A single VPC can span multiple regions without communicating across the public internet. For on-premises, you can share a connection between VPC and on-premises resources with all regions in a single VPC.
With a single VPC for an entire organization, teams can be isolated within projects, with separate billing and quotas, yet still maintain a shared private IP space and access to commonly used services.
Google Cloud VPCs let you increase the IP space of any subnets without any workload shutdown or downtime. This gives you flexibility and growth options to meet your needs.
VPC can automatically set up your virtual topology, configuring prefix ranges for your subnets and network policies, or you can configure your own. You can also expand CIDR ranges without downtime.
Troubleshoot your existing VPCs by collecting and inspecting network traffic at scale, providing intrusion detection, application performance monitoring, and compliance controls.
Securely connect your existing network to VPC network over IPsec.
Learn from customers using Virtual Private Cloud
Sign up for Google Cloud newsletters to receive product updates, event information, special offers, and more.
Virtual Private Cloud documentation, how-to-guides, and support.
Creating a virtual private network (VPN)
How-to-guides, tutorials, and other support to create a VPN.
Using Cloud Router
Documentation and resources for Cloud Router.
Extend your on-premises network to Google with Interconnect
Learn how to use Dedicated Interconnect to connect directly to Google or use Partner Interconnect to connect to Google through a supported service provider.
Qwiklab: Networking in Google Cloud
A two-day class giving participants a broad study of networking options on Google Cloud in addition to common network design patterns and automated deployment.
|VPC network||VPC can automatically set up your virtual topology, configuring prefix ranges for your subnets and network policies, or you can configure your own. You can also expand CIDR ranges without downtime.|
|Packet mirroring||Troubleshoot your existing VPCs by collecting and inspecting network traffic at scale, providing intrusion detection, application performance monitoring, and compliance controls.|
|VPN||Securely connect your existing network to VPC network over IPsec.|
|Firewall||Segment your networks with a global distributed firewall to restrict access to instances. Firewall Rules Logging lets you audit, verify, and analyze the effects of your firewall rules.|
|VPC peering||Configure private communication across the same or different organizations without bandwidth bottlenecks or single points of failure.|
|Shared VPC||Configure a VPC network to be shared across several projects in your organization. Connectivity routes and firewalls associated are managed centrally. Your developers have their own projects with separate billing and quota, while they simply connect to a shared private network, where they can communicate.|
|Routes||Forward traffic from one instance to another instance within the same network, even across subnets, without requiring external IP addresses.|
|VPC flow logs||Flow logs capture information about the IP traffic going to and from network interfaces on Compute Engine. VPC flow logs help with network monitoring, forensics, real-time security analysis, and expense optimization. Google Cloud flow logs are updated every five seconds, providing immediate visibility.|
|Simple and complex architectures||Host globally distributed multi-tier applications by creating a VPC with subnets. Connect Google Cloud or externally hosted databases to Google’s machine learning services by creating a VPC with subnets and VPN access.|
|Disaster recovery||With application replication, create backup Google Cloud compute capacity, then revert back once the incident is over.|
|Private access||Get private access to Google services, such as storage, big data, analytics, or machine learning, without having to give your service a public IP address. Configure your application’s front end to receive internet requests and shield your backend services from public endpoints, all while being able to access Google Cloud services.|
|Bring your own IPs||Bring your own IP addresses to Google’s network across all regions to minimize downtime during migration and reduce your networking infrastructure cost. After you bring your own IPs, Google Cloud will advertise them globally to all peers. Your prefixes can be broken into blocks as small as 16 addresses (/28), creating more flexibility with your resources.|
|Ingress and egress: Traffic type||Price|
|Egress to the same zone*||No charge|
|Egress to a different Google Cloud service within the same region||No charge|
|Egress to Google products (such as YouTube, Maps, Drive)**||No charge|
|Egress between zones in the same region, or regions within the US||$0.01/GB|
|Intercontinental egress traffic—from Japan***||
0–1 TB: $0.14–$0.23/GB
1–10 TB: $0.14–$0.22/GB
10+ TB: $0.12–$0.20/GB
|Intercontinental egress traffic—from other regions***||
0–1 TB: $0.12–$0.23/GB
1–10 TB: $0.11–$0.22/GB
10+ TB: $0.08–$0.20/GB
|External IP address||Price/Hour (USD)|
|Static IP address (assigned but unused)||$0.010|
|Static and ephemeral IP addresses in use on standard VM instances||$0.004*|
|Static and ephemeral IP addresses in use on preemptible VM instances||$0.002*|
|Static and ephemeral IP addresses attached to forwarding rules||No charge|