Reserve a static external IP address

You can reserve static external IP addresses. You can also list and release your reserved static external IP addresses. To assign a static external IP address to a virtual machine (VM) instance, see Configure static external IP addresses.

External IP addresses can be static or ephemeral. If a VM requires a fixed external IP address that does not change, you can obtain a static external IP address. You can reserve new external IP addresses or promote existing ephemeral external IP addresses.

If you require a static internal IP address, see Reserve a static internal IP address instead.

Before you begin

  • Read about IP addresses.
  • Read about quotas and limits for static external IP addresses.
  • Read about external IP address pricing.
  • If you haven't already, set up authentication. Authentication is the process by which your identity is verified for access to Google Cloud services and APIs. To run code or samples from a local development environment, you can authenticate as follows.

    Select the tab for how you plan to use the samples on this page:

    Console

    When you use the Google Cloud console to access Google Cloud services and APIs, you don't need to set up authentication.

    gcloud

    Install the Google Cloud CLI, then initialize it by running the following command: 

    gcloud init

    Terraform

    To use the Terraform samples on this page from a local development environment, install and initialize the gcloud CLI, and then set up Application Default Credentials with your user credentials.

    1. Install the Google Cloud CLI.

    2. To initialize the gcloud CLI, run the following command: 

      gcloud init

    3. Create local authentication credentials for your Google Account: 

      gcloud auth application-default login

    For more information, see Set up authentication for a local development environment in the Google Cloud authentication documentation.

    REST

    To use the REST API samples on this page in a local development environment, you use the credentials you provide to the gcloud CLI.

      Install the Google Cloud CLI, then initialize it by running the following command: 

      gcloud init

Required roles

To get the permissions that you need to reserve and manage static IP addresses, ask your administrator to grant you the Compute Network Admin (roles/compute.networkAdmin) IAM role on your project. For more information about granting roles, see Manage access.

This predefined role contains the permissions required to reserve and manage static IP addresses. To see the exact permissions that are required, expand the Required permissions section:

Required permissions

The following permissions are required to reserve and manage static IP addresses:

  • compute.addresses.create on the IP address
  • compute.addresses.createInternal on the IP address
  • compute.networks.list on the network
  • compute.subnetworks.use on the subnet
  • compute.subnetworks.list on the subnet

You might also be able to get these permissions with custom roles or other predefined roles.

About static external IP addresses

A static external IP address is the IP address that is reserved for your resource until you decide to release it. If you have an IP address that your customers or users rely on to access your service, you can reserve that IP address so that only your resource can use it. You can also promote an ephemeral external IP address to a static external IP address.

For more information, see IP addresses.

The following table lists the static external IP addresses supported by Google Cloud.

IP address type Resource IP range Source Associated with
Regional external IPv4 addresses VMs and regional load balancers /32 Google's pool of external IP addresses Project
Regional external IPv6 addresses VMs and supported regional load balancers /96 Subnet's external IPv6 address range Subnet
Global external IPv4 addresses Global load balancers /32 Google's pool of external IP addresses Project
Global external IPv6 addresses Global load balancers /64 Google's pool of external IP addresses Project

For a list of regional and global load balancers, see the Summary of load balancer types.

Limitations

  • Only one resource at a time can use a static external IP address.

  • There is no way to check whether an IP address is static or ephemeral after it has been assigned to a resource. You can compare the IP address against the list of static external IP addresses reserved to that project. Use the gcloud compute addresses list sub-command to see a list of static external IP addresses available to the project.

  • Each VM can have multiple network interfaces, and each interface can have the following IP addresses assigned:

    • An internal IPv4 address (required)
    • An external IPv4 address
    • A /96 IPv6 address range, either internal or external, but not both

  • You cannot change the name of a static IP address.

  • Assigned external IP addresses exist on the same physical host as the VM and exist in the same region as the VM for all purposes, including routing, latency, and pricing. This is true regardless of internet geolocation lookup information.

Note: Network interfaces can receive traffic from multiple forwarding rules, which might serve other external IP addresses. Any number of external IP addresses can reference a network interface through these forwarding rules, but each network interface can be assigned only one external IPv4 address and one external /96 IPv6 address range.

For more information about load balancing and forwarding rules, read the load balancing documentation.

Reserve a new static external IP address

After reserving the address, assign it to a new VM while creating it or to an existing VM.

Console

  1. In the Google Cloud console, go to the IP addresses page.

    Go to IP addresses

  2. Click Reserve external static IP address.
  3. In the Name field, enter an IP address name.
  4. Specify whether the network service tier is Premium or Standard. IPv6 static address reservation is supported only in the Premium tier.
  5. Specify whether it is an IPv4 or IPv6 address.
  6. Specify whether this IP address is Regional or Global.
    • If you are reserving a static IP address for a global load balancer, choose Global and then click Reserve.
    • If you are reserving a static IP address for a VM or for a regional load balancer, choose Regional, and then select the region to create the address in.

  7. If you are reserving a regional external IPv6 address, then also choose the following:

    • Network: the VPC network
    • Subnetwork: the subnet from which to assign the static regional IPv6 address
    • Endpoint type: choose VM instance or Network Load Balancer

  8. Optional: If you are reserving the static external IP address for a VM, then in the Attached to list, select a VM to attach the IP address to.

  9. Click Reserve to reserve the IP address.

gcloud

To reserve a static external IP address, use the gcloud compute addresses create command.

Use the following instructions to reserve a static external IPv4 or IPv6 address:

Global IP address

To reserve a global IP address: 
  gcloud compute addresses create ADDRESS_NAME \
      --global \
      --ip-version [IPV4 | IPV6]

Regional external IPv4 address

To reserve a regional external IPv4 address: 
   gcloud compute addresses create ADDRESS_NAME \
       --region=REGION

Regional external IPv6 address

To reserve a regional external IPv6 address: 
   gcloud compute addresses create ADDRESS_NAME \
       --region=REGION \
       --subnet=SUBNET_NAME \
       --ip-version=IPV6 \
       --endpoint-type=[VM | NETLB]

Replace the following:

  • ADDRESS_NAME: the name that you want to associate with this address.
  • REGION: for regional external IP addresses, specify the region where you want to reserve this address. This region should be the same region as the resource that you want to attach the IP address to.
  • SUBNET_NAME: for regional external IPv6 addresses, specify the subnet to assign the static regional IPv6 address from. The subnet must have an assigned external IPv6 address range.
  • [IPV4 | IPV6]: for global IP addresses, specify the IP version, either IPv4 or IPv6. For regional external IPv6 addresses, specify IPv6. A /96 IPv6 range is assigned from the specified subnet.
  • VM | NETLB: for regional external IPv6 addresses, specify the endpoint type; whether it's a VM or a network load balancer.

To view the result, use the gcloud compute addresses describe command:

gcloud compute addresses describe ADDRESS_NAME

Terraform

You can use the google_compute_address resource to create a regional external IP address.

resource "google_compute_address" "default" {
  name   = "my-test-static-ip-address"
  region = "us-central1"
}

The following sample shows how to use the google_compute_global_address resource to create a global external IPv6 address:

resource "google_compute_global_address" "default" {
  project      = var.project_id # Replace this with your service project ID in quotes
  name         = "ipv6-address"
  address_type = "EXTERNAL"
  ip_version   = "IPV6"
}

API

  • To create a regional IPv4 address, call the regional addresses.insert method:

    POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/regions/REGION/addresses

    Your request body should contain the following:

    {
  "name": "ADDRESS_NAME"
}

    Replace the following:

    • PROJECT_ID: the project ID for this request
    • REGION: the name of the region for this request
    • ADDRESS_NAME: the name that you want to associate with the address

  • For global static IPv4 addresses, call the globalAddresses.insert method:

    POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/global/addresses

    Your request body should contain the following:

    {
  "name": "ADDRESS_NAME"
}

  • For global static IPv6 addresses, call the globalAddresses.insert method:

    POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/global/addresses

    Your request body should contain the following:

    {
  "name": "ADDRESS_NAME",
  "ipVersion": "IPV6"
}

    To see the result, use the addresses.get method.

  • For regional static IPv6 addresses, call the addresses.insert method:

    POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/regions/REGION/addresses

    Your request body should contain the following:

    {
  "name": "ADDRESS_NAME",
  "ipVersion": "IPV6",
  "ipv6EndpointType": "VM|LB",
  "networkTier": "PREMIUM",
  "subnetwork": "SUBNET"
}

    Replace SUBNET with the subnet for this project.

    To see the result, use the addresses.get method.

Promote an ephemeral external IP address

If your VM has an ephemeral external IP address and you want to permanently assign the IP address to your project, promote the ephemeral external IP address to a static external IP address. Promoting an ephemeral external IP address to reserved does not cause Google Cloud to drop packets sent to the VM. This includes packets sent to the VM directly or by means of a load balancer.

Console

  1. Go to the IP addresses page.

    Go to IP addresses

  2. Click External IP addresses.
  3. Optional: In the Filter field, search for the ephemeral IP address that you want to promote.
  4. In the More actions menu () of the IP address that you want to promote, select Promote to static IP address.
  5. Enter a name for the new static IP address, and then click Reserve.

gcloud

Use the following instructions to promote a static external IPv4 or IPv6 address:

  • To promote an ephemeral external IPv4 address to a static external IPv4 address, provide the ephemeral external IP address by using the --addresses flag with the compute addresses create command. Use the region flag to promote an ephemeral regional IP address or the global flag to promote an ephemeral global IP address.

    gcloud compute addresses create ADDRESS_NAME --addresses=IP_ADDRESS \
    [--region=REGION | --global]

    Replace the following:

    • ADDRESS_NAME: the name that you want to associate with this address.
    • IP_ADDRESS: the IP address that you want to promote.

    • REGION: the region that the regional IP address belongs to.

    • To promote an ephemeral regional external IPv6 address to a static regional external IPv6 address, provide the ephemeral external IP address by using the --addresses flag with the compute addresses create command.

    gcloud compute addresses create ADDRESS_NAME \
    --region=REGION \
    --addresses=IPV6_ADDRESS \
    --prefix-length=96

    Replace the following:

    • ADDRESS_NAME: a name for the IP address resource.
    • REGION: the region for the IPv6 address resource.
    • IPV6_ADDRESS: the IPv6 address that you're promoting.

API

To promote an ephemeral regional IP address, call the addresses.insert method:

POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/regions/REGION/addresses

To promote an ephemeral global IP address, make a POST request to the following URI:

POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/global/addresses

Specify the values for the required fields of the request body:

  • For IPv4 addresses, your request body should contain the following fields:

    {
  "name": "ADDRESS_NAME",
  "address": "IPV4_ADDRESS"
  "addressType": "EXTERNAL"
}

  • For IPv6 addresses, your request body should contain the following fields:

    {
  "name": "ADDRESS_NAME",
  "address": "IPV6_ADDRESS"
  "prefixLength": 96
  "addressType": "EXTERNAL"
}

    Replace the following:

    • ADDRESS_NAME: the name that you want to associate with this address
    • IPV4_ADDRESS|IPV6_ADDRESS: the IPv4 or IPv6 address that you want to promote
    • REGION: the region that the IPv4 or IPv6 address belongs to
    • PROJECT_ID: the project ID for this request

The external IP address remains attached to the VM even after it has been promoted to a static external IP address. If you need to assign the newly promoted static external IP address to another resource, unassign the static external IP address from the existing VM.

List static external IP addresses

To list static external IP addresses that you have reserved for your project, follow these steps.

Console

  1. In the Google Cloud console, go to the IP addresses page.

    Go to IP addresses

  2. Click External IP addresses.

gcloud

Use the gcloud compute addresses list command:

  • To list all IP addresses, use the following command:

    gcloud compute addresses list

  • To list all global IP addresses, use the following command:

    gcloud compute addresses list --global

  • To list all regional IP addresses in a given region, use the following command:

    gcloud compute addresses list \
    --regions=REGION

    Replace REGION with the region that you want to list addresses for. You can list addresses of multiple regions by specifying comma-separated region names:

    gcloud compute addresses list \
    --regions=REGION1,REGION2,..REGION_n_

API

  • To list regional IPv4 or IPv6 addresses, call the addresses.list method:

    GET https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/regions/REGION/addresses

    Replace the following:

    • PROJECT_ID: the project ID for this request
    • REGION: the name of the region for this request

  • To list all addresses in all regions, call the addresses.aggregatedList method:

    GET https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/aggregated/addresses

  • To list global IPv4 or IPv6 addresses, call the globalAddresses.list method:

    GET https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/global/addresses

    Replace the following:

    PROJECT_ID: the project ID for this request

Describe a static external IP address

To get information about a static external IP address, follow these steps.

Console

  1. In the Google Cloud console, go to the IP addresses page.

    Go to IP addresses

  2. Click External IP addresses.

  3. Click the IP address that you want to get more information about.

gcloud

Use the gcloud compute addresses describe command. Replace ADDRESS_NAME with the name of the external IP address that you want to describe.

  • For a global IPv4 or IPv6 address, use the following command:

    gcloud compute addresses describe ADDRESS_NAME --global

  • For a regional IPv4 or IPv6 address, use the following command:

    gcloud compute addresses describe ADDRESS_NAME --region=REGION

API

  • To describe a regional IPv4 or IPv6 address, call the addresses.get method:

    GET https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/regions/REGION/addresses/ADDRESS_NAME

    Replace the following:

    • PROJECT_ID: the project ID for the request
    • REGION: the name of the region for the request
    • ADDRESS_NAME: the name of the IP address

  • To describe a global IPv4 or IPv6 address, call the globalAddresses.get method:

    GET https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/global/addresses/ADDRESS_NAME

    Replace the following:

    • PROJECT_ID: the project ID for the request
    • ADDRESS_NAME: the name of the IP address

Release a static external IP address

If you no longer need a static external IPv4 or IPv6 address, you can release the IP address by deleting the IP address resource.

If you are using the Google Cloud console, you can release a static IP address only if it is not being used by another resource.

If you're using the gcloud CLI or API, you can release an IP address whether or not it's being used by another resource.

  • If the IP address is not being used by a resource, the IP address is returned to the pool of available external IP addresses.

  • If the IP address is being used by a resource, it remains attached to the resource until the resource is deleted.

Console

  1. In the Google Cloud console, go to the IP addresses page.

    Go to IP addresses

  2. Click External IP addresses.

  3. Optional: In the Filter field, enter static and then select Static : Type from the drop-down list.

  4. Select the static external IP address that you want to release.

  5. Click Release static address.

    If you don't see this option, click the More actions menu () in the top menu bar, and then select Release static address from the list.

gcloud

Use the compute addresses delete command:

gcloud compute addresses delete ADDRESS_NAME

Replace ADDRESS_NAME with the name of the IPv4 or IPv6 address to release.

API

  • To release a regional IPv4 or IPv6 address, call the addresses.delete method:

    DELETE https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/regions/REGION/addresses/ADDRESS_NAME

    Replace the following:

    • PROJECT_ID: the project ID for this request
    • REGION: the name of the region for this request
    • ADDRESS_NAME: the name of the IP address

  • To release a global IPv4 or IPv6 address, call the globalAddresses.delete method:

    DELETE https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/global/addresses/ADDRESS_NAME

    Replace the following:

    • ADDRESS_NAME: the name of the IP address
    • PROJECT_ID: the project ID for this request

What's next