Reserve a static internal IP address  |  VPC  |  Google Cloud (2024)

Table of Contents
Before you begin Console gcloud Terraform REST Required roles Limitations Reserve a new static internal IPv4 or IPv6 address Console gcloud Terraform API Reserve a static internal IP address range for HA VPN over Cloud Interconnect Determine if an internal IPv4 or IPv6 address is ephemeral or static Console gcloud API List static internal IPv4 or IPv6 addresses Console gcloud API Release a static internal IPv4 or IPv6 address Console gcloud API What's next

This page shows you how to reserve and manage static internal IPv4 or IPv6addresses in Virtual Private Cloud (VPC) networks.

Static internal IP addresses provide the ability to reserve internal IPaddresses from the IP address range configured in the subnet, and then assign thosereserved internal IP addresses to resources as needed. Reserving an internal IPaddress takes that address out of the dynamic allocation pool and prevents itfrom being used for automatic allocations. Reserving static internal IPaddresses requires specific Identity and Access Management (IAM) permissions so thatonly authorized users can reserve a static internal IP address.

With the ability to reserve static internal IP addresses, you can always use thesame IP address for the same resource even if you have to delete and re-createthe resource.

To reserve a static external IP address instead of an internal IP address, seeReserve a static external IP addresses.

Before you begin

  • Read about IP addresses.
  • If you haven't already, set up authentication.Authentication is the process by which your identityis verified for access to Google Cloud services and APIs. To run code orsamples from a local development environment, you can authenticate as follows.

    Select the tab for how you plan to use the samples on this page:

    Console

    When you use the Google Cloud console to access Google Cloud services and APIs, you don't need to set up authentication.

    gcloud

    Install the Google Cloud CLI, then initialize it by running the following command: 

    gcloud init

    Terraform

    To use the Terraform samples on this page in a local development environment, install and initialize the gcloud CLI, and then set up Application Default Credentials with your user credentials.

    1. Install the Google Cloud CLI.

    2. To initialize the gcloud CLI, run the following command: 

      gcloud init

    3. If you're using a local shell, then create local authentication credentials for your user account: 

      gcloud auth application-default login

      You don't need to do this if you're using Cloud Shell.

    For more information, see Set up authentication for a local development environment in the Google Cloud authentication documentation.

    REST

    To use the REST API samples on this page in a local development environment, you use the credentials you provide to the gcloud CLI.

      Install the Google Cloud CLI, then initialize it by running the following command: 

      gcloud init

    For more information, see Authenticate for using REST in the Google Cloud authentication documentation.

Required roles

To get the permissions that you need to reserve and manage static IP addresses, ask your administrator to grant you the Compute Network Admin (roles/compute.networkAdmin) IAM role on your project. For more information about granting roles, see Manage access to projects, folders, and organizations.

This predefined role contains the permissions required to reserve and manage static IP addresses. To see the exact permissions that are required, expand the Required permissions section:

Required permissions

The following permissions are required to reserve and manage static IP addresses:

  • compute.addresses.create on the IP address
  • compute.addresses.createInternal on the IP address
  • compute.networks.list on the network
  • compute.subnetworks.use on the subnet
  • compute.subnetworks.list on the subnet

You might also be able to get these permissions with custom roles or other predefined roles.

Limitations

  • You cannot unassign or change the internal IPv4 address of an existing resource. Forexample, you cannot assign a new static internal IP address to a running or astopped VM instance. You can, however, promote the ephemeral internal IPaddress of a resource to a static internal IP address so that the address remainsreserved even after the resource is deleted.

  • The number of static internal IP addresses that you can reserve cannot exceedyour project's quota. For more information, see the per-projectquotas in the VPC documentation.

  • Only one resource at a time can use a static internal IP address.

  • Reserving a static internal IP address is only supported forVPC networks. It is not supported for legacy mode networks.

  • Deleting a resource does not automatically release a static internal IPaddress. You must manually release static internal IP addresses when youno longer require them.

  • You cannot change the name of a static IP address.

  • Static internal IP addresses are regional, meaning they are restricted tothe region in which they are reserved. For example,if there is a reserved static internal IP address in Region A, youcan only use the IP address in Region A.

Reserve a new static internal IPv4 or IPv6 address

Before you can reserve a new static internal IP address, you must create aVPC networkwith a subnet.

If you want to reserve a new static internal IPv6 address, the VPCnetwork must have the ULA internal IPv6 range enabled.In addition, it must have a dual-stack subnetwith the INTERNAL IPv6 access type.

See Also
Distinguishing Between Fixed and Mobile IP AddressesUnderstanding IP address reservation | Nureva supportHow do I get a static IP Address for my device?How to check the IP address and set up a Static/specific IP address using ASUSWRT? | Official Support | ASUS India

To reserve a standalone internal IP address, complete the following steps.

Console

  1. In the Google Cloud console, go to the IP addresses page.

    Go to IP addresses

  2. Click Reserve internal static IP address. You might need to click the more_vert More actions menu to see this button.
  3. In the Name field, enter an IP address name.
  4. In the IP version list, select the required IP version:
    • To reserve a static internal IPv4 address, select IPv4.
    • To reserve a static internal IPv6 address, select IPv6.
  5. In the Network and Subnetwork lists, select a VPC network and a subnet, respectively.
  6. Specify how you want to reserve the IP address:
    • For IPv4 addresses, to specify a static internal IPv4 address to reserve,for Static IP address, select Let me choose, and then enter acustom IP address. Otherwise, the system automatically assigns astatic internal IPv4 address in the subnet for you.
    • For IPv6 addresses, the system automatically assigns a static internalIPv6 address from the subnet's internal IPv6 address range.

  7. Optional: If you want to share the static internal IPv4 address in different frontends, in the Purpose list, choose Shared. The default selection is Non-shared.

  8. Click Reserve.

gcloud

  • To reserve an internal IPv4 address, use thecompute addresses create command:

    gcloud compute addresses create ADDRESS_NAMES \ --region REGION --subnet SUBNETWORK \ --addresses IP_ADDRESS

    Replace the following:

    • ADDRESS_NAMES:the names of one or more [--purpose=SHARED_LOADBALANCER_VIP]addresses that you want to create. In case of multiple addresses,specify all the addresses as a list, separated by spaces—forexample, example-address-1 example-address-2 example-address-3
    • REGION: the region for this request.
    • SUBNETWORK: the subnet for this internal IPaddress.
    • IP_ADDRESS: the IP address to reserve, whichmust be within the subnet's primary IP range. If unspecified, an IPaddress is automatically allocated from the subnet.

  • To reserve an internal IPv6 address, use thecompute addresses create command.Specify IPV6 as the value for --ip-version:

    gcloud compute addresses create ADDRESS_NAMES \ --region REGION --subnet SUBNETWORK \ --ip-version IPV6

    Replace the following:

    • ADDRESS_NAMES:the names of one or more addresses that you want to reserve.In case of multiple addresses, specify all the addresses as a list,separated by spaces—for example,example-address-1 example-address-2 example-address-3
    • REGION: the region for this request.
    • SUBNETWORK: the subnet for this internal IPv6 address.

    Unlike internal IPv4 reservation, internal IPv6 reservation doesn't supportreserving a specific IP address from the subnetwork. Instead, a /96 internalIPv6 address is automatically allocated from the subnet's /64 internal IPv6address range.

Examples

  • Reserve an automatically allocated internal IPv4 address from a subnet:

    gcloud compute addresses create example-address-1 \ --region us-central1 \ --subnet subnet-1

  • Reserve a specific internal IPv4 address from a subnet:

    gcloud compute addresses create example-address-1 \ --region us-central1 \ --subnet subnet-1 \ --addresses 10.128.0.12

  • Reserve a static internal IPv6 address from a subnet:

    gcloud compute addresses create example-address-1 \ --region us-central1 \ --subnet subnet-1 \ --ip-version IPV6

  • Create multiple IPv4 addresses by passing in more than one IPv4 address name;all the addresses are reserved in the same subnet:

    gcloud compute addresses create example-address-1 example-address-2 \ --region us-central1 \ --subnet subnet-1 \ --addresses 10.128.0.12,10.128.0.13

Terraform

You can use a Terraformmoduleto create an internal IP address.

In the following example, the Terraform arguments have example values thatyou can change. The example creates two specific internal IP addresses:

module "address" { source = "terraform-google-modules/address/google" version = "~> 4.0" project_id = var.project_id # Replace this with your project ID in quotes region = "asia-east1" subnetwork = "my-subnet" names = ["internal-address1", "internal-address2"] addresses = ["10.0.0.3", "10.0.0.4"]}

The following example creates two dynamically allocated internal IP addresses:

module "address" { source = "terraform-google-modules/address/google" version = "~> 4.0" project_id = var.project_id # Replace this with your project ID in quotes region = "asia-east1" subnetwork = "my-subnet" names = ["internal-address1", "internal-address2"]}

API

Use theaddresses.insert method:

POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/regions/REGION/addresses

For both IPv4 and IPv6 addresses, the body of the request must include theaddressType field, which should be INTERNAL, the name of the address,and the subnetwork that the IP address belongs to. The body of the requestcan optionally include the purpose of the internal IP address.

In addition, for internal IPv4 addresses, you can let the systemautomatically allocate an IP address for you, or use address to specify aninternal IPv4 address. The IPv4 address must belong to the subnet's primaryIP address range.

{ "addressType": "INTERNAL", "name": "IPV4_ADDRESS_NAME", "subnetwork": "regions/REGION/subnetworks/SUBNETWORK", "address": "IPV4_ADDRESS" "purpose": "GCE_ENDPOINT"}

For example:

POST https://compute.googleapis.com/compute/v1/projects/example-project/regions/us-central1/addresses{ "addressType": "INTERNAL", "name": "example-ipv4-address-1", "subnetwork": "regions/us-central1/subnetworks/my-custom-subnet", "address": "10.128.0.12" "purpose": "GCE_ENDPOINT"}

For internal IPv6 addresses, you need to also specify ipVersion as IPV6.The system automatically assigns a static internal IPv6 address from thesubnet's internal IPv6 address range.

{ "addressType": "INTERNAL", "name": "IPV6_ADDRESS_NAME", "ipVersion": "IPV6", "subnetwork": "regions/REGION/subnetworks/SUBNETWORK", "purpose": "GCE_ENDPOINT"}

For example:

POST https://compute.googleapis.com/compute/v1/projects/example-project/regions/us-central1/addresses{ "addressType": "INTERNAL", "name": "example-ipv6-address-1", "ipVersion": "IPV6" "subnetwork": "regions/us-central1/subnetworks/my-custom-subnet", "purpose": "GCE_ENDPOINT"}

Reserve a static internal IP address range for HA VPN over Cloud Interconnect

You can reserve a static internal IP address range to use withHA VPN over Cloud Interconnect.

When you create the static internal IP address,you must specify the flag --purpose=IPSEC_INTERCONNECT and aprefix length (--prefix-length) between 26 and 29.

The regional internal IPv4 addresses that you reserve are applied to theHA VPN gateways used by Cloud Interconnect.

For more information, see Assign internal IP address ranges toHA VPN gateways.

Determine if an internal IPv4 or IPv6 address is ephemeral or static

Static and ephemeral internal IP addresses behave and appear the same in mostcontexts. However, with static internal IP addresses, you can use the same IPaddress for the same resource even if you delete and re-create the resource.In general, an ephemeral IP address is released if you stop or delete theresource.

To determine if an address is static or ephemeral, do the following:

  1. In the Google Cloud console, go to the IP addresses page.

    Go to IP addresses

  2. Find the address in the list and check the Type column for the type ofIP address.

If you have ephemeral internal IP addresses that are in use, you can promotethese addresses to static internal IP addresses so that the addresses remainwith your project until you actively remove them.

To promote an ephemeral internal IP address to a static internal IP address,complete the following steps.

Console

  1. In the Google Cloud console, go to the IP addresses page.

    Go to IP addresses

  2. Click Internal IP addresses.
  3. Optional: In the Filter field, to search for ephemeral IP addresses,enter ephemeral then select Ephermal : Type from the drop-downlist.
  4. Select the internal IP address that you want to promote.
  5. In the More actions menu (more_vert) at the end of thedisplay row for the selected IP address, selectPromote to static IP address.
  6. Enter a name for the new static IP address, and then click Reserve.

gcloud

  1. Before promoting an existing ephemeral internal IPv6 address, you need toknow the value of that IP address. Use the Google Cloud CLI to make adescribe request to the resource to get the IP address value.

    • For an instance with an IPv4 address, use the following command:

      gcloud compute instances describe INSTANCE_NAME --zone ZONE | grep "networkIP"

    • For an instance with an IPv6 address, use the following command:

      gcloud compute instances describe INSTANCE_NAME --zone ZONE | grep "ipv6Address"

    • For a regional forwarding rule, use the following command:

      gcloud compute forwarding-rules describe FORWARDING_RULE_NAME --region REGION | grep "IPAddress"

      For a global forwarding rule, use the --global flag instead of the--region flag.

  2. Promote the address:

    • To promote one or more existing internal IPv4 addresses, use thecompute addresses create commandand provide the --addresses flag with the explicit internal IP addresses topromote:

      gcloud compute addresses create IPV4_ADDRESS_NAMES \ --addresses IPV4_ADDRESSES \ --region REGION \ --prefix-length PREFIX_LENGTH \ --subnet SUBNETWORK

      Replace the following:

      • IPV4_ADDRESS_NAMES:the names of the IPv4 addresses. In case of multiple addresses,specify all the address names as a list, separated byspaces—for example,example-address-name-1 example-address-name-2 example-address-name-3.Declare the names in the same order that you declare the IP addresses.For example, suppose you specify the address names asexample-address-name-1 example-address-name-2 example-address-name-3and the IPv4 addresses as 192.0.2.0 192.0.2.1 192.0.2.2. In thisscenario, Compute Engine maps the names and addresses in thefollowing way:

        • example-address-name-1: 192.0.2.0
        • example-address-name-2: 192.0.2.1
        • example-address-name-3: 192.0.2.2

      • IPV4_ADDRESSES: the IPv4 addresses to promote.In case of multiple addresses, specify all the addresses as a list,separated by spaces—for example,192.0.2.0 192.0.2.1 192.0.2.2.

      • REGION: the region to reserve this address.

      • PREFIX_LENGTH: Optional. The prefix length ofthe IPv4 address range. The value must be an integer between 7 and 31.Include this field only if you specify an address range. Exclude thefield if the specified IPv4 address is a single IP address.

      • SUBNETWORK: the subnetwork for this request.

    • To promote one or more existing internal IPv6 addresses, use thecompute addresses create commandand provide the --addresses flag with the explicit internal IPv6 addresses:

      gcloud compute addresses create IPV6_ADDRESS_NAMES \ --addresses IPV6_ADDRESSES \ --region REGION \ --prefix-length PREFIX_LENGTH \ --subnet SUBNETWORK

      Replace the following:

      • IPV6_ADDRESS_NAMES: the names of the address.Declare the names in the same order that you declare the IPv6addresses. In this case, IPV6_ADDRESS_NAME_1corresponds with IPV6_ADDRESS_1, andIPV6_ADDRESS_NAME_2 corresponds withIPV6_ADDRESS_2.
      • IPV6_ADDRESS_1,[IPV6_ADDRESS_2,...]:the IPv6 addresses to promote in CIDR format.
      • PREFIX_LENGTH_1,[PREFIX_LENGTH_2,...]:the prefix length of IPv6 addresses.
      • REGION: the region to reserve this address.
      • SUBNETWORK: the subnetwork for this request.

      The internal IPv6 address remains attached to the existing instanceeven after it has been promoted to a static internal IPv6 address. Ifyou need to assign the newly promoted static internal IPv6 address toanother resource, firstunassign the static internal IPv6 addressfrom the existing instance.

API

Use theaddresses.insert method:

POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/regions/REGION/addresses

For both IPv4 and IPv6 addresses, the body of the request must include theaddressType, which should be INTERNAL, the name of the address, theaddress to promote, and the subnetwork that the IP address belongs to.For IPv6 addresses, additionally, the body of the request must includeprefixLength with 96 as the value.

  • Request body for promoting internal IPv4 addresses:

    {"name": "ADDRESS_NAME","addressType": "INTERNAL","address": "IP_ADDRESS","subnetwork": "regions/REGION/subnetworks/SUBNETWORK"}

    For example:

    POST https://compute.googleapis.com/compute/v1/projects/example-project/regions/us-central1/addresses{"name": "example-IPv4-address-1","addressType": "INTERNAL","address": "10.128.0.2","subnetwork": "regions/us-central1/subnetworks/my-custom-subnet"}

  • Request body for promoting internal IPv6 addresses:

    {"name": "ADDRESS_NAME","addressType": "INTERNAL","address": "IP_ADDRESS","subnetwork": "regions/REGION/subnetworks/SUBNETWORK""prefixLength": 96}

    For example:

    POST https://compute.googleapis.com/compute/v1/projects/example-project/regions/us-central1/addresses{"name": "example-IPv6-address-1","addressType": "INTERNAL","address": "fd20:0:0::","subnetwork": "regions/us-central1/subnetworks/my-custom-subnet""prefixLength": 96}

You can create a reserved static internal IP address in a shared subnet of aShared VPC network. The IP address objectit*elf is created in the same service project as the resource that will use it,even though its value comes from the range of available IP addresses in theselected shared subnet of the Shared VPC network. For more informationabout this use case, see the following resources:

  • The IP addresses section in theShared VPC overview
  • The Reserve a static internal IPv4 or IPv6 addresssection in Provision Shared VPC

List static internal IPv4 or IPv6 addresses

To view all your existing static internal IP addresses, complete the followingsteps.

Console

  1. In the Google Cloud console, go to the IP addresses page.

    Go to IP addresses

  2. Click Internal IP addresses.

gcloud

Use the gcloud compute addresses list command:

gcloud compute addresses list

API

Use the addresses.list method:

GET https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/regions/REGION/addresses

Replace the following:

  • PROJECT_ID: the project ID for this request
  • REGION: the name of the region for this request

To list all the addresses in all regions, use theaddresses.aggregatedList method:

GET https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/aggregated/addresses

Release a static internal IPv4 or IPv6 address

If you no longer need a static internal IP address, you can release the IPaddress by deleting the IP address resource.

If you are using the Google Cloud console, you can release a static IP addressonly if it is not being used by another resource.

If you're using the gcloud CLI or API, you can releasean IP address whether or not it's being used by another resource.

  • If the IP address is not being used by a resource, the IP address isreturned to the pool of available internal IP addresses.

  • If the IP address is being used by a resource, it remains attached to theresource until the resource is deleted.

To release a static internal IPv4 or IPv6 address, complete the following steps.

Console

  1. In the Google Cloud console, go to the IP addresses page.

    Go to IP addresses

  2. Select the Internal IP addresses tab.
  3. Optional: In the Filter field, enter static and then select Static : Type from the drop-down list.
  4. Select the static internal IP address that you want to release.

  5. Click Release static address, and then confirm this operation by clicking Release in the dialog.

    If you don't see this option, click the More actions menu (more_vert) in the top menu bar, and then select Release static address from the list.

gcloud

Use thecompute addresses delete command:

gcloud compute addresses delete ADDRESS_NAME \ --region REGION

Replace the following:

  • ADDRESS_NAME: the name of the address to delete.
  • REGION: the region the address belongs to.

For example:

gcloud compute addresses delete example-address-to-delete \ --region us-west1

API

Use theaddresses.delete method:

DELETE https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/regions/REGION/addresses/ADDRESS_NAME

This example deletes an address in the us-west1 region:

DELETE https://compute.googleapis.com/compute/v1/projects/myproject/regions/us-west1/addresses/example-address-to-delete

What's next

  • Learn how to configure static internal IP addressesfor VMs.

  • Create an internal load balancer that uses a static internal IPv4 address:

    • Set up an internal passthrough Network Load Balancer with VM instance group backends
    • Set up an internal Application Load Balancer with VM instance group backends

  • Learn about IP address specificationsfor forwarding rules, and how to use forwarding rules, in the Forwarding rules overview.

  • Learn more about IP addresses.

Reserve a static internal IP address  |  VPC  |  Google Cloud (2024)
Top Articles
Benefits of sharing
Your Investor is Not Your Boss - Startup CEO Reflections
Northern Counties Soccer Association Nj
Great Clips Mount Airy Nc
Skylar Vox Bra Size
Brady Hughes Justified
13 Easy Ways to Get Level 99 in Every Skill on RuneScape (F2P)
Seething Storm 5E
Craigslist Nj North Cars By Owner
Mr Tire Rockland Maine
Which Is A Popular Southern Hemisphere Destination Microsoft Rewards
Student Rating Of Teaching Umn
Craigslist Farm And Garden Tallahassee Florida
iLuv Aud Click: Tragbarer Wi-Fi-Lautsprecher für Amazons Alexa - Portable Echo Alternative
Mail.zsthost Change Password
How Much Is Tay Ks Bail
Kountry Pumpkin 29
Full Standard Operating Guideline Manual | Springfield, MO
zom 100 mangadex - WebNovel
Boscov's Bus Trips
Myhr North Memorial
Stoney's Pizza & Gaming Parlor Danville Menu
Pearson Correlation Coefficient
Glover Park Community Garden
Sunset Time November 5 2022
Village
Dark Entreaty Ffxiv
Bay Area Craigslist Cars For Sale By Owner
The Boogeyman (Film, 2023) - MovieMeter.nl
Free T33N Leaks
Healthy Kaiserpermanente Org Sign On
Co10 Unr
Stubhub Elton John Dodger Stadium
Dailymotion
Blush Bootcamp Olathe
Kltv Com Big Red Box
Sun Haven Pufferfish
What Time Does Walmart Auto Center Open
Kstate Qualtrics
Craigslist Hamilton Al
Spinning Gold Showtimes Near Emagine Birch Run
Pillowtalk Podcast Interview Turns Into 3Some
Mckinley rugzak - Mode accessoires kopen? Ruime keuze
Pepsi Collaboration
How to Get a Better Signal on Your iPhone or Android Smartphone
Tacos Diego Hugoton Ks
Bf273-11K-Cl
Missed Connections Dayton Ohio
Naomi Soraya Zelda
Ret Paladin Phase 2 Bis Wotlk
Zalog Forum
Texas 4A Baseball
Latest Posts
Enterprise Products Partners Net Worth 2010-2024 | EPD
How Much Does Invoice Factoring Cost?
Article information

Author: Rubie Ullrich

Last Updated:

Views: 6285

Rating: 4.1 / 5 (72 voted)

Reviews: 95% of readers found this page helpful

Author information

Name: Rubie Ullrich

Birthday: 1998-02-02

Address: 743 Stoltenberg Center, Genovevaville, NJ 59925-3119

Phone: +2202978377583

Job: Administration Engineer

Hobby: Surfing, Sailing, Listening to music, Web surfing, Kitesurfing, Geocaching, Backpacking

Introduction: My name is Rubie Ullrich, I am a enthusiastic, perfect, tender, vivacious, talented, famous, delightful person who loves writing and wants to share my knowledge and understanding with you.