Many Google Cloud resources can have internal IP addresses and external IP addresses. For example, you can assign an internal and external IP address to Compute Engine virtual machine (VM) instances. Instances use these addresses to communicate with other Google Cloud resources and external systems.
Each VM instance network interface must have one primary internal IPv4 address. Each network interface can also have one or more alias IPv4 ranges, and one external IPv4 address. If the VM is connected to a subnet that supports IPv6, each network interface can also have internal or external IPv6 addresses assigned.
An instance can communicate with instances on the same Virtual Private Cloud (VPC) network, using the VM's internal IPv4 address. If the VMs have IPv6 configured, you can also use one of the VM's internal or external IPv6 addresses. As a best practice, use internal IPv6 addresses for internal communication.
To communicate with the internet, you can use an external IPv4 or external IPv6 address configured on the instance. If no external address is configured on the instance, Cloud NAT can be used for IPv4 traffic.
Similarly, you must use the instance's external IPv4 or external IPv6 to connect to instances outside of the same VPC network. However, if the networks are connected in some way, such as by using VPC Network Peering, you can use the instance's internal IP address.
For information about identifying the internal and external IP address for your instances, see Locating the external and internal IP address for an instance.
Try it for yourself
If you're new to Google Cloud, create an account to evaluate how Compute Engine performs in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.
Try Compute Engine freeExternal IP addresses
If you need to communicate with the internet or with resources in another VPC network, you can assign an external IPv4 or IPv6 address to an instance. If firewall policy rules or hierarchical firewall policies allow the connection, sources from outside a VPC network can reach a specific resource using its external IP address. Resources with an external IP address can directly communicate with resources outside of the VPC network. VMs that are in different VPC networks can communicate using internal IP addresses in certain situations, like when the VPC networks are peered; these VMs don't need external IP addresses. Communicating with a resource using an external IP address can cause additional billed charges.
External IPv4 addresses are available to all VMs. When you configure an external IPv4 address on a VM's interface, a single IPv4 address is assigned from Google's ranges of external IPv4 addresses. For more information, see Where can I find Compute Engine IP ranges.
External IPv6 addresses are available to VMs that are connected to a subnet that has an external IPv6 range. When you configure IPv6 for a VM's interface, a single
/96range of IPv6 addresses is assigned from the subnet's external IPv6 range.
You can also reserve a static external address from the subnet's IPv4 or IPv6 range and assign it to an instance.
Internal IP addresses
VM interfaces are assigned IP addresses from the subnet that they are connected to. Each VM interface has one primary internal IPv4 address, which is assigned from the subnet's primary IPv4 range. If the subnet has an internal IPv6 range, then in addition to the primary internal IPv4 address, you can optionally configure the VM interface with a primary internal IPv6 address.
Internal IPv4 addresses can be assigned in the following ways:
- Compute Engine assigns a single IPv4 address from the primary IPv4 subnet ranges automatically.
- You can assign a specific internal IPv4 address when you create a VM instance.
Internal IPv6 addresses can be assigned to VMs that are connected to a subnet that has an internal IPv6 range in the following ways:
- When you configure an internal IPv6 address on a VM's interface,
Compute Engine assigns a single
/96range of IPv6 addresses from the subnet's internal IPv6 range. - You can assign a specific internal IPv6 address when you create a VM instance.
You can also reserve a static internal address from the subnet's IPv4 or IPv6 range and assign it to an instance.
Instances can also have alias IP addresses and ranges. If you have more than one service running on a VM, you can assign each service its own unique IP address.
Internal DNS names
Google Cloud automatically resolves the fully qualified DNS name (FQDN) of an instance to the internal IP addresses of the instance. Internal DNS names work only within the instance's VPC network.
For more information about fully qualified domain names (FQDN), see Internal DNS.
Regional and global IP addresses
When you list or describe IP addresses in your project, Google Cloud
labels addresses as global or regional, which indicates how a particular address
is being used. When you associate an address with a regional resource, such as
a VM, Google Cloud labels the address as regional.
Regions are Google Cloud
regions, such as us-east4 or europe-west2.
Global IP addresses are used in the following configurations:
- Global internal IP addresses: Access Google APIs through endpoints or private services access
- Global external IP addresses: External proxy Network Load Balancers and External Application Load Balancers using a Premium tier network
For instructions on how to create a global IP address, see Reserve a new static external IP address.
What's next
- Locating the external and internal IP address for an instance.
- Reserve a new static external IP address.
- Assigning a static external IP to a new VM instance.
- Choosing an internal IP address at instance creation.
- Promoting an ephemeral external IP address.
- Learn how to use internal DNS names to address instances over the internal VPC network.
- Learn more about IP addresses.
- Learn more about IPv6.
- Learn more about IP addresses and load balancing.
- Review external IP address pricing.