Please note that the contents of this offline web site may be out of date. To access the most recent documentation visit the online version .
Note that links that point to online resources are green in color and will open in a new window.
We would love it if you could give us feedback about this material by filling this form (You have to be online to fill it)



Instances and Networks

Every instance is assigned to a single network that defines how that instance can communicate with other instances, other networks, or the Internet. Instances do not need to be in the same zone to share a network. By default, all projects have a default network named default . New instances are automatically assigned to this network, which has the following default firewall rules:

Any other incoming traffic to an instance is blocked, unless you add additional firewalls that allow more connections. Additionally, you can assign arbitrary tags to an instance, such as "frontend" or "sqlserver", and use those as permitted firewall sources/targets. This is a more flexible and scalable system than specifying the source by an IP address. You can assign instance tags when you create your instance using the --tag flag.

For more information about networks, see Networks and Firewalls .

Contents

Instance IP Addresses

Instances support one or two IP addresses: a required network address, which is used for communicating within the network, and an optional external IP address, which is used to communicate with callers outside the network. Addresses can be assigned at instance creation time or after an instance has been created. Refer to Assigning IP Addresses to Existing Instances to see how to assign external IP addresses after the instance has been created.

You can see the network and external IP addresses assigned to your instances by calling gcloud compute instances list or gcloud compute instances describe .

Instances can address each other by network or external address, or by instance name (DNS). Here is a comparison of these three techniques:

The following example demonstrates how to use gcloud compute ssh and ping to address your instances by instance name, external IP address, and network IP address.

  1. List your instances.

    $ gcloud compute instances list
    NAME          ZONE                 MACHINE_TYPE         INTERNAL_IP    EXTERNAL_IP     STATUS
    instance-2    us-central1-a        n1-standard-1        10.181.215.203 146.148.32.59   RUNNING
    instance-1    us-central1-a        n1-standard-1        10.203.133.172 146.148.41.156  RUNNING
    www3          us-central1-a        g1-small             10.107.49.46   107.178.218.245 RUNNING
    
  2. Ping your instance by external address to confirm that it is up and running.

    $ ping -c 1 146.148.41.156
    PING 146.148.41.156 56(84) bytes of data.
    64 bytes from 203.135.113.022: icmp_seq=1 ttl=55 time=17.5 ms
    
    --- 146.148.41.156 ping statistics ---
    1 packets transmitted, 1 received, 0% packet loss, time 0ms
    rtt min/avg/max/mdev = 17.568/17.568/17.568/0.000 ms
    
  3. ssh into the instance.

    $ gcloud compute ssh instance-1
    Welcome to GCE Linux 12.04 LTS (...)
    Running a Google Compute Engine VM Instance
     * Documentation: https://developers.google.com/compute/
     * You are running on an EPHEMERAL root disk, which is NOT PERSISTENT.
       For persistent data, use Persistent Disks:
         https://developers.google.com/compute/docs/disks#persistentdisks
    
    The programs included with this system are free software;
    the exact distribution terms for each program are described in the
    individual files in /usr/share/doc/*/copyright.
    
    This software comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
    applicable law.
    
    Last login: Tue Aug 30 11:16:43
    ...
    
  4. Ping instance-2 from within instance-1, using the instance name.

    user@instance-1:~$ ping -c 1 instance-2
    PING instance-2.my-project.google (10.181.215.203) 56(84) bytes of data.
    64 bytes from instance-2.my-project.google (10.181.215.203): icmp_seq=1 ttl=64 time=1.00 ms
    
    --- instance-2.my-project.google ping statistics ---
    1 packets transmitted, 1 received, 0% packet loss, time 0ms
    rtt min/avg/max/mdev = 1.005/1.005/1.005/0.000 ms
    
  5. You can also ping the instance using the internal network address.

    user@instance-1:~$ ping -c 1 10.181.215.203
    PING 10.181.215.203 56(84) bytes of data.
    64 bytes from 10.181.215.203: icmp_seq=1 ttl=64 time=1.47 ms
    
    --- 10.181.215.203 ping statistics ---
    1 packets transmitted, 1 received, 0% packet loss, time 0ms
    rtt min/avg/max/mdev = 1.473/1.473/1.473/0.000 ms
    

Network Addresses

Every instance has a network address that is unique to the network. This address is automatically assigned by Google Compute Engine when you create the instance.

Google Compute Engine resolves instance names to network addresses when called within the instance's network. For instance, from a virtual machine running inside Google Compute Engine, you can address other instances using ping, curl, or any other program that expects a DNS name.

Configuring a static network address

Although Compute Engine doesn't allow creating an instance with a user-defined local IP address, you can use a combination of routes and an instance's --can-ip-forward ability to add local IP address as a network static address which then maps to your desired virtual machine instance.

For example, if you want to assign 10.1.1.1 specifically as a network address to a virtual machine instance, you can create a static network route that sends traffic from 10.1.1.1 to your instance, even if the instance's network address assigned by Compute Engine doesn't match your desired network address.

Use the following instructions to configure your network address using a static network route.

  1. Choose an IP address that doesn't belong to any network in your project.

    For this example, we are using 10.1.1.1 .

  2. Create a new virtual machine instance and enable IP forwarding.

    By default, Compute Engine won't deliver packets whose destination IP address is different than the IP address of the instance receiving the packet. To disable this destination IP check, you can enable IP forwarding for the instance.

    Other than the zone, you can choose the other attributes of your instance, such as the machine type and image.

    $ gcloud compute instances create my-configurable-instance --can-ip-forward
    
  3. Create a static network route to direct packets destined for 10.1.1.1 to your instance.

    $ gcloud compute routes create ip-10-1-1-1 \
             --next-hop-instance my-configurable-instance \
             --next-hop-instance-zone ZONE \
             --destination-range 10.1.1.1/32
    
  4. Add a new virtual interface to your instance.

    These instructions are available for Debian and CentOS instances. Select your desired operating system for the right instructions.

Debian
  1. ssh into your instance.
    $ gcloud compute ssh my-configurable-instance
  2. Append the following lines to the /etc/network/interfaces file.
    # Change to root first
    user@my-configurable-instance:~$ sudo su -
    
    # Append the following lines
    root@my-configurable-instance:~$ cat <<EOF >>/etc/network/interfaces
    iface eth0 inet static
    address 10.1.1.1
    netmask 255.255.255.255
    EOF
  3. Restart the network.
    root@my-configurable-instance:~$ /etc/init.d/networking restart
CentOS 6
  1. ssh into your instance.
    $ gcloud compute ssh my-configurable-instance
  2. Add the following lines to a new file named /etc/sysconfig/network-scripts/ifcfg-eth0:0
    # Change to root first
    user@my-configurable-instance:~$ sudo su -
    
    # Add the following lines
    root@my-configurable-instance:~$ cat <<EOF >>/etc/sysconfig/network-scripts/ifcfg-eth0:0
    DEVICE="eth0:0"
    BOOTPROTO="static"
    IPADDR=10.1.1.2
    NETMASK=255.255.255.255
    ONBOOT="yes"
    EOF
  3. Bring up your new interface.
    root@my-configurable-instance:~$ ifup eth0:0
  1. Check that your virtual machine instance interface is up by pinging 10.1.1.1 from inside your instance.

    user@my-configurable-instance:~$ ping 10.1.1.1
    

    You can also try pinging the interface from another instance in your project.

External Addresses

You can assign an optional externally visible IP address to specific instances. Outside callers can address a specific instance by external IP if the network firewalls allow it. Only instances with an external address can send and receive traffic from outside the network.

Google Compute Engine supports two types of externally-visible IP addresses: static IPs , which can be assigned to a project long term or ephemeral IPs , which are assigned for the lifetime of the instance. Once an instance is terminated, the ephemeral IP is released back into the general Google Compute Engine pool and becomes available for use by other projects.

Ephemeral IP Addresses

When you create an instance using gcloud compute , your instance is automatically assigned an ephemeral external IP address. You can choose not to assign an external IP address in gcloud compute by providing the --no-address flag. If you are creating an instance using the API, you need to explicitly provide an accessConfig specification to request an external IP address. If you have an existing instance that doesn't have an external IP address, but would like to assign one, see Assigning IP Addresses to Existing Instances . For information on defining an accessConfig for your instance, see the API reference .

Reserved IP Addresses

If you need a static IP address that is assigned to your project until you explicitly release it, you can reserve a new IP address or promote an ephemeral IP address to using gcloud compute with the addresses create command or making a PUT request to the appropriate regional Addresses collection. Static IP addresses can be regional or global resources and you must select a either the region where your IP address will live or indicate that it is global.

Static IP addresses can only be used by one resource at a time. You cannot assign an IP address to multiple resources. There is also no way to tell whether an IP address is static or ephemeral after it has been assigned to a resource, except to compare it against the list of static IP addresses assigned to the project. Use the addresses list command to see a list of static IP addresses available to the project.

Note: An regional external IP address can only be used by a single instance through the access config, but it is possible that your instance may receive traffic from multiple forwarding rules , which may serve external IP addresses that are different than the IP address assigned to the instance. In summary, a virtual machine instance can:

For more information, review the load balancing documentation.

Reserving an IP Address

To reserve a new static IP address using gcloud compute , use the addresses create command:

$ gcloud compute addresses create example-address example-address-2 \
         --region us-central1

This reserves a regional IP address in us-central1. To reserve a global IP address, use the --global flag.

If you would like to promote an ephemeral IP address to a static IP address, provide the address using the --addresses flag. The following example promotes an ephemeral IP address to a reserved IP address. Since no address name is specified, gcloud compute automatically assigns a name.

$ gcloud compute addresses create \
         --addresses 162.222.181.197 \
         --region us-central1

With the API client libraries, use the addresses().insert function, passing in the region for the request and a request body that contains the name of the address and, if desired, the ephemeral IP address to promote. The following is a snippet from the Python client library:

def reserveIpAddress(auth_http, gce_service):
  addressName = 'testaddress'
  ipAddressToPromote = 'x.x.x.x'
  body = {
    "name": addressName,
    "address": ipAddressToPromote
  }
  request = gce_service.addresses().insert(project=PROJECT_ID,
    region='<region>', body=body)
  response = request.execute(auth_http)

  print response

To make a request to the API directly, make a PUT request to the following URI:

`http://www.googleapis.com/compute/v1/project/<project-id>/regions/<region>/addresses`

Your request body should contain the following (omit the address field if you are not promoting an ephemeral IP address):

body = {
  name: “<address-name>”,
  address: “<address-to-promote>”
}

If this is a new static IP address, you can assign it to an instance using the --address flag during instance creation:

$ gcloud compute instances create myinst --address x.x.x.x

where x.x.x.x is your static IP address. You can also assign an IP address to an existing instance . If you promoted an ephemeral IP address, it remains attached to its current instance.

Listing Reserved IP Addresses

To list the reserved IP addresses, run addresses list or make a GET request to the API:

$ gcloud compute addresses list --region REGION

With the APIs client libraries, use the addresses().list function. Here's a snippet from the Python client library that lists addresses from one region:

def listIpAddresses(auth_http, gce_service):
  request = gce_service.addresses().list(project=PROJECT_ID,
    region='<region>')
  response = request.execute(auth_http)

  print response

To make a request to the API directly, perform a GET request to the following URI with an empty request body:

http://www.googleapis.com/compute/v1/projects/<project-id>/regions/<region>/addresses

To list all addresses in all regions, make a request to the following URI:

http://www.googleapis.com/compute/v1/projects/<project-id>/aggregated/addresses

In the client libraries, use the addresses().aggregatedList function:

def listAllIpAddresses(auth_http, gce_service):
  request = gce_service.addresses().aggregatedList(project=PROJECT_ID)
  response = request.execute(auth_http)

  print response

Getting Information about an IP Address

To get information about a single IP address, use gcloud compute addresses describe with the name of the addresss or make a GET request to the API

To use gcloud compute addresses describe :

  $ gcloud compute addresses describe ADDRESS --region REGION

With the API client libraries, use the addresses().get method and specify the address for which you want to get more information:

def getIpAddress(auth_http, gce_service):
  addressName = "testaddress"
  request = gce_service.addresses().get(project=PROJECT_ID,
    region='<region>', address=addressName)
  response = request.execute(auth_http)

  print response

To make a request to the API directly, make a GET request with an empty request body to the following URI:

http://www.googleapis.com/compute/v1/projects/<project-id>/regions/<region>/addresses/<address-name>

Releasing an IP Address

To release an IP address, use gcloud compute with the addresses delete command or by sending a DELETE request to the API.

$ gcloud compute addresses delete ADDRESS --region REGION

With the API client libraries, use the addresses().delete method, providing the address name and the region:

def releaseAddress(auth_http, gce_service):
  addressName = "testaddress"
  request = gce_service.addresses().delete(project=PROJECT_ID,
    region='<region>', address=addressName)
  response = request.execute(auth_http)

  print response

To make a request to the API directly, make a DELETE request to the following URI with an empty request body:

https://www.googleapis.com/compute/v1/projects/<project-id>/regions/<region>/addresses/<address-name>

Assigning IP Addresses to Existing Instances

gcloud compute allows you to assign external IP addresses to existing instances using the access configuration portion of the instance's network interface. External IP addresses, both ephemeral and static, can be assigned to existing instances in this manner. You can only one external IP address to an instance so if an instance already has an external IP address, you must first remove the IP address by deleting the access configuration, and then adding a new access configuration.

To add an external IP address to an existing instance, use the instances add-access-config command:

$ gcloud compute instances add-access-config INSTANCE \
         --access-config-name ACCESS_CONFIG --address ADDRESS

To delete an access configuration from an instance's network interface, use the instances delete-access-config command:

$ gcloud compute instances delete-access-config INSTANCE \
         --access-config-name ACCESS_CONFIG

Authentication required

You need to be signed in with Google+ to do that.

Signing you in...

Google Developers needs your permission to do that.