Using VPC networks

This page describes how to create, modify, and delete VPC networks. This page assumes that you are familiar with the characteristics of VPC networks as described in the VPC network overview. Networks and subnets are different resources in Google Cloud.

Creating networks

You can choose to create an auto mode or custom mode VPC network. Each new network that you create must have a unique name within the same project.

Creating an auto mode network

Auto mode networks create one subnet in each Google Cloud region automatically when you create the network. As new regions become available, new subnets in those regions are automatically added to the auto mode network. IP ranges for the automatically created subnets come from a predetermined set of ranges. All auto mode networks use the same set of IP ranges.

Console

  1. Go to the VPC networks page in the Google Cloud Console.
    Go to the VPC networks page
  2. Click Create VPC network.
  3. Enter a Name for the network.
  4. Choose Automatic for the Subnet creation mode.
  5. In the Firewall rules section, select one or more predefined firewall rules that address common use cases for connectivity to VMs. If you don't want to use them, select no rules. You can create your own firewall rules after you create the network.
  6. Choose the Dynamic routing mode for the VPC network.

    For more information, see dynamic routing mode. You can change the dynamic routing mode later.

  7. Maximum transmission unit (MTU): Choose whether the network has an MTU of 1460 (default) or 1500. Review the MTU information in the concepts guide before setting the MTU to 1500.

  8. Click Create.

gcloud

Create an auto mode network using the following gcloud command:


gcloud compute networks create NETWORK \
    --subnet-mode=auto \
    --bgp-routing-mode=DYNAMIC_ROUTING_MODE \
    --mtu=MTU

Replace the placeholders with valid values:

  • NETWORK is a name for the VPC network.
  • DYNAMIC_ROUTING_MODE can be either global or regional to control the behavior of Cloud Routers in the network. For more information, refer to dynamic routing mode.
  • MTU is the maximum transmission unit of the network. MTU can either be 1460 (default) or 1500. Review the MTU information in the concepts guide before setting the MTU to 1500.

API

Create an auto mode network.

POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/global/networks
{
  "autoCreateSubnetworks": true,
  "name": "auto-network1",
  "mtu": MTU
}

Replace the following:

  • PROJECT_ID is the ID of the project where the VPC network is created.
  • MTU is the maximum transmission unit of the network. MTU can either be 1460 (default) or 1500. Review the MTU information in the concepts guide before setting the MTU to 1500.

To specify the dynamic routing mode of the VPC network, use the routingConfig field:

POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/global/networks
{
  "routingConfig": {
    "routingMode": "DYNAMIC_ROUTING_MODE"
  },
  "autoCreateSubnetworks": true,
  "name": "NETWORK",
  "mtu": MTU
}

Replace the placeholders with valid values:

  • PROJECT_ID is the ID of the project where the VPC network is created.
  • NETWORK is a name for the VPC network.
  • DYNAMIC_ROUTING_MODE can be either global or regional to control the route advertisement behavior of Cloud Routers in the network. For more information, refer to dynamic routing mode.
  • MTU is the maximum transmission unit of the network. MTU can either be 1460 (default) or 1500. Review the MTU information in the concepts guide before setting the MTU to 1500.

For more information, refer to the networks.insert method.

Creating a custom mode network

For custom mode VPC networks, create a network, then create the subnets that you want within a region. You do not have to specify subnets for all regions right away, or even at all, but you cannot create instances in a region that has no subnet defined.

You can create subnets when you create the network, or you can add subnets later.

Console

  1. Go to the VPC networks page in the Google Cloud Console.
    Go to the VPC networks page
  2. Click Create VPC network.
  3. Enter a Name for the network.
  4. Choose Custom for the Subnet creation mode.
  5. In the New subnet section, specify the following configuration parameters for a subnet:

    1. Provide a Name for the subnet.
    2. Select a Region.
    3. Enter an IP address range. This is the primary IP range for the subnet.

      If you select a range that is not an RFC 1918 address, confirm that the range doesn't conflict with an existing configuration. For more information, see Subnet ranges.

    4. To define a secondary range for the subnet, click Create secondary IP range.

      If you select a range that is not an RFC 1918 address, confirm that the range doesn't conflict with an existing configuration. For more information, see Subnet ranges.

    5. Private Google access: Choose whether to enable Private Google Access for the subnet when you create it or later by editing it.

    6. Flow logs: Choose whether to enable VPC flow logs for the subnet when you create it or later by editing it.

    7. Click Done.

  6. To add more subnets, click Add subnet and repeat the previous steps. You can also add more subnets to the network after you have created the network.

  7. Choose the Dynamic routing mode for the VPC network.

    For more information, see dynamic routing mode. You can change the dynamic routing mode later.

  8. Maximum transmission unit (MTU): Choose whether the network has an MTU of 1460 (default) or 1500. Review the MTU information in the concepts guide before setting the MTU to 1500.

  9. Click Create.

gcloud

Create a new custom mode network using the following gcloud command. After you have created your network, add subnets to it by following the adding subnets directions.

gcloud compute networks create NETWORK \
    --subnet-mode=custom \
    --bgp-routing-mode=DYNAMIC_ROUTING_MODE \
    --mtu=MTU

Replace the placeholders with valid values:

  • NETWORK is a name for the VPC network.
  • DYNAMIC_ROUTING_MODE can be either global or regional to control the route advertisement behavior of Cloud Routers in the network. For more information, refer to dynamic routing mode.
  • MTU is the maximum transmission unit of the network. MTU can either be 1460 (default) or 1500. Review the MTU information in the concepts guide before setting the MTU to 1500.

API

Create a custom mode network.

POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/global/networks
{
  "autoCreateSubnetworks": false,
  "name": "NETWORK",
  "mtu": MTU,
  "routingConfig": {
    "routingMode": "DYNAMIC_ROUTING_MODE"
  }
}

Replace the following placeholders with values from your environment:

  • PROJECT_ID is the ID of the project where the VPC network is created.
  • NETWORK is a name for the VPC network.
  • DYNAMIC_ROUTING_MODE can be either global or regional to control the route advertisement behavior of Cloud Routers in the network. For more information, refer to dynamic routing mode.
  • MTU is the maximum transmission unit of the network. MTU can either be 1460 (default) or 1500. Review the MTU information in the concepts guide before setting the MTU to 1500.

For more information, refer to the networks.insert method.

About firewall rules

After you create a network, create firewall rules to allow or deny traffic between resources in the network, such as communication between VM instances. You also use firewall rules to control what traffic leaves or enters the VPC network to or from the internet.

Viewing networks

View the VPC and legacy networks in your project. For VPC networks, you can view information about their subnets and their subnet creation mode.

Console

  1. Go to the VPC networks page in the Google Cloud Console.
    Go to the VPC networks page

    The console lists all of your VPC and legacy networks.

  2. Select a VPC network to view its details, such as its peering connections and subnets.

gcloud

  1. List the networks in your project, as shown in the following example.

    gcloud compute networks list
    

    The command lists all of your VPC and legacy networks. Legacy networks show a subnet creation mode of LEGACY, while VPC networks show either AUTO or CUSTOM.

    NAME             SUBNET_MODE  BGP_ROUTING_MODE  IPV4_RANGE     GATEWAY_IPV4
    custom-network   CUSTOM       REGIONAL
    default          AUTO         REGIONAL
    legacy-network1  LEGACY       REGIONAL          10.240.0.0/16  10.240.0.1
    
  2. Describe a network to view its details, such as its peering connections and subnets.

    gcloud compute networks describe NETWORK
    

API

  1. List all networks in your project.

    GET https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/global/networks
    

    Replace PROJECT_ID with the ID of the project that contains the VPC networks to list.

    For more information, refer to the networks.list method.

  2. Describe a network to view its details.

    GET https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/global/networks/NETWORK
    

    Replace the placeholders with valid values:

    • PROJECT_ID is the ID of the project that contains the VPC network.
    • NETWORK is the name of the VPC network to describe.

    For more information, refer to the networks.get method.

Working with subnets

You must follow these rules when creating or editing a subnet:

  • Within a project, a subnet cannot have the same name as a VPC network unless it is a member of that network. Within a project, subnets in the same region must have unique names. For example, a network named production can have multiple subnets also named production as long as each of those subnets is in a unique region.

  • You cannot change the name or region of a subnet after you have created it. However, you can delete a subnet and replace it, as long as no resources are using it.

  • Each subnet must have a primary range, and, optionally, one or more secondary ranges for alias IP. The per network limits describe the maximum number of secondary ranges that you can define for each subnet. Primary and secondary IP ranges must be a valid range.

    • Within a VPC network, all primary and secondary IP ranges must be unique, but they do not need to be contiguous. For example, the primary range of a subnet can be 10.0.0.0/24 while the primary range of another subnet in the same network can be 192.168.0.0/16.

    • The primary IP range for the subnet can be expanded, but not replaced or shrunk, after the subnet has been created.

    • You can remove and replace a subnet's secondary IP address range only if no instances are using that range.

    • The minimum primary or secondary range size is eight IP addresses. In other words, the longest subnet mask you can use is /29.

  • Primary and secondary ranges for subnets cannot overlap with any allocated range, any primary or secondary range of another subnet in the same network, or any IP ranges of subnets in peered networks.

  • Google Cloud creates corresponding subnet routes for both primary and secondary IP ranges. Subnet routes, and therefore subnet IP ranges, must have the most specific IP ranges by definition.

    • Primary and secondary ranges can't conflict with on-premises IP ranges if you have connected your VPC network to another network with Cloud VPN, Dedicated Interconnect, or Partner Interconnect.

    • IP ranges for all subnets must be unique among VPC networks that are connected to one another by VPC Network Peering.

    • Subnet IP ranges cannot conflict with destinations for static routes.

    • Avoid using IP addresses from the 10.128.0.0/9 block for a subnet's primary or secondary IP ranges. Automatically created subnets in auto mode networks use IP addresses from this block. If you use IP addresses in the 10.128.0.0/9 block, you will not be able to connect your network to an auto mode VPC network using VPC Peering or with Cloud VPN tunnels.

Listing subnets

You can see all the subnets that exist for a project.

Console

  1. Go to the VPC networks page in the Google Cloud Console.
    Go to the VPC networks page
    Subnets in all VPC networks are shown.
  2. Click the name of a network then click the Subnets tab on the VPC network details page to view subnets for just that network, instead of for all networks.

gcloud

You can list all subnets in all networks in your project, or you can show only the subnets for a particular network or region. The following list shows example commands.

  • Use this command to list all subnets in all VPC networks, in all regions:

    gcloud compute networks subnets list
    
  • Use this command to list all subnets in a particular VPC network, replacing NETWORK with the name of the network:

    gcloud compute networks subnets list \
       --network=NETWORK
    
  • Use this command to list all subnets in a particular region, replacing REGION with a region name:

    gcloud compute networks subnets list \
       --filter="region:( REGION … )"
    

API

List all subnets in your project.

GET https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/aggregated/subnetworks

Replace PROJECT_ID with the ID of the project that contains the subnets to list.

For more information, refer to the subnetworks.aggregatedList method.

Describing a subnet

You can view details of an existing subnet, such as its primary IP range, any secondary IP ranges, and its region, by following the steps in this section.

Console

  1. Go to the VPC networks page in the Google Cloud Console.
    Go to the VPC networks page
    All networks and subnets in your project are presented in a hierarchical view, where subnets are shown as entries within networks.
  2. To focus on subnets for a particular network, click the name of a network. On its VPC network details page, click the name of a subnet in the Subnets tab to view its Subnet details page.

gcloud

  1. List subnets to determine the names and regions of existing subnets in your project.

  2. Describe the subnet using the following gcloud command, replacing SUBNET with its name and REGION with its region.

    gcloud compute networks subnets describe SUBNET \
    --region=REGION
    

API

  1. List subnets in a particular region to find the subnet's name.

    GET https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/regions/REGION/subnetworks
    

    Replace the placeholders with valid values:

    • PROJECT_ID is the ID of the project that contains the subnets to list.
    • REGION is the name of the Google Cloud region that contains the subnets to list.

    For more information, refer to the subnetworks.list method.

  2. Describe the subnets to view its details.

    GET https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/regions/REGION/subnetworks/SUBNET
    

    Replace the placeholders with valid values:

    • PROJECT_ID is the ID of the project that contains the subnet to describe.
    • REGION is the name of the Google Cloud region that contains the subnet to describe.
    • SUBNET is the name of the subnet to describe.

    For more information, refer to the subnetworks.get method.

Adding subnets

When you create a subnet, you set a name, a region, and at least a primary IP address range according to the subnet rules.

Console

  1. Go to the VPC networks page in the Google Cloud Console.
    Go to the VPC networks page
  2. Click the name of a VPC network to show its VPC network details page.
  3. Click Add subnet. In the panel that appears:

    1. Provide a Name.
    2. Select a Region.
    3. Enter an IP address range. This is the primary IP range for the subnet.

      If you select a range that is not an RFC 1918 address, confirm that the range doesn't conflict with an existing configuration. For more information, see Subnet ranges.

    4. To define a secondary range for the subnet, click Create secondary IP range.

      If you select a range that is not an RFC 1918 address, confirm that the range doesn't conflict with an existing configuration. For more information, see Subnet ranges.

    5. Private Google access: You can enable Private Google Access for the subnet when you create it or later by editing it.

    6. Flow logs: You can enable VPC flow logs for the subnet when you create it or later by editing it.

    7. Click Add.

gcloud

The following gcloud command creates a new subnet in a given network.

gcloud compute networks subnets create SUBNET \
    --network=NETWORK \
    --range=PRIMARY_RANGE \
    --region=REGION

Replace the placeholders with valid values:

  • SUBNET is a name for the new subnet.
  • NETWORK is the name of the VPC network that will contain the new subnet.
  • PRIMARY_RANGE is the primary IP range for the new subnet, in CIDR notation. For more information, see Subnet ranges.
  • REGION is the Google Cloud region in which the new subnet will be created.

You can modify the previous command with the following optional flags:

  • --secondary-range=SECONDARY_RANGE_NAME=SECONDARY_RANGE: Replace SECONDARY_RANGE_NAME with name for the secondary range and SECONDARY_RANGE with a secondary range in CIDR notation. The per network limits describe the maximum number of secondary ranges that you can define for each subnet.
  • --enable-flow-logs: Enables VPC Flow Logs in the subnet at creation time.
  • --enable-private-ip-google-access: Enables Private Google Access in the subnet at creation time.
  • --purpose: Enables you to creata a proxy-only subnet for Internal HTTP(S) Load Balancing.
  • --role: For Internal HTTP(S) Load Balancing only, enables you to specify a role (active or backup) for a proxy-only subnet.

API

Create a subnet in a given VPC network.

POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/regions/REGION/subnetworks
{
  "ipCidrRange": "IP_RANGE",
  "network": "NETWORK_URL",
  "name": "SUBNET"
}

Replace the placeholders with valid values:

  • PROJECT_ID is the ID of the project that contains the VPC network to modify.
  • REGION is the name of the Google Cloud region where the subnet is added.
  • IP_RANGE is the primary IP address range for the subnet. For more information, see Subnet ranges.
  • NETWORK_URL is the URL of the VPC network where you're adding the subnet.
  • SUBNET is a name for the subnet.

For more information, refer to the subnetworks.insert method.

Deleting subnets

Use the following directions to delete a manually created subnet. Before you can delete a subnet, you must delete all resources that use it. For example, you need to delete VMs, reserved internal IP addresses, internal forwarding rules, and Cloud NAT gateways that use the subnet.

Console

  1. Go to the VPC networks page in the Google Cloud Console.
    Go to the VPC networks page
    All networks and subnets in your project are presented in a hierarchical view, where subnets are shown as entries within networks.
  2. To focus on subnets for a particular network, click the name of a network. On its VPC network details page, click the name of a subnet in the Subnets tab to view its Subnet details page.
  3. Click Delete subnet.
  4. In the message that appears, click Delete to confirm.

gcloud

Use the following gcloud command to delete a subnet:

gcloud compute networks subnets delete SUBNET \
    --region=REGION

Replace the placeholders with valid values:

  • SUBNET is the name of the subnet to delete.
  • REGION is the region where the subnet exists.

API

Delete a subnet in a given VPC network.

DELETE https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/regions/REGION/subnetworks/SUBNET

Replace the placeholders with valid values:

  • PROJECT_ID is the ID of the project that contains the subnet to delete.
  • REGION is the name of the Google Cloud region that contains the subnet to describe.
  • SUBNET is the name of the subnet to delete.

For more information, refer to the subnetworks.delete method.

Expanding a primary IP range

You can expand the primary IP range of an existing subnet by modifying its subnet mask, setting the prefix length to a smaller number. The proposed new primary IP range of the subnet must follow the subnet rules.

When expanding the IP range of an automatically created subnet in an auto mode network (or in a custom mode network that was previously an auto mode network), the broadest prefix (subnet mask) you can use is /16. Any prefix broader than /16 would conflict with the primary IP ranges of the other automatically created subnets.

Console

  1. Go to the VPC networks page in the Google Cloud Console.
    Go to the VPC networks page
    All networks and subnets in your project are presented in a hierarchical view, where subnets are shown as entries within networks.
  2. To focus on subnets for a particular network, click the name of a network. On its VPC network details page, click the name of a subnet in the Subnets tab to view its Subnet details page.
  3. Click Edit.
  4. Enter a new, broader CIDR block in the IP address range field.

    For valid ranges, see Subnet ranges.

  5. Click Save.

gcloud

Expand the primary IP range of a subnet with the following gcloud command:

gcloud compute networks subnets expand-ip-range SUBNET \
  --region=REGION \
  --prefix-length=PREFIX_LENGTH

Replace the placeholders with valid values:

  • SUBNET is the name of the subnet.
  • REGION is the region in which the subnet is located.
  • PREFIX_LENGTH is a subnet mask size in bits. If the primary IP range is 10.1.2.0/24, you can supply 20 to reduce the subnet mask to 20 bits, which changes the primary IP range to 10.1.2.0/20. For valid ranges, see Subnet ranges.

API

Expand the primary IP address range of an existing subnet.

POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/regions/REGION/subnetworks/SUBNET/expandIpCidrRange
{
  "ipCidrRange": "IP_RANGE"
}

Replace the placeholders with valid values:

  • PROJECT_ID is the ID of the project that contains the subnet to modify.
  • REGION is the name of the Google Cloud region that contains the subnet to modify.
  • SUBNET is the name of the subnet to modify.
  • IP_RANGE is the expanded IP address range for the subnet. For valid ranges, see Subnet ranges.

For more information, refer to the subnetworks.expandIpCidrRange method.

Editing secondary ranges

You can add secondary IP ranges to subnets, or you can remove any secondary range as long as no resources are using IP addresses in it.

gcloud

Add a new secondary IP range to a subnet using the following gcloud command:

gcloud compute networks subnets update SUBNET \
  --region=REGION \
  --add-secondary-ranges=SECONDARY_RANGE_NAME=SECONDARY_RANGE

Replace the placeholders with valid values:

  • SUBNET is the name of the subnet.
  • REGION is the region in which the subnet is located.
  • SECONDARY_RANGE_NAME is a name for the secondary range.
  • SECONDARY_RANGE is the secondary IP range in CIDR notation. For valid ranges, see Subnet ranges.

Remove a secondary IP range from a subnet using the following gcloud command:

gcloud compute networks subnets update SUBNET \
  --region=REGION \
  --remove-secondary-ranges=SECONDARY_RANGE_NAME

Replace the placeholders with valid values:

  • SUBNET is the name of the subnet.
  • REGION is the region in which the subnet is located.
  • SECONDARY_RANGE_NAME is the name of the secondary range to be removed.

API

Modify secondary IP address ranges for an existing subnet.

PATCH https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/regions/REGION/subnetworks/SUBNET
{
  "secondaryIpRanges": [
  {
    "rangeName": "SECONDARY_RANGE_NAME",
    "ipCidrRange": "IP_RANGE"
  },
  {
    "rangeName": "SECONDARY_RANGE_NAME",
    "ipCidrRange": "IP_RANGE"
  }],
  "fingerprint": "SUBNETWORK_FINGERPRINT"
}

Replace the placeholders with valid values:

  • PROJECT_ID is the ID of the project that contains the subnet to modify.
  • REGION is the name of the Google Cloud region that contains the subnet to modify.
  • SUBNET is the name of the subnet to modify.
  • SECONDARY_RANGE_NAME is a name for the secondary IP address range.
  • IP_RANGE is the expanded IP address range for the subnet. For valid ranges, see Subnet ranges.
  • SUBNET_FINGERPRINT is the finger print ID for the existing subnet, which is provided when you describe a subnet.

For more information, refer to the subnetworks.patch method.

Modifying networks

Converting to custom mode

You can convert an auto mode network to a custom mode network using this procedure. Review the considerations for auto mode networks for background information about reasons why you might want to do this.

Converting an auto mode network to a custom mode network preserves all of its automatically created subnets and any subnets you have added. Subnet names and IP ranges are not changed.

After you convert an auto mode network to custom mode, you must review all API calls and gcloud commands that implicitly reference any subnet that was automatically created while the network was in auto mode. API calls and commands will need to be modified so that they reference the subnet explicitly. For gcloud commands that have a subnet specification flag (--subnet), that flag is required to reference subnets in a custom mode network.

Console

  1. Go to the VPC networks page in the Google Cloud Console.
    Go to the VPC networks page
  2. Click the name of a VPC network to show its VPC network details page.
  3. Click Edit.
  4. In the Subnet creation mode section, choose Custom.
  5. Click Save.

gcloud

Convert an auto mode network to a custom mode network using the following command, replacing NETWORK with the network's name.

gcloud compute networks update NETWORK \
    --switch-to-custom-subnet-mode

API

Convert an existing auto mode network to a custom mode network.

POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/global/networks/NETWORK/switchToCustomMode

Replace the placeholders with valid values:

  • PROJECT_ID is the ID of the project that contains the VPC network to convert.
  • NETWORK is the name of the VPC network to convert.

For more information, refer to the networks.switchToCustomMode method.

Changing the dynamic routing mode

Each VPC network has an associated dynamic routing mode that controls the behavior of Cloud Routers in the network. Refer to dynamic routing mode section in the VPC Network Overview page to understand how each mode affects how Cloud Routers share routes and apply learned routes.

Console

  1. Go to the VPC networks page in the Google Cloud Console.
    Go to the VPC networks page
  2. Click the name of a VPC network to show its VPC network details page.
  3. Click Edit.
  4. In the Dynamic routing mode section, choose either Global or Regional.
  5. Click Save.

gcloud

Change the dynamic routing mode of a VPC network with the following gcloud command:

gcloud compute networks update NETWORK \
    --bgp-routing-mode=DYNAMIC_ROUTING_MODE

Replace the placeholders with valid values:

  • NETWORK is the name of the VPC network whose dynamic routing mode you need to change.
  • DYNAMIC_ROUTING_MODE is either global or regional, depending on the desired behavior of all Cloud Routers in the network.

API

Change the dynamic routing mode of an existing VPC network.

PATCH https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/global/networks/NETWORK
{
  "routingConfig": {
    "routingMode": "ROUTING_MODE"
  }
}

Replace the placeholders with valid values:

  • PROJECT_ID is the ID of the project that contains the VPC network to modify.
  • NETWORK is the name of the VPC network to modify.
  • ROUTING_MODE is either GLOBAL or REGIONAL.

For more information, refer to the subnetworks.patch method.

Changing the MTU of a network

Each VPC network has an MTU. You should not change the network MTU while the VMs are running. Doing so can result in a period where VMs have different MTUs, which can lead to unreliable network connectivity.

For detailed considerations regarding changing the MTU of a network, see Maximum transmission unit.

The recommended way to update the network MTU is to stop all running VM instances, change the network MTU, then start all instances. VMs based on Google-provided Linux images automatically configure each of their network interfaces to use the MTU of the attached VPC network when they start. You must manually update the MTU of Windows VMs and VMs based on custom images that do not rely on DHCP for network MTU configuration.

To update the MTU of interfaces in Windows VMs, run the following command within each instance:

netsh interface ipv4 set subinterface NAME mtu=1500 store=persistent

Console

Updating network MTU is not supported in the Cloud Console. See the gcloud command-line tool or API instructions.

gcloud

Stop all VMs

For each zone in the network, stop all VMs in that zone.

gcloud compute instances stop INSTANCE_NAMES... \
    --zone=ZONE

Update network MTU

gcloud compute networks update NETWORK \
    --mtu=MTU

Restart VMs

For each zone in the network, start all VMs in that zone.

gcloud compute instances start INSTANCE_NAMES... \
    --zone=ZONE

Replace the placeholders with valid values:

  • INSTANCE_NAMES... is a space-separated list of instances.
  • NETWORK is the name of the VPC network whose dynamic routing mode you need to change.
  • MTU is the maximum transmission unit of the network. MTU can either be 1460 (default) or 1500. Review the MTU information in the concepts guide before setting the MTU to 1500.

API

Change the MTU of an existing VPC network.

PATCH https://www.googleapis.com/compute/v1/projects/PROJECT_ID/global/networks/NETWORK
{
  "mtu": MTU
}

Replace the placeholders with valid values:

  • PROJECT_ID is the ID of the project that contains the VPC network to modify.
  • NETWORK is the name of the VPC network to modify.
  • MTU is the maximum transmission unit of the network. MTU can either be 1460 (default) or 1500. Review the MTU information in the concepts guide before setting the MTU to 1500.

For more information, refer to the subnetworks.patch method.

Deleting a network

If a network is not being used, you can delete it. Before you can delete a network, you must delete all resources in all of its subnets, and all resources that reference the network. Resources that reference the network include Cloud VPN gateways, Cloud Routers, firewall rules, and custom static routes.

Console

  1. Go to the VPC networks page in the Google Cloud Console.
    Go to the VPC networks page
  2. Click the name of a VPC network to show its VPC network details page.
  3. Click Delete VPC network.
  4. In the message that appears, click Delete to confirm.

gcloud

Delete a network by using the following gcloud command, replacing NETWORK with the name of the network to remove.

gcloud compute networks delete NETWORK

API

Delete a VPC network to remove it from your project.

DELETE https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/global/networks/NETWORK

Replace the placeholders with valid values:

  • PROJECT_ID is the ID of the project that contains the VPC network to delete.
  • NETWORK is the name of the VPC network to delete.

For more information, refer to the subnetworks.delete method.

Monitoring your VPC network

You can enable logging of network flows to and from VMs. See Using VPC Flow Logs for instructions.

You can enable logging for firewall rules to see which rules allowed or blocked which traffic. See Using Firewall Rules Logging for instructions.

Migrating VMs

You can migrate your virtual machine (VM) instances from one network to another within a given project. For instructions, see Migrating a VM between networks.

What's next