Beim Erstellen der Parallelstore-Instanz und der Compute Engine-VMs oder Google Kubernetes Engine-Cluster des Clients muss dasselbe VPC-Netzwerk angegeben werden.
Außerdem müssen Sie den Zugriff auf private Dienste in Ihrer VPC konfigurieren.
IAM-Berechtigungen konfigurieren
Sie benötigen eine der folgenden IAM-Berechtigungen, um das Netzwerk-Peering für Ihr Projekt einzurichten:
Für den Zugriff auf private Dienste ist eine Präfixlänge von mindestens /24 (256 Adressen) erforderlich.
Parallelstore reserviert 64 Adressen pro Instanz. Sie können diesen IP-Bereich bei Bedarf für andere Dienste oder andere Parallelstore-Instanzen wiederverwenden.
Parallelstore-Instanzen und ‑Clients dürfen keine IP-Adresse aus dem Subnetzbereich 172.17.0.0/16 verwenden. Weitere Informationen finden Sie unter Bekannte Probleme.
[[["Leicht verständlich","easyToUnderstand","thumb-up"],["Mein Problem wurde gelöst","solvedMyProblem","thumb-up"],["Sonstiges","otherUp","thumb-up"]],[["Schwer verständlich","hardToUnderstand","thumb-down"],["Informationen oder Beispielcode falsch","incorrectInformationOrSampleCode","thumb-down"],["Benötigte Informationen/Beispiele nicht gefunden","missingTheInformationSamplesINeed","thumb-down"],["Problem mit der Übersetzung","translationIssue","thumb-down"],["Sonstiges","otherDown","thumb-down"]],["Zuletzt aktualisiert: 2025-09-02 (UTC)."],[],[],null,["# Configure a VPC network\n\nParallelstore runs within a Virtual Private Cloud (VPC) which provides\nnetworking functionality to\n[Compute Engine virtual machine (VM) instances](/compute/docs/instances),\n[Google Kubernetes Engine (GKE) clusters](/kubernetes-engine/docs), and\n[serverless workloads](/serverless#section-3).\n\nThe same VPC network must be specified when creating the Parallelstore instance\nand client Compute Engine VMs or Google Kubernetes Engine clusters\n\nYou must also configure private services access within your VPC.\n\nConfigure IAM permissions\n-------------------------\n\nYou must have one of the following IAM permissions in order to set up network\npeering for your project:\n\n- [Compute Network Admin](/compute/docs/access/iam#compute.networkAdmin) (`roles/compute.networkAdmin`)\n- [Service Networking Admin](/iam/docs/understanding-roles#servicenetworking.networksAdmin) (`roles/servicenetworking.networksAdmin`)\n\nTo grant a role: \n\n gcloud projects add-iam-policy-binding \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e \\\n --member=\"user:\u003cvar translate=\"no\"\u003eEMAIL_ADDRESS\u003c/var\u003e\"\n --role=\u003cvar translate=\"no\"\u003eROLE\u003c/var\u003e\n\nCreate and configure the VPC\n----------------------------\n\n1. Enable service networking.\n\n gcloud services enable servicenetworking.googleapis.com\n\n2. Create a VPC Network.\n\n gcloud compute networks create \u003cvar translate=\"no\"\u003eNETWORK_NAME\u003c/var\u003e \\\n --subnet-mode=auto \\\n --mtu=8896\n\n | **Note:** Setting the value of `mtu` (*maximum transmission unit*, or the size of the largest IP packet that can be transmitted on this network) to the maximum allowed value of 8896 improves performance up to 10% compared to the default value of 1460 bytes.\n3. Create an IP range.\n\n Private services access\n [requires a prefix-length of at least `/24`](/vpc/docs/configure-private-services-access#ip_address_range_size) (256 addresses).\n Parallelstore reserves 64 addresses per instance, which means that you can\n re-use this IP range with other services or other Parallelstore instances if\n needed. \n\n gcloud compute addresses create \u003cvar translate=\"no\"\u003eIP_RANGE_NAME\u003c/var\u003e \\\n --global \\\n --purpose=VPC_PEERING \\\n --prefix-length=24 \\\n --description=\"Parallelstore VPC Peering\" \\\n --network=\u003cvar translate=\"no\"\u003eNETWORK_NAME\u003c/var\u003e\n\n4. Get the CIDR range associated with the range you created in the previous step.\n\n CIDR_RANGE=$(\n gcloud compute addresses describe \u003cvar translate=\"no\"\u003eIP_RANGE_NAME\u003c/var\u003e \\\n --global \\\n --format=\"value[separator=/](address, prefixLength)\"\n )\n\n5. Create a firewall rule to allow TCP traffic from the IP range you created.\n\n gcloud compute firewall-rules create \u003cvar translate=\"no\"\u003eFIREWALL_NAME\u003c/var\u003e \\\n --allow=tcp \\\n --network=\u003cvar translate=\"no\"\u003eNETWORK_NAME\u003c/var\u003e \\\n --source-ranges=$CIDR_RANGE\n\n6. Connect the peering.\n\n gcloud services vpc-peerings connect \\\n --network=\u003cvar translate=\"no\"\u003eNETWORK_NAME\u003c/var\u003e \\\n --ranges=\u003cvar translate=\"no\"\u003eIP_RANGE_NAME\u003c/var\u003e \\\n --service=servicenetworking.googleapis.com\n\nKnown issues\n------------\n\nParallelstore instances and clients cannot use an IP address from the\n172.17.0.0/16 subnet range. See [Known issues](/parallelstore/docs/known-issues)\nfor more information.\n\nWhat's next\n-----------\n\n- [Create a Parallelstore instance](/parallelstore/docs/create-instance)\n- [Troubleshoot VPC networks](/parallelstore/docs/troubleshooting#troubleshooting-vpc-networks)"]]
