available in General Availability.

September 02, 2020

Firewall Rules Logging metadata controls is now available in General Availability.

August 13, 2020

GRE support for VPC networks is now available in Beta.

July 23, 2020

Serverless VPC Access support for Shared VPC is now available in Beta.

June 12, 2020

Firewall Rules Logging metadata controls is now available in Beta.

June 08, 2020

For auto mode VPC networks, added a new subnet 10.184.0.0/20 for the Jakarta asia-southeast2 region. For more information, see Auto mode IP ranges.

June 03, 2020

Hierarchical firewall policies are now available in Beta.

May 29, 2020

GKE annotations and advanced controls for VPC Flow Logs is now available in General Availability.

May 18, 2020

Subnets in VPC networks now support IP addresses other than RFC 1918 addresses. For more information, see Subnet ranges.

April 29, 2020

Google Cloud now encrypts VPC traffic within the boundaries of the data centers in asia-east2. We will roll out this feature gradually to other regions. Google Cloud already encrypts VPC traffic between all data centers as described in Encryption in Transit in Google Cloud.

April 24, 2020

Private Google Access for on-premises hosts permits on-premises hosts to send traffic from any internal IP addresses, not just RFC 1918 addresses. This feature is now Generally Available.

April 20, 2020

For auto mode VPC networks, added a new subnet 10.182.0.0/20 for the Las Vegas us-west4 region. For more information, see Auto mode IP ranges.

Packet Mirroring pricing will come into effect from June 20, 2020. There is no charge for Packet Mirroring until that time.

March 03, 2020

Packet MIrroring is now available in General Availability.

February 24, 2020

For auto mode VPC networks, added a new subnet 10.180.0.0/20 for the Salt Lake City us-west3 region. For more information, see Auto mode IP ranges.

January 24, 2020

For auto mode VPC networks, added a new subnet 10.178.0.0/20 for the Seoul asia-northeast3 region. For more information, see Auto mode IP ranges.

January 01, 2020

Google now charges for static external IPv4 addresses that are in use, except for ones that are used by forwarding rules. For more information, see the Network pricing.

December 19, 2019

Private Google Access for on-premises hosts now permits on-premises hosts to send traffic from any internal IP addresses, not just RFC 1918 addresses. This feature is now available in Beta.

December 11, 2019

Serverless VPC Access is now Generally Available.

November 22, 2019

Virtual machines with 2 or 4 vCPUs now have a maximum egress rate of 10 Gbps. This feature is Generally Available. For more information, see Machine types in the Compute Engine documentation.

November 18, 2019

The private.googleapis.com virtual IP address range for Private Google Access for on-premises hosts is Generally Available.

November 13, 2019

For VPC Network Peering, importing and exporting custom routes are now General Available.

Packet MIrroring is now available in Beta.

September 23, 2019

The quotas for subnet ranges per network and per peering group have changed.

September 20, 2019

VPC Flow Logs log volume reduction is now available in General Availability.

August 13, 2019

The private.googleapis.com virtual IP address range for Private Google Access for on-premises hosts is in Beta.

June 19, 2019

The increased egress rate of 32Gbps of network I/O for virtual machines that use either the Skylake CPU platform or ultramem machine types, is now available in General Availability.

April 09, 2019

Serverless VPC Access is now available in Beta.

April 05, 2019

You can get up to 32Gbps of network I/O for virtual machines that use either the Skylake CPU platform or ultramem machine types. This increased egress rate is now available in Beta.

April 04, 2019

VPC Flow Logs log volume reduction is now available in Beta.

April 01, 2019

For VPC Network Peering, importing and exporting custom routes is now available in Beta.

March 27, 2019

Private services access is now available in General Availability.

February 07, 2019

You can disable the default network creation for new projects. You must create an organization policy and add the compute.skipDefaultNetworkCreation constraint.

February 01, 2019

The private access option for on-premises hosts is now Generally Available. On-premises hosts with only private IP addresses can access Google APIs through a Cloud VPN or Cloud Interconnect connections (hybrid connectivity scenarios).

January 24, 2019

The IPv4Range field for creating legacy networks is now deprecated and will shut down on June 1, 2021.

January 09, 2019

Firewall rules logging is now available in General Availability.

December 20, 2018

IP address allocation for private services access is now available in General Availability.

October 19, 2018

Private Google Access for on-premises hosts is now available in Beta. On-premises hosts with only private IP addresses can now access Google APIs through Cloud VPN or Cloud Interconnect connections (hybrid connectivity scenarios).

September 26, 2018

Private services access provides a private connection between your VPC network and a network owned by Google or a third party. Private services access is in Beta.

September 18, 2018

Firewall rules logging is now available in Beta.

September 05, 2018

The ability to Disable firewall rules is now available in General Availability.

July 31, 2018

In Shared VPC service projects, listing usable subnets in the host project is now available in General Availability.

June 28, 2018

VPC Flow Logs are now available in General Availability.

May 09, 2018

Folder support for Shared VPC is now available in Beta.

May 01, 2018

The ability to Disable firewall rules is now available in Beta.

April 23, 2018

Add/Delete Alias IP Ranges is now available in General Availability.

March 29, 2018

VPC Flow Logs are now available in Beta.

November 13, 2017

VPC Networks documentation has moved to https://cloud.google.com/vpc/docs.

September 05, 2017

Alias IP Ranges allows you to assign additional IP addresses to a VM instance. These addresses can be used by containers running on the VM. Alias IP Ranges is now available in General Availability.

Firewall Rules egress and deny rules allows you to create firewall rules that govern egress as well as ingress traffic. You can now also create deny rules and you can prioritize the order in which rules are evaluated. Firewall Rules egress and deny rules is now available in General Availability.

August 18, 2017

Multiple Network Interfaces allows a VM instance to have more than one virtual network interfaces. Each interface must point to a different VPC network. Multiple Network Interfaces is now available in General Availability.

August 11, 2017

Add support for specifying a static internal IP to Beta. See Reserving a Static Internal IP Address for more information.

July 14, 2017

VPC Network Peering allows you to peer VPC networks, even networks in different organizations, so that the networks can communicate with each other using internal IP addresses. VPC Network Peering is now available in General Availability.

June 21, 2017

Multiple Network Interfaces allows a VM instance to have more than one virtual network interface. Each interface must point to a different VPC network. Multiple Network Interfaces is now available in Beta.

June 07, 2017

Shared VPC (Previously Cross-Project Networking (XPN)) is now available in General Availability.

May 22, 2017

Alias IP Ranges allows you to assign additional IP addresses to a VM instance. These addresses can be used by containers running on the VM. Alias IP Ranges is now available in Beta.

May 08, 2017

VPC Network Peering allows you to peer VPC networks, even networks in different organizations, so that the networks can communicate with each other using internal IP addresses. VPC Network Peering is now available in Beta.

May 04, 2017

Private Google Access allows Compute Engine VM instances to access Google APIs using an internal IP address only. Private Google Access is now available in General Availability.

May 01, 2017

Decoupled labels and tags so that creating either a label or a tag will not create the opposing resource. For example, creating a label will no longer create a tag and vice-versa. For more information, read Relationship between instance labels and network tags.

You can now find information about network tags in the VPC networking documentation.

April 17, 2017

Firewall Rules egress and deny rules allows you to create firewall rules that govern egress as well as ingress traffic. You can now also create deny rules and you can prioritize the order in which rules are evaluated. Firewall Rules egress and deny rules is now available in Beta.

March 09, 2017

Shared VPC allows you to share a VPC network with other GCP projects. Shared VPC is now available in Beta.

March 07, 2017

Private Google Access allows Compute Engine VM instances to access Google APIs using an internal IP address only. Private Google Access is now available in Beta.

December 21, 2016

Added ICMP support for forwarding rules.

May 11, 2016

The following VPC IAM roles are now generally available: roles/compute.networkAdmin, roles/compute.securityAdmin, roles/iam.serviceAccountActor

For more information, read the IAM documentation.

November 04, 2014

Lowered network pricing. See Network pricing for more information.

May 05, 2014

Updated default firewall rule names. Default firewall rules are automatically created with every project. These rules were previously named default-internal and default-ssh. New projects will have the same default firewalls but with the following new names:

  • default-allow-internal - Allows network connections of any protocol and port between any two instances.
  • default-allow-ssh - Allows TCP connections from any source to any instance on the network, over port 22.

Introduced new default firewall rule that will be created with each new project.

  • default-allow-icmp - Allows ICMP traffic from any source to any instance on the network.

December 17, 2013

Released new Protocol Forwarding feature. Forwarding rules allows you to forward traffic to a single virtual machine instance, using a target.instance. Protocol forwarding provides support for these additional features:

Added support for new Target Instance resources, which allows for non-NAT'ed traffic to be forwarded to a single virtual machine instance. See Forwarding rules for more information.