Create and use internal ranges
This document describes how to create, use, and delete internal ranges.
Internal ranges help you manage a unified IP address space across Virtual Private Cloud (VPC) networks by letting you allocate blocks of internal IP addresses and specify how those blocks can be used.
Before you begin
- To use the command-line examples in this guide, install or update to the latest version of the Google Cloud CLI.
- You must enable the Network Connectivity API in your project.
Required roles
To get the permissions that you need to work with internal ranges,
ask your administrator to grant you the
Compute Network Admin (roles/compute.networkAdmin
) IAM role on your project.
For more information about granting roles, see Manage access to projects, folders, and organizations.
You might also be able to get the required permissions through custom roles or other predefined roles.
Create internal ranges
You specify at least two things when creating an internal range: the IP addresses to allocate and the network to allocate the addresses in. You can create an internal range with a precise CIDR range, or you can have Google Cloud choose the range automatically.
Create an internal range for a specific CIDR block
Console
In the Google Cloud console, go to the Internal ranges page.
Click Reserve internal range.
Enter a Name.
Optional: Enter a Description.
In the Reservation method section, select Let me specify.
In the IP range field, enter the internal range's IP address range in CIDR notation.
Select a Network.
Select a Peering type.
Select a Usage type.
Click Reserve.
gcloud
Use the
internal-ranges create
command.
gcloud network-connectivity internal-ranges create RANGE_NAME \ --ip-cidr-range=CIDR_RANGE \ --network=NETWORK_NAME \ --description="DESCRIPTION" \ --peering=PEERING_TYPE \ --usage=USAGE_TYPE
Replace the following:
RANGE_NAME
: the name of the new internal range.CIDR_RANGE
: the CIDR range to allocate to the new internal range.NETWORK_NAME
: the name of the network to create the internal range in.DESCRIPTION
: an optional description of the internal range.PEERING_TYPE
: the peering type of the internal range. Options areFOR_SELF
,FOR_PEER
, andNOT_SHARED
.FOR_SELF
is the default.USAGE_TYPE
: the usage type of the internal range. Options areFOR_VPC
,EXTERNAL_TO_VPC
, andFOR_MIGRATION
. The default value isFOR_VPC
.- If you use the
FOR_MIGRATION
option, you must also specify source and target subnets. For an example, see Reserve an internal range for subnet migration.
- If you use the
API
Make a POST
request to the projects.locations.internalRanges.create
method.
POST https://networkconnectivity.googleapis.com/v1/projects/PROJECT_ID/locations/global/internalRanges?internalRangeId=RANGE_NAME { "ipCidrRange": "CIDR_RANGE", "network": "NETWORK_NAME", "description": "DESCRIPTION", "peering": "PEERING_TYPE", "usage": "USAGE_TYPE" }
Replace the following:
PROJECT_ID
: the ID of the parent project for the internal range.RANGE_NAME
: the name of the internal range.CIDR_RANGE
: the CIDR range to allocate to the internal range.NETWORK_NAME
: the name of the network to create the internal range in.DESCRIPTION
: an optional description of the new internal range.PEERING_TYPE
: the peering type of the internal range. Options areFOR_SELF
,FOR_PEER
, andNOT_SHARED
.FOR_SELF
is the default.USAGE_TYPE
: the usage type of the internal range. Options areFOR_VPC
,EXTERNAL_TO_VPC
, andFOR_MIGRATION
. The default value isFOR_VPC
.- If you use the
FOR_MIGRATION
option, you must also specify source and target subnets. For an example, see Reserve an internal range for subnet migration.
- If you use the
Create an internal range with an automatically allocated CIDR block
When you create an internal range with an automatically allocated CIDR block, you specify a prefix length and one or more target CIDR ranges. Google Cloud accounts for any existing IP address allocations and allocates a free block of IP addresses of the chosen size from within the target CIDR ranges.
Console
In the Google Cloud console, go to the Internal ranges page.
Click Reserve internal range.
Enter a Name.
Optional: Enter a Description.
In the Reservation method section, select Automatic.
Select a Prefix length.
In the Target IP address range 1 field, enter an IP address range from which to allocate IP addresses. You can specify multiple IP address ranges by clicking Add a target IP address range and entering each range.
Select a Network.
Select a Peering type.
Select a Usage type.
Click Reserve.
gcloud
Use the internal-ranges create
command.
gcloud network-connectivity internal-ranges create RANGE_NAME \ --network=NETWORK_NAME \ --prefix-length=PREFIX_LENGTH \ --target-cidr-range=TARGET_CIDR_RANGE \ --peering=PEERING_TYPE \ --usage=USAGE_TYPE \ --description="DESCRIPTION"
Replace the following:
RANGE_NAME
: the name of the internal range.NETWORK_NAME
: the name of the network to create the internal range in.PREFIX_LENGTH
: the prefix length of the allocated IP addresses.TARGET_CIDR_RANGE
: the target CIDR range from which to allocate an IP address block. You can enter multiple CIDR ranges in a comma-separated list. The default is10.0.0.0/8
for custom mode VPC networks or10.128.0.0/9
for auto mode VPC networks.PEERING_TYPE
: the peering type of the internal range. Options areFOR_SELF
,FOR_PEER
, andNOT_SHARED
.FOR_SELF
is the default.USAGE_TYPE
: the usage type of the internal range. Options areFOR_VPC
andEXTERNAL_TO_VPC
.FOR_VPC
is the default.DESCRIPTION
: an optional description of the new internal range.
API
Make a POST
request to the projects.locations.internalRanges.create
method.
POST https://networkconnectivity.googleapis.com/v1/projects/PROJECT_ID/locations/global/internalRanges?internalRangeId=RANGE_NAME { "prefixLength": PREFIX_LENGTH, "targetCidrRange": "TARGET_CIDR_RANGE", "network": "NETWORK_NAME", "description": "DESCRIPTION", "peering": "PEERING_TYPE", "usage": "USAGE_TYPE" }
Replace the following:
PROJECT_ID
: the ID of the parent project for the internal range.RANGE_NAME
: the name of the internal range.PREFIX_LENGTH
: the CIDR prefix length for the range's IP address block.TARGET_RANGE
: the target CIDR range from which to allocate an IP address block. You can specify multiple CIDR ranges in a JSON array. The default is10.0.0.0/8
for custom mode VPC networks or10.128.0.0/9
for auto mode VPC networks.NETWORK_NAME
: the name of the network to create the internal range in.DESCRIPTION
: an optional description of the new internal range.PEERING_TYPE
: the peering type of the internal range. Options areFOR_SELF
,FOR_PEER
, andNOT_SHARED
.FOR_SELF
is the default.USAGE_TYPE
: the usage type of the internal range. Options areFOR_VPC
andEXTERNAL_TO_VPC
.FOR_VPC
is the default.
Reserve internal ranges
Creating internal ranges with the usage type and peering type set correctly lets Google Cloud help ensure that the allocated IP addresses are used as intended. The internal ranges are reserved for use according to the settings that you choose for the usage and peering types.
Reserve an internal range for an on-premises network
You can create an internal range that is reserved for on-premises use only. When you reserve a range for on-premises use, Google Cloud does not let you create subnetworks or routes in the parent VPC network if the new resource conflicts with the reserved range.
Console
In the Google Cloud console, go to the Internal ranges page.
Click Reserve internal range.
Enter a Name.
Optional: Enter a Description.
In the Reservation method section, select Let me specify.
In the IP range field, enter the internal range's IP address range in CIDR notation.
Select a Network.
Click Peering, and then select Not shared.
Click Usage, and then select External to VPC.
Click Reserve.
gcloud
Use the internal-ranges create
command.
gcloud network-connectivity internal-ranges create RANGE_NAME \ --ip-cidr-range=CIDR_RANGE \ --network=NETWORK_NAME \ --description="reserved for on-premises" \ --usage=EXTERNAL_TO_VPC \ --peering=NOT_SHARED
Replace the following:
RANGE_NAME
: the name of the internal range to reserve for on-premises use.CIDR_RANGE
: the CIDR range to allocate for on-premises use.NETWORK_NAME
: the name of the network to create the internal range in.
API
Make a POST
request to the projects.locations.internalRanges.create
method.
POST https://networkconnectivity.googleapis.com/v1/projects/PROJECT_ID/locations/global/internalRanges?internalRangeId=RANGE_NAME { "ipCidrRange": "CIDR_RANGE", "network": "NETWORK_NAME", "description": "reserved for on-premises use", "usage": "EXTERNAL_TO_VPC", "peering": "NOT_SHARED" }
Replace the following:
PROJECT_ID
: the ID of the parent project for the internal range.RANGE_NAME
: the name of the new internal range.CIDR_RANGE
: the CIDR prefix length for the range's IP address block.NETWORK_NAME
: the name of the network to create the internal range in.
Reserve an internal range for peer networks
You can create an internal range that is reserved for peer VPC networks. When you reserve a range for peer VPC networks, no resource in the range's parent VPC network can use the range. Only peer and peer-of-peer VPC networks can use the range.
Console
In the Google Cloud console, go to the Internal ranges page.
Click Reserve internal range.
Enter a Name.
Optional: Enter a Description.
In the Reservation method section, select Let me specify.
In the IP range field, enter the internal range's IP address range in CIDR notation.
Select a Network.
Click Peering, and then select For peer.
Click Usage, and then select For VPC.
Click Reserve.
gcloud
Use the
internal-ranges create
command.
gcloud network-connectivity internal-ranges create RANGE_NAME \ --target-cidr-range=TARGET_CIDR_RANGE \ --prefix-length=PREFIX_LENGTH \ --network=NETWORK_NAME \ --peering=FOR_PEER \ --usage=FOR_VPC
Replace the following:
RANGE_NAME
: the name of the internal range to reserve for peer networks only.TARGET_CIDR_RANGE
: the target CIDR range from which to allocate an IP address block. You can specify multiple CIDR ranges in a comma-separated list. The default is10.0.0.0/8
for custom mode VPC networks or10.128.0.0/9
for auto mode VPC networks.PREFIX_LENGTH
: the prefix length of the allocated IP addresses.NETWORK_NAME
: the name of the network to create the internal range in.
API
Make a POST
request to the projects.locations.internalRanges.create
method.
POST https://networkconnectivity.googleapis.com/v1/projects/PROJECT_ID/locations/global/internalRanges?internalRangeId=RANGE_NAME { "prefixLength": PREFIX_LENGTH, "targetCidrRange": "TARGET_CIDR_RANGE", "network": "NETWORK_NAME", "peering": "FOR_PEER", "usage": "FOR_VPC" }
Replace the following:
PROJECT_ID
: the ID of the parent project for the internal range.RANGE_NAME
: the name of the internal range.PREFIX_LENGTH
: the CIDR prefix length for the range's IP address block.TARGET_CIDR_RANGE
: the CIDR range from which to allocate an IP address block. You can specify multiple CIDR ranges in a JSON array. The default is10.0.0.0/8
for custom mode VPC networks or10.128.0.0/9
for auto mode VPC networks.NETWORK_NAME
: the name of the network to create the internal range in.
Reserve an internal range for a local VPC network
You can create an internal range that is reserved for a local VPC network only. The reserved range is not announced by peer VPC networks, and peer VPC networks can't use the internal range in a way that is visible to the parent VPC network.
Console
In the Google Cloud console, go to the Internal ranges page.
Click Reserve internal range.
Enter a Name.
Optional: Enter a Description.
In the Reservation method section, select Let me specify.
In the IP range field, enter the internal range's IP address range in CIDR notation.
Select a Network.
Click Peering, and then select Not shared.
Click Usage, and then select For VPC.
Click Reserve.
gcloud
Use the internal-ranges create
command.
gcloud network-connectivity internal-ranges create RANGE_NAME \ --ip-cidr-range=CIDR_RANGE \ --network=NETWORK_NAME \ --peering=NOT_SHARED \ --usage=FOR_VPC
Replace the following:
RANGE_NAME
: the name of the internal range to reserve for use in a local VPC network.CIDR_RANGE
: the CIDR prefix length for the range's IP address block.NETWORK_NAME
: the name of the network to create the internal range in.
API
Make a POST
request to the projects.locations.internalRanges.create
method.
POST https://networkconnectivity.googleapis.com/v1/projects/PROJECT_ID/locations/global/internalRanges?internalRangeId=RANGE_NAME { "ipCidrRange": "CIDR_RANGE", "network": "NETWORK_NAME", "peering": "NOT_SHARED", "usage": "FOR_VPC" }
Replace the following:
PROJECT_ID
: the ID of the parent project for the internal range.RANGE_NAME
: the name of the new internal range.CIDR_RANGE
: the CIDR prefix length for the range's IP address block.NETWORK_NAME
: the name of the network to create the internal range in.
Reserve an internal range for subnet migration
You can use an internal range to migrate a CIDR range from one subnet to another. For more information, see Migrating subnet ranges.
gcloud
Use the internal-ranges create
command.
gcloud network-connectivity internal-ranges create RANGE_NAME \ --ip-cidr-range=CIDR_RANGE \ --network=NETWORK_NAME \ --peering=FOR_SELF \ --usage=FOR_MIGRATION \ --migration-source=SOURCE_SUBNET \ --migration-target=TARGET_SUBNET
Replace the following:
RANGE_NAME
: the name of the internal range to create.CIDR_RANGE
: the CIDR range of the subnet that you want to migrate.NETWORK_NAME
: the name of the network to create the internal range in.SOURCE_SUBNET
: the URI of the source subnet.TARGET_SUBNET
: the URI of the target subnet.
API
Make a POST
request to the projects.locations.internalRanges.create
method.
POST https://networkconnectivity.googleapis.com/v1/projects/PROJECT_ID/locations/global/internalRanges?internalRangeId=RANGE_NAME { "ipCidrRange": "CIDR_RANGE", "network": "NETWORK_NAME", "peering": "FOR_SELF", "usage": "FOR_MIGRATION", "migration": { "source": "SOURCE_SUBNET", "target": "TARGET_SUBNET" } }
Replace the following:
PROJECT_ID
: the ID of the parent project for the internal range.RANGE_NAME
: the name of the new internal range.CIDR_RANGE
: the CIDR range of the subnet that you want to migrate.NETWORK_NAME
: the name of the network to create the internal range in.SOURCE_SUBNET
: the URI of the source subnet.TARGET_SUBNET
: the URI of the target subnet.
Create subnetworks with internal ranges
You can create a subnetwork and use an internal range to specify the subnet's internal IP address range. The subnetwork can be associated with an entire internal range or only part of the range. Secondary ranges for subnetworks can also be associated with internal ranges.
To create a subnetwork that is associated with an internal range, use the Google Cloud CLI or send an API request.
Create a subnetwork that uses an entire internal range
To create a subnetwork that uses an entire internal range for its internal IP address range, follow these steps.
gcloud
- Create an internal range in the network where you
want to create a new subnet. Set the usage type on this internal range to
FOR_VPC
, and set the peering type toFOR_SELF
. Use the
subnets create
command.gcloud beta compute networks subnets create SUBNET_NAME \ --reserved-internal-range=networkconnectivity.googleapis.com/projects/PROJECT_ID/locations/global/internalRanges/RANGE_NAME \ --network=NETWORK_NAME \ --region=REGION
Replace the following:
SUBNET_NAME
: the name of the subnet.PROJECT_ID
: the ID of the project to create the subnet in.RANGE_NAME
: the name of the internal range to associate with the subnet.NETWORK_NAME
: the name of the network to create the subnetwork in.REGION
: the region to create the subnetwork in.
API
- Create an internal range
in the network where you want to create a new subnet. Set the usage type
on this internal range to
FOR_VPC
, and set the peering type toFOR_SELF
. Make a
POST
request to thesubnetworks.insert
method.POST https://compute.googleapis.com/compute/beta/projects/PROJECT_ID/regions/REGION/subnetworks { "name" : "SUBNET_NAME", "reservedInternalRange" : "networkconnectivity.googleapis.com/projects/PROJECT_ID/locations/global/internalRanges/RANGE_NAME", "network" : "NETWORK" }
Replace the following:
PROJECT_ID
: the ID of the parent project for the new subnet.REGION
: the region to create the subnet in.SUBNET_NAME
: the name of the new subnet.PROJECT_ID
: the ID of the project to create a subnet in.RANGE_NAME
: the name of the internal range to use for the new subnet.NETWORK
: the name of the network to create the subnet in.
Create a subnetwork that uses part of an internal range
To create a subnetwork that uses part of an internal range for its internal IP address range, follow these steps.
gcloud
- Create an internal range
in the network where you want to create a new subnet. Set the usage type
on this internal range to
FOR_VPC
, and set the peering type toFOR_SELF
. Use the
subnets create
command.gcloud beta compute networks subnets create SUBNET_NAME \ --reserved-internal-range=networkconnectivity.googleapis.com/projects/PROJECT_ID/locations/global/internalRanges/RANGE_NAME \ --range=IP_RANGE \ --network=NETWORK_NAME \ --region=REGION
Replace the following:
SUBNET_NAME
: the name of the subnet.PROJECT_ID
: the ID of the project to create the subnet in.RANGE_NAME
: the name of the internal range to associate with the new subnet.IP_RANGE
: a CIDR range that is a subset of the internal range.NETWORK_NAME
: the name of the network to create the subnetwork in.REGION
: the region to create the subnetwork in.
For example, the following two commands create a subnet that is associated
with only the 10.9.1.0/24
part of an internal range that reserves the
10.9.0.0/16
CIDR block.
gcloud network-connectivity internal-ranges create reserved-range-one \ --ip-cidr-range=10.9.0.0/16 \ --network=vpc-one
gcloud beta compute networks subnets create subnet-one \ --reserved-internal-range=networkconnectivity.googleapis.com/projects/project-one/locations/global/internalRanges/reserved-range-one \ --range=10.9.1.0/24 \ --network=vpc-one \ --region=us-central1
API
- Create an internal range
in the network where you want to create a new subnet. Set the usage type
on this internal range to
FOR_VPC
, and set the peering type toFOR_SELF
. Make a
POST
request to thesubnetworks.insert
method.POST https://compute.googleapis.com/compute/beta/projects/PROJECT_ID/regions/REGION/subnetworks { "name" : "SUBNET_NAME", "reservedInternalRange" : "networkconnectivity.googleapis.com/projects/PROJECT_ID/locations/global/internalRanges/RANGE_NAME", "range" : "IP_RANGE", "network" : "NETWORK" }
Replace the following:
PROJECT_ID
: the ID of the parent project for the new subnet.REGION
: the region to create the subnet in.SUBNET_NAME
: the name of the subnet.PROJECT_ID
: the ID of the project to create the subnet in.RANGE_NAME
: the name of the internal range to associate with the new subnet.IP_RANGE
: a CIDR range that is a subset of the chosen internal range.NETWORK
: the name of the network to create the subnetwork in.
For example, the following two requests create a subnet that is associated
with only the 10.9.1.0/24
part of an internal range that contains the
10.9.0.0/16
CIDR block.
POST https://networkconnectivity.googleapis.com/v1/projects/sample-project/locations/global/internalRanges?internalRangeId=reserved-for-subnet { "targetCidrRange": "10.9.0.0/16", "network": "network-b" }
POST https://compute.googleapis.com/compute/beta/projects/11223344/regions/us-central1/subnetworks { "name" : "subnet-with-partial-range", "reservedInternalRange" : "networkconnectivity.googleapis.com/projects/project-one/locations/global/internalRanges/reserved-for-subnet", "range" : "10.9.1.0/24", "network" : "network-b" }
Create GKE clusters with internal ranges
You can use internal ranges to allocate IP addresses for Google Kubernetes Engine (GKE) VPC-native clusters.
To create a VPC-native cluster with internal ranges, use the Google Cloud CLI or send an API request.
gcloud
Create the following internal ranges by using the
internal-ranges create
command.- For GKE nodes:
gcloud network-connectivity internal-ranges create gke-nodes-1 \ --prefix-length=NODE_PREFIX_LENGTH \ --network=NETWORK
- For GKE pods:
gcloud network-connectivity internal-ranges create gke-pods-1 \ --prefix-length=POD_PREFIX_LENGTH \ --network=NETWORK
- For GKE services:
gcloud network-connectivity internal-ranges create gke-services-1 \ --prefix-length=SERVICE_PREFIX_LENGTH \ --network=NETWORK
Replace the following:
NODE_PREFIX_LENGTH
: the prefix length for the internal range that is associated with GKE nodes.POD_PREFIX_LENGTH
: the prefix length for the internal range that is associated with GKE pods.SERVICE_PREFIX_LENGTH
: the prefix length for the internal range that is associated with GKE services.NETWORK
: the name of the network.
Create a subnet with the internal ranges that you created in the previous step by using the
subnets create
command.gcloud beta compute networks subnets create gke-subnet-1 \ --network=NETWORK \ --region=REGION \ --reserved-internal-range="//networkconnectivity.googleapis.com/projects/PROJECT_ID/locations/global/internalRanges/gke-nodes-1" \ --secondary-range-with-reserved-internal-range="pods=//networkconnectivity.googleapis.com/projects/PROJECT_ID/locations/global/internalRanges/gke-pods-1,services=//networkconnectivity.googleapis.com/projects/PROJECT_ID/locations/global/internalRanges/gke-services-1"
Replace the following:
NETWORK
: the name of the network.REGION
: the region of the subnet.PROJECT_ID
: the ID of the project.
Create the VPC-native cluster by using the
clusters create
command.gcloud container clusters create CLUSTER_NAME \ --network=NETWORK \ --subnetwork=gke-subnet-1 \ --zone=ZONE \ --cluster-secondary-range-name=pods \ --services-secondary-range-name=services \ --enable-ip-alias
API
Create the following internal ranges by making
POST
requests to theprojects.locations.internalRanges.create
method.- For GKE nodes:
POST https://networkconnectivity.googleapis.com/v1/projects/PROJECT_ID/locations/global/internalRanges?internalRangeId=gke-nodes-1 { "network": "NETWORK", "prefixLength": NODE_PREFIX_LENGTH, "peering": "FOR_SELF", "usage": "FOR_VPC" }
- For GKE pods:
POST https://networkconnectivity.googleapis.com/v1/projects/PROJECT_ID/locations/global/internalRanges?internalRangeId=gke-pods-1 { "network": "NETWORK", "prefixLength": POD_PREFIX_LENGTH, "peering": "FOR_SELF", "usage": "FOR_VPC" }
- For GKE services:
POST https://networkconnectivity.googleapis.com/v1/projects/PROJECT_ID/locations/global/internalRanges?internalRangeId=gke-services-1 { "network": "NETWORK", "prefixLength": SERVICE_PREFIX_LENGTH, "peering": "FOR_SELF", "usage": "FOR_VPC" }
Replace the following:
PROJECT_ID
: the ID of the project.NETWORK
: the name of the network.NODE_PREFIX_LENGTH
: the prefix length for the internal range that is associated with GKE nodes.POD_PREFIX_LENGTH
: the prefix length for the internal range that is associated with GKE pods.SERVICE_PREFIX_LENGTH
: the prefix length for the internal range that is associated with GKE services.
Create a subnet with the internal ranges that you created in the previous step by making a
POST
request to thesubnetworks.insert
method.POST https://compute.googleapis.com/compute/beta/projects/PROJECT_ID/regions/REGION/subnetworks { "name": "gke-subnet-1", "network": "https://compute.googleapis.com/compute/beta/projects/PROJECT_ID/global/networks/NETWORK", "privateIpGoogleAccess": false, "reservedInternalRange": "//networkconnectivity.googleapis.com/projects/PROJECT_ID/locations/global/internalRanges/gke-nodes-1", "secondaryIpRanges": [ { "rangeName": "pods", "reservedInternalRange": "//networkconnectivity.googleapis.com/projects/PROJECT_ID/locations/global/internalRanges/gke-pods-1" }, { "rangeName": "services", "reservedInternalRange": "//networkconnectivity.googleapis.com/projects/PROJECT_ID/locations/global/internalRanges/gke-services-1" } ] }
Replace the following:
PROJECT_ID
: the ID of the project.REGION
: the region of the subnet.NETWORK
: the network of the subnet.
Create the VPC-native cluster by making a
POST
request to theclusters.create
method.POST https://container.googleapis.com/v1/projects/PROJECT_ID/locations/ZONE/clusters { "cluster": { "ipAllocationPolicy": { "clusterSecondaryRangeName": "pods", "createSubnetwork": false, "servicesSecondaryRangeName": "services", "useIpAliases": true }, "name": "CLUSTER_NAME", "network": "NETWORK", "nodePools": [ { "config": { "oauthScopes": [ "https://www.googleapis.com/auth/devstorage.read_only", "https://www.googleapis.com/auth/logging.write", "https://www.googleapis.com/auth/monitoring", "https://www.googleapis.com/auth/service.management.readonly", "https://www.googleapis.com/auth/servicecontrol", "https://www.googleapis.com/auth/trace.append" ] }, "initialNodeCount": 3, "management": { "autoRepair": true, "autoUpgrade": true }, "name": "default-pool", "upgradeSettings": { "maxSurge": 1 } } ], "subnetwork": "gke-subnet-1" }, "parent": "projects/PROJECT_ID/locations/ZONE" }
Replace the following:
PROJECT_ID
: the ID of the project.ZONE
: the zone of the cluster.CLUSTER_NAME
: the name of the new cluster.NETWORK
: the network of the cluster.
List internal ranges
You can list internal ranges to view all internal ranges in your current project or a specific VPC network. To list projects in a VPC network, use the Google Cloud CLI or send an API request.
Console
In the Google Cloud console, go to the Internal ranges page.
gcloud
To view all internal ranges in your current project, use the
internal-ranges list
command.gcloud network-connectivity internal-ranges list
To view all internal ranges in a VPC network, use the
internal-ranges list
command and include a filter.gcloud network-connectivity internal-ranges list \ --filter=network:NETWORK_NAME \ --project=PROJECT_ID
Replace the following:
NETWORK_NAME
: the name of the VPC network to list internal ranges in.PROJECT_ID
: the ID of the project that contains the VPC network.
API
To view all internal ranges in a project, make a
GET
request to theprojects.locations.internalRanges.list
method.GET https://networkconnectivity.googleapis.com/v1/projects/PROJECT_ID/locations/global/internalRanges
Replace
PROJECT_ID
with the ID of the project to view internal ranges in.To view all internal ranges in a VPC network, make a
GET
request to theprojects.locations.internalRanges.list
method and include a filter.GET https://networkconnectivity.googleapis.com/v1/projects/PROJECT_ID/locations/global/internalRanges?filter=network=\"https://www.googleapis.com/compute/v1/projects/PROJECT_ID/global/networks/NETWORK_NAME\"
Replace
NETWORK_NAME
with the name of the VPC network to list internal ranges in.
Describe an internal range
You can describe an internal range to view details about the chosen range, including any subnetworks that are associated with the internal range.
Console
In the Google Cloud console, go to the Internal ranges page.
Click the Name of the internal range that you want to describe.
gcloud
Use the
internal-ranges describe
command.
gcloud network-connectivity internal-ranges describe RANGE_NAME
Replace RANGE_NAME
with the name of the internal
range to describe.
API
Make a GET
request to the
projects.locations.internalRanges.get
method.
GET https://networkconnectivity.googleapis.com/v1/projects/PROJECT_ID/locations/global/internalRanges/RANGE_NAME
Replace the following:
PROJECT_ID
: the ID of the parent project for the internal range.RANGE_NAME
: the name of the internal range to describe.
Expand an internal range
You can expand the IP address range that is allocated to an internal range resource, but it's not possible to narrow the range. The updated range must contain the previous range. If you want to narrow the allocated range or modify another element, delete the internal range and create a new one.
Expand the IP CIDR range of an internal range
To expand an internal range by updating its IP CIDR range, follow these steps.
Console
In the Google Cloud console, go to the Internal ranges page.
Click the Name of the internal range that you want to update.
Click Expand range.
Click IP range.
Enter a new IP range, which must contain the previous range.
Click Expand.
gcloud
Use the
internal-ranges update
command.
gcloud network-connectivity internal-ranges update RANGE_NAME \ --ip-cidr-range=CIDR_RANGE
Replace the following:
RANGE_NAME
: the name of the internal range.CIDR_RANGE
: the updated CIDR range, which must contain the previous range.
API
Make a PATCH
request to the
projects.locations.internalRanges.patch
method.
PATCH https://networkconnectivity.googleapis.com/v1/projects/PROJECT_ID/locations/global/internalRanges/RANGE_NAME?updateMask=ipCidrRange { "ipCidrRange": "CIDR_RANGE" }
Replace the following:
PROJECT_ID
: the ID of the parent project for the internal range.RANGE_NAME
: the name of the internal range.CIDR_RANGE
: the updated CIDR range, which must contain the previous range.
Expand an internal range by decreasing its prefix length
To expand an internal range by decreasing its prefix length, follow these steps.
Console
In the Google Cloud console, go to the Internal ranges page.
Click the Name of the internal range that you want to update.
Click Expand range.
Click Prefix length.
In the Prefix length list, select a prefix length that is less than the existing prefix length.
Click Expand.
gcloud
Use the
internal-ranges update
command.
gcloud network-connectivity internal-ranges update RANGE_NAME \ --prefix-length=PREFIX_LENGTH
Replace the following:
RANGE_NAME
: the name of the internal range.PREFIX_LENGTH
: the updated prefix length, which must be less than the previous prefix length.
API
Make a PATCH
request to the
projects.locations.internalRanges.patch
method.
PATCH https://networkconnectivity.googleapis.com/v1/projects/PROJECT_ID/locations/global/internalRanges/RANGE_NAME?updateMask=prefixLength { "prefixLength": PREFIX_LENGTH }
Replace the following:
PROJECT_ID
: the ID of the parent project for the internal range.RANGE_NAME
: the name of the internal range.PREFIX_LENGTH
: the updated prefix length, which must be less than the previous prefix length.
Delete an internal range
You can delete an internal range if it is not associated with a Google Cloud resource such as a subnetwork. To delete an internal range that is associated with a Google Cloud resource, first delete the associated resource.
Console
In the Google Cloud console, go to the Internal ranges page.
Click the Name of the internal range that you want to delete.
Click Delete.
To confirm, click Delete.
gcloud
Use the
internal-ranges delete
command.
gcloud network-connectivity internal-ranges delete RANGE_TO_DELETE
Replace RANGE_TO_DELETE
with the name of the internal range
to delete.
API
Make a DELETE
request to the
internalRanges.delete
method.
DELETE https://networkconnectivity.googleapis.com/v1/projects/PROJECT_ID/locations/global/internalRanges/RANGE_NAME
Replace the following:
PROJECT_ID
: the ID of the parent project for the internal range.RANGE_NAME
: the name of the internal range.