Create and use internal ranges

This document describes how to create, use, and delete internal ranges.

Internal ranges help you manage a unified IP address space across Virtual Private Cloud (VPC) networks by letting you allocate blocks of internal IP addresses and specify how those blocks can be used.

Before you begin

Required roles

To get the permissions that you need to work with internal ranges, ask your administrator to grant you the Compute Network Admin (roles/compute.networkAdmin) IAM role on your project. For more information about granting roles, see Manage access to projects, folders, and organizations.

You might also be able to get the required permissions through custom roles or other predefined roles.

Create internal ranges

You specify at least two things when creating an internal range: the IP addresses to allocate and the network to allocate the addresses in. You can create an internal range with a precise CIDR range, or you can have Google Cloud choose the range automatically.

Create an internal range for a specific CIDR block

Console

  1. In the Google Cloud console, go to the Internal ranges page.

    Go to Internal ranges

  2. Click Reserve internal range.

  3. Enter a Name.

  4. Optional: Enter a Description.

  5. In the Reservation method section, select Let me specify.

  6. In the IP range field, enter the internal range's IP address range in CIDR notation.

  7. Select a Network.

  8. Select a Peering type.

  9. Select a Usage type.

  10. Click Reserve.

gcloud

Use the internal-ranges create command.

gcloud network-connectivity internal-ranges create RANGE_NAME \
    --ip-cidr-range=CIDR_RANGE \
    --network=NETWORK_NAME \
    --description="DESCRIPTION" \
    --peering=PEERING_TYPE \
    --usage=USAGE_TYPE

Replace the following:

  • RANGE_NAME: the name of the new internal range.
  • CIDR_RANGE: the CIDR range to allocate to the new internal range.
  • NETWORK_NAME: the name of the network to create the internal range in.
  • DESCRIPTION: an optional description of the internal range.
  • PEERING_TYPE: the peering type of the internal range. Options are FOR_SELF, FOR_PEER, and NOT_SHARED. FOR_SELF is the default.
  • USAGE_TYPE: the usage type of the internal range. Options are FOR_VPC, EXTERNAL_TO_VPC, and FOR_MIGRATION. The default value is FOR_VPC.

API

Make a POST request to the projects.locations.internalRanges.create method.

POST https://networkconnectivity.googleapis.com/v1/projects/PROJECT_ID/locations/global/internalRanges?internalRangeId=RANGE_NAME
{
  "ipCidrRange": "CIDR_RANGE",
  "network": "NETWORK_NAME",
  "description": "DESCRIPTION",
  "peering": "PEERING_TYPE",
  "usage": "USAGE_TYPE"
}

Replace the following:

  • PROJECT_ID: the ID of the parent project for the internal range.
  • RANGE_NAME: the name of the internal range.
  • CIDR_RANGE: the CIDR range to allocate to the internal range.
  • NETWORK_NAME: the name of the network to create the internal range in.
  • DESCRIPTION: an optional description of the new internal range.
  • PEERING_TYPE: the peering type of the internal range. Options are FOR_SELF, FOR_PEER, and NOT_SHARED. FOR_SELF is the default.
  • USAGE_TYPE: the usage type of the internal range. Options are FOR_VPC, EXTERNAL_TO_VPC, and FOR_MIGRATION. The default value is FOR_VPC.

Create an internal range with an automatically allocated CIDR block

When you create an internal range with an automatically allocated CIDR block, you specify a prefix length and one or more target CIDR ranges. Google Cloud accounts for any existing IP address allocations and allocates a free block of IP addresses of the chosen size from within the target CIDR ranges.

Console

  1. In the Google Cloud console, go to the Internal ranges page.

    Go to Internal ranges

  2. Click Reserve internal range.

  3. Enter a Name.

  4. Optional: Enter a Description.

  5. In the Reservation method section, select Automatic.

  6. Select a Prefix length.

  7. In the Target IP address range 1 field, enter an IP address range from which to allocate IP addresses. You can specify multiple IP address ranges by clicking Add a target IP address range and entering each range.

  8. Select a Network.

  9. Select a Peering type.

  10. Select a Usage type.

  11. Click Reserve.

gcloud

Use the internal-ranges create command.

gcloud network-connectivity internal-ranges create RANGE_NAME \
    --network=NETWORK_NAME \
    --prefix-length=PREFIX_LENGTH \
    --target-cidr-range=TARGET_CIDR_RANGE \
    --peering=PEERING_TYPE \
    --usage=USAGE_TYPE \
    --description="DESCRIPTION"

Replace the following:

  • RANGE_NAME: the name of the internal range.
  • NETWORK_NAME: the name of the network to create the internal range in.
  • PREFIX_LENGTH: the prefix length of the allocated IP addresses.
  • TARGET_CIDR_RANGE: the target CIDR range from which to allocate an IP address block. You can enter multiple CIDR ranges in a comma-separated list. The default is 10.0.0.0/8 for custom mode VPC networks or 10.128.0.0/9 for auto mode VPC networks.
  • PEERING_TYPE: the peering type of the internal range. Options are FOR_SELF, FOR_PEER, and NOT_SHARED. FOR_SELF is the default.
  • USAGE_TYPE: the usage type of the internal range. Options are FOR_VPC and EXTERNAL_TO_VPC. FOR_VPC is the default.
  • DESCRIPTION: an optional description of the new internal range.

API

Make a POST request to the projects.locations.internalRanges.create method.

POST https://networkconnectivity.googleapis.com/v1/projects/PROJECT_ID/locations/global/internalRanges?internalRangeId=RANGE_NAME
{
  "prefixLength": PREFIX_LENGTH,
  "targetCidrRange": "TARGET_CIDR_RANGE",
  "network": "NETWORK_NAME",
  "description": "DESCRIPTION",
  "peering": "PEERING_TYPE",
  "usage": "USAGE_TYPE"
}

Replace the following:

  • PROJECT_ID: the ID of the parent project for the internal range.
  • RANGE_NAME: the name of the internal range.
  • PREFIX_LENGTH: the CIDR prefix length for the range's IP address block.
  • TARGET_RANGE: the target CIDR range from which to allocate an IP address block. You can specify multiple CIDR ranges in a JSON array. The default is 10.0.0.0/8 for custom mode VPC networks or 10.128.0.0/9 for auto mode VPC networks.
  • NETWORK_NAME: the name of the network to create the internal range in.
  • DESCRIPTION: an optional description of the new internal range.
  • PEERING_TYPE: the peering type of the internal range. Options are FOR_SELF, FOR_PEER, and NOT_SHARED. FOR_SELF is the default.
  • USAGE_TYPE: the usage type of the internal range. Options are FOR_VPC and EXTERNAL_TO_VPC. FOR_VPC is the default.

Reserve internal ranges

Creating internal ranges with the usage type and peering type set correctly lets Google Cloud help ensure that the allocated IP addresses are used as intended. The internal ranges are reserved for use according to the settings that you choose for the usage and peering types.

Reserve an internal range for an on-premises network

You can create an internal range that is reserved for on-premises use only. When you reserve a range for on-premises use, Google Cloud does not let you create subnetworks or routes in the parent VPC network if the new resource conflicts with the reserved range.

Console

  1. In the Google Cloud console, go to the Internal ranges page.

    Go to Internal ranges

  2. Click Reserve internal range.

  3. Enter a Name.

  4. Optional: Enter a Description.

  5. In the Reservation method section, select Let me specify.

  6. In the IP range field, enter the internal range's IP address range in CIDR notation.

  7. Select a Network.

  8. Click Peering, and then select Not shared.

  9. Click Usage, and then select External to VPC.

  10. Click Reserve.

gcloud

Use the internal-ranges create command.

gcloud network-connectivity internal-ranges create RANGE_NAME \
    --ip-cidr-range=CIDR_RANGE \
    --network=NETWORK_NAME \
    --description="reserved for on-premises" \
    --usage=EXTERNAL_TO_VPC \
    --peering=NOT_SHARED

Replace the following:

  • RANGE_NAME: the name of the internal range to reserve for on-premises use.
  • CIDR_RANGE: the CIDR range to allocate for on-premises use.
  • NETWORK_NAME: the name of the network to create the internal range in.

API

Make a POST request to the projects.locations.internalRanges.create method.

POST https://networkconnectivity.googleapis.com/v1/projects/PROJECT_ID/locations/global/internalRanges?internalRangeId=RANGE_NAME
{
  "ipCidrRange": "CIDR_RANGE",
  "network": "NETWORK_NAME",
  "description": "reserved for on-premises use",
  "usage": "EXTERNAL_TO_VPC",
  "peering": "NOT_SHARED"
}

Replace the following:

  • PROJECT_ID: the ID of the parent project for the internal range.
  • RANGE_NAME: the name of the new internal range.
  • CIDR_RANGE: the CIDR prefix length for the range's IP address block.
  • NETWORK_NAME: the name of the network to create the internal range in.

Reserve an internal range for peer networks

You can create an internal range that is reserved for peer VPC networks. When you reserve a range for peer VPC networks, no resource in the range's parent VPC network can use the range. Only peer and peer-of-peer VPC networks can use the range.

Console

  1. In the Google Cloud console, go to the Internal ranges page.

    Go to Internal ranges

  2. Click Reserve internal range.

  3. Enter a Name.

  4. Optional: Enter a Description.

  5. In the Reservation method section, select Let me specify.

  6. In the IP range field, enter the internal range's IP address range in CIDR notation.

  7. Select a Network.

  8. Click Peering, and then select For peer.

  9. Click Usage, and then select For VPC.

  10. Click Reserve.

gcloud

Use the internal-ranges create command.

gcloud network-connectivity internal-ranges create RANGE_NAME \
    --target-cidr-range=TARGET_CIDR_RANGE \
    --prefix-length=PREFIX_LENGTH \
    --network=NETWORK_NAME \
    --peering=FOR_PEER \
    --usage=FOR_VPC

Replace the following:

  • RANGE_NAME: the name of the internal range to reserve for peer networks only.
  • TARGET_CIDR_RANGE: the target CIDR range from which to allocate an IP address block. You can specify multiple CIDR ranges in a comma-separated list. The default is 10.0.0.0/8 for custom mode VPC networks or 10.128.0.0/9 for auto mode VPC networks.
  • PREFIX_LENGTH: the prefix length of the allocated IP addresses.
  • NETWORK_NAME: the name of the network to create the internal range in.

API

Make a POST request to the projects.locations.internalRanges.create method.

POST https://networkconnectivity.googleapis.com/v1/projects/PROJECT_ID/locations/global/internalRanges?internalRangeId=RANGE_NAME
{
  "prefixLength": PREFIX_LENGTH,
  "targetCidrRange": "TARGET_CIDR_RANGE",
  "network": "NETWORK_NAME",
  "peering": "FOR_PEER",
  "usage": "FOR_VPC"
}

Replace the following:

  • PROJECT_ID: the ID of the parent project for the internal range.
  • RANGE_NAME: the name of the internal range.
  • PREFIX_LENGTH: the CIDR prefix length for the range's IP address block.
  • TARGET_CIDR_RANGE: the CIDR range from which to allocate an IP address block. You can specify multiple CIDR ranges in a JSON array. The default is 10.0.0.0/8 for custom mode VPC networks or 10.128.0.0/9 for auto mode VPC networks.
  • NETWORK_NAME: the name of the network to create the internal range in.

Reserve an internal range for a local VPC network

You can create an internal range that is reserved for a local VPC network only. The reserved range is not announced by peer VPC networks, and peer VPC networks can't use the internal range in a way that is visible to the parent VPC network.

Console

  1. In the Google Cloud console, go to the Internal ranges page.

    Go to Internal ranges

  2. Click Reserve internal range.

  3. Enter a Name.

  4. Optional: Enter a Description.

  5. In the Reservation method section, select Let me specify.

  6. In the IP range field, enter the internal range's IP address range in CIDR notation.

  7. Select a Network.

  8. Click Peering, and then select Not shared.

  9. Click Usage, and then select For VPC.

  10. Click Reserve.

gcloud

Use the internal-ranges create command.

gcloud network-connectivity internal-ranges create RANGE_NAME \
    --ip-cidr-range=CIDR_RANGE \
    --network=NETWORK_NAME \
    --peering=NOT_SHARED \
    --usage=FOR_VPC

Replace the following:

  • RANGE_NAME: the name of the internal range to reserve for use in a local VPC network.
  • CIDR_RANGE: the CIDR prefix length for the range's IP address block.
  • NETWORK_NAME: the name of the network to create the internal range in.

API

Make a POST request to the projects.locations.internalRanges.create method.

POST https://networkconnectivity.googleapis.com/v1/projects/PROJECT_ID/locations/global/internalRanges?internalRangeId=RANGE_NAME
{
  "ipCidrRange": "CIDR_RANGE",
  "network": "NETWORK_NAME",
  "peering": "NOT_SHARED",
  "usage": "FOR_VPC"
}

Replace the following:

  • PROJECT_ID: the ID of the parent project for the internal range.
  • RANGE_NAME: the name of the new internal range.
  • CIDR_RANGE: the CIDR prefix length for the range's IP address block.
  • NETWORK_NAME: the name of the network to create the internal range in.

Reserve an internal range for subnet migration

You can use an internal range to migrate a CIDR range from one subnet to another. For more information, see Migrating subnet ranges.

gcloud

Use the internal-ranges create command.

gcloud network-connectivity internal-ranges create RANGE_NAME \
    --ip-cidr-range=CIDR_RANGE \
    --network=NETWORK_NAME \
    --peering=FOR_SELF \
    --usage=FOR_MIGRATION \
    --migration-source=SOURCE_SUBNET \
    --migration-target=TARGET_SUBNET

Replace the following:

  • RANGE_NAME: the name of the internal range to create.
  • CIDR_RANGE: the CIDR range of the subnet that you want to migrate.
  • NETWORK_NAME: the name of the network to create the internal range in.
  • SOURCE_SUBNET: the URI of the source subnet.
  • TARGET_SUBNET: the URI of the target subnet.

API

Make a POST request to the projects.locations.internalRanges.create method.

POST https://networkconnectivity.googleapis.com/v1/projects/PROJECT_ID/locations/global/internalRanges?internalRangeId=RANGE_NAME
{
  "ipCidrRange": "CIDR_RANGE",
  "network": "NETWORK_NAME",
  "peering": "FOR_SELF",
  "usage": "FOR_MIGRATION",
  "migration": {
    "source": "SOURCE_SUBNET",
    "target": "TARGET_SUBNET"
  }
}

Replace the following:

  • PROJECT_ID: the ID of the parent project for the internal range.
  • RANGE_NAME: the name of the new internal range.
  • CIDR_RANGE: the CIDR range of the subnet that you want to migrate.
  • NETWORK_NAME: the name of the network to create the internal range in.
  • SOURCE_SUBNET: the URI of the source subnet.
  • TARGET_SUBNET: the URI of the target subnet.

Create subnetworks with internal ranges

You can create a subnetwork and use an internal range to specify the subnet's internal IP address range. The subnetwork can be associated with an entire internal range or only part of the range. Secondary ranges for subnetworks can also be associated with internal ranges.

To create a subnetwork that is associated with an internal range, use the Google Cloud CLI or send an API request.

Create a subnetwork that uses an entire internal range

To create a subnetwork that uses an entire internal range for its internal IP address range, follow these steps.

gcloud

  1. Create an internal range in the network where you want to create a new subnet. Set the usage type on this internal range to FOR_VPC, and set the peering type to FOR_SELF.
  2. Use the subnets create command.

    gcloud beta compute networks subnets create SUBNET_NAME \
        --reserved-internal-range=networkconnectivity.googleapis.com/projects/PROJECT_ID/locations/global/internalRanges/RANGE_NAME \
        --network=NETWORK_NAME \
        --region=REGION
    

    Replace the following:

    • SUBNET_NAME: the name of the subnet.
    • PROJECT_ID: the ID of the project to create the subnet in.
    • RANGE_NAME: the name of the internal range to associate with the subnet.
    • NETWORK_NAME: the name of the network to create the subnetwork in.
    • REGION: the region to create the subnetwork in.

API

  1. Create an internal range in the network where you want to create a new subnet. Set the usage type on this internal range to FOR_VPC, and set the peering type to FOR_SELF.
  2. Make a POST request to the subnetworks.insert method.

    POST https://compute.googleapis.com/compute/beta/projects/PROJECT_ID/regions/REGION/subnetworks
    {
      "name" : "SUBNET_NAME",
      "reservedInternalRange" : "networkconnectivity.googleapis.com/projects/PROJECT_ID/locations/global/internalRanges/RANGE_NAME",
      "network" : "NETWORK"
    }
    

    Replace the following:

    • PROJECT_ID: the ID of the parent project for the new subnet.
    • REGION: the region to create the subnet in.
    • SUBNET_NAME: the name of the new subnet.
    • PROJECT_ID: the ID of the project to create a subnet in.
    • RANGE_NAME: the name of the internal range to use for the new subnet.
    • NETWORK: the name of the network to create the subnet in.

Create a subnetwork that uses part of an internal range

To create a subnetwork that uses part of an internal range for its internal IP address range, follow these steps.

gcloud

  1. Create an internal range in the network where you want to create a new subnet. Set the usage type on this internal range to FOR_VPC, and set the peering type to FOR_SELF.
  2. Use the subnets create command.

    gcloud beta compute networks subnets create SUBNET_NAME \
        --reserved-internal-range=networkconnectivity.googleapis.com/projects/PROJECT_ID/locations/global/internalRanges/RANGE_NAME \
        --range=IP_RANGE \
        --network=NETWORK_NAME \
        --region=REGION
    

    Replace the following:

    • SUBNET_NAME: the name of the subnet.
    • PROJECT_ID: the ID of the project to create the subnet in.
    • RANGE_NAME: the name of the internal range to associate with the new subnet.
    • IP_RANGE: a CIDR range that is a subset of the internal range.
    • NETWORK_NAME: the name of the network to create the subnetwork in.
    • REGION: the region to create the subnetwork in.

For example, the following two commands create a subnet that is associated with only the 10.9.1.0/24 part of an internal range that reserves the 10.9.0.0/16 CIDR block.

gcloud network-connectivity internal-ranges create reserved-range-one \
    --ip-cidr-range=10.9.0.0/16 \
    --network=vpc-one
gcloud beta compute networks subnets create subnet-one \
    --reserved-internal-range=networkconnectivity.googleapis.com/projects/project-one/locations/global/internalRanges/reserved-range-one \
    --range=10.9.1.0/24 \
    --network=vpc-one \
    --region=us-central1

API

  1. Create an internal range in the network where you want to create a new subnet. Set the usage type on this internal range to FOR_VPC, and set the peering type to FOR_SELF.
  2. Make a POST request to the subnetworks.insert method.

    POST https://compute.googleapis.com/compute/beta/projects/PROJECT_ID/regions/REGION/subnetworks
    {
      "name" : "SUBNET_NAME",
      "reservedInternalRange" : "networkconnectivity.googleapis.com/projects/PROJECT_ID/locations/global/internalRanges/RANGE_NAME",
      "range" : "IP_RANGE",
      "network" : "NETWORK"
    }
    

    Replace the following:

    • PROJECT_ID: the ID of the parent project for the new subnet.
    • REGION: the region to create the subnet in.
    • SUBNET_NAME: the name of the subnet.
    • PROJECT_ID: the ID of the project to create the subnet in.
    • RANGE_NAME: the name of the internal range to associate with the new subnet.
    • IP_RANGE: a CIDR range that is a subset of the chosen internal range.
    • NETWORK: the name of the network to create the subnetwork in.

For example, the following two requests create a subnet that is associated with only the 10.9.1.0/24 part of an internal range that contains the 10.9.0.0/16 CIDR block.

POST https://networkconnectivity.googleapis.com/v1/projects/sample-project/locations/global/internalRanges?internalRangeId=reserved-for-subnet
{
  "targetCidrRange": "10.9.0.0/16",
  "network": "network-b"
}
POST https://compute.googleapis.com/compute/beta/projects/11223344/regions/us-central1/subnetworks
{
  "name" : "subnet-with-partial-range",
  "reservedInternalRange" : "networkconnectivity.googleapis.com/projects/project-one/locations/global/internalRanges/reserved-for-subnet",
  "range" : "10.9.1.0/24",
  "network" : "network-b"
}

Create GKE clusters with internal ranges

You can use internal ranges to allocate IP addresses for Google Kubernetes Engine (GKE) VPC-native clusters.

To create a VPC-native cluster with internal ranges, use the Google Cloud CLI or send an API request.

gcloud

  1. Create the following internal ranges by using the internal-ranges create command.

    gcloud network-connectivity internal-ranges create gke-nodes-1 \
        --prefix-length=NODE_PREFIX_LENGTH \
        --network=NETWORK
    
    gcloud network-connectivity internal-ranges create gke-pods-1 \
        --prefix-length=POD_PREFIX_LENGTH \
        --network=NETWORK
    
    gcloud network-connectivity internal-ranges create gke-services-1 \
        --prefix-length=SERVICE_PREFIX_LENGTH \
        --network=NETWORK
    

    Replace the following:

    • NODE_PREFIX_LENGTH: the prefix length for the internal range that is associated with GKE nodes.
    • POD_PREFIX_LENGTH: the prefix length for the internal range that is associated with GKE pods.
    • SERVICE_PREFIX_LENGTH: the prefix length for the internal range that is associated with GKE services.
    • NETWORK: the name of the network.
  2. Create a subnet with the internal ranges that you created in the previous step by using the subnets create command.

    gcloud beta compute networks subnets create gke-subnet-1 \
        --network=NETWORK \
        --region=REGION \
        --reserved-internal-range="//networkconnectivity.googleapis.com/projects/PROJECT_ID/locations/global/internalRanges/gke-nodes-1" \
        --secondary-range-with-reserved-internal-range="pods=//networkconnectivity.googleapis.com/projects/PROJECT_ID/locations/global/internalRanges/gke-pods-1,services=//networkconnectivity.googleapis.com/projects/PROJECT_ID/locations/global/internalRanges/gke-services-1"
    

    Replace the following:

    • NETWORK: the name of the network.
    • REGION: the region of the subnet.
    • PROJECT_ID: the ID of the project.
  3. Create the VPC-native cluster by using the clusters create command.

    gcloud container clusters create CLUSTER_NAME \
        --network=NETWORK \
        --subnetwork=gke-subnet-1 \
        --zone=ZONE \
        --cluster-secondary-range-name=pods \
        --services-secondary-range-name=services \
        --enable-ip-alias
    

API

  1. Create the following internal ranges by making POST requests to the projects.locations.internalRanges.create method.

    POST https://networkconnectivity.googleapis.com/v1/projects/PROJECT_ID/locations/global/internalRanges?internalRangeId=gke-nodes-1
    {
      "network": "NETWORK",
      "prefixLength": NODE_PREFIX_LENGTH,
      "peering": "FOR_SELF",
      "usage": "FOR_VPC"
    }
    
    POST https://networkconnectivity.googleapis.com/v1/projects/PROJECT_ID/locations/global/internalRanges?internalRangeId=gke-pods-1
    {
      "network": "NETWORK",
      "prefixLength": POD_PREFIX_LENGTH,
      "peering": "FOR_SELF",
      "usage": "FOR_VPC"
    }
    
    POST https://networkconnectivity.googleapis.com/v1/projects/PROJECT_ID/locations/global/internalRanges?internalRangeId=gke-services-1
    {
      "network": "NETWORK",
      "prefixLength": SERVICE_PREFIX_LENGTH,
      "peering": "FOR_SELF",
      "usage": "FOR_VPC"
    }
    

    Replace the following:

    • PROJECT_ID: the ID of the project.
    • NETWORK: the name of the network.
    • NODE_PREFIX_LENGTH: the prefix length for the internal range that is associated with GKE nodes.
    • POD_PREFIX_LENGTH: the prefix length for the internal range that is associated with GKE pods.
    • SERVICE_PREFIX_LENGTH: the prefix length for the internal range that is associated with GKE services.
  2. Create a subnet with the internal ranges that you created in the previous step by making a POST request to the subnetworks.insert method.

    POST https://compute.googleapis.com/compute/beta/projects/PROJECT_ID/regions/REGION/subnetworks
    {
      "name": "gke-subnet-1",
      "network": "https://compute.googleapis.com/compute/beta/projects/PROJECT_ID/global/networks/NETWORK",
      "privateIpGoogleAccess": false,
      "reservedInternalRange": "//networkconnectivity.googleapis.com/projects/PROJECT_ID/locations/global/internalRanges/gke-nodes-1",
      "secondaryIpRanges": [
        {
          "rangeName": "pods",
          "reservedInternalRange": "//networkconnectivity.googleapis.com/projects/PROJECT_ID/locations/global/internalRanges/gke-pods-1"
        },
        {
          "rangeName": "services",
          "reservedInternalRange": "//networkconnectivity.googleapis.com/projects/PROJECT_ID/locations/global/internalRanges/gke-services-1"
        }
      ]
    }
    

    Replace the following:

    • PROJECT_ID: the ID of the project.
    • REGION: the region of the subnet.
    • NETWORK: the network of the subnet.
  3. Create the VPC-native cluster by making a POST request to the clusters.create method.

    POST https://container.googleapis.com/v1/projects/PROJECT_ID/locations/ZONE/clusters
    {
      "cluster": {
        "ipAllocationPolicy": {
          "clusterSecondaryRangeName": "pods",
          "createSubnetwork": false,
          "servicesSecondaryRangeName": "services",
          "useIpAliases": true
        },
        "name": "CLUSTER_NAME",
        "network": "NETWORK",
        "nodePools": [
          {
            "config": {
              "oauthScopes": [
                "https://www.googleapis.com/auth/devstorage.read_only",
                "https://www.googleapis.com/auth/logging.write",
                "https://www.googleapis.com/auth/monitoring",
                "https://www.googleapis.com/auth/service.management.readonly",
                "https://www.googleapis.com/auth/servicecontrol",
                "https://www.googleapis.com/auth/trace.append"
              ]
            },
            "initialNodeCount": 3,
            "management": {
              "autoRepair": true,
              "autoUpgrade": true
            },
            "name": "default-pool",
            "upgradeSettings": {
              "maxSurge": 1
            }
          }
        ],
        "subnetwork": "gke-subnet-1"
      },
      "parent": "projects/PROJECT_ID/locations/ZONE"
    }
    

    Replace the following:

    • PROJECT_ID: the ID of the project.
    • ZONE: the zone of the cluster.
    • CLUSTER_NAME: the name of the new cluster.
    • NETWORK: the network of the cluster.

List internal ranges

You can list internal ranges to view all internal ranges in your current project or a specific VPC network. To list projects in a VPC network, use the Google Cloud CLI or send an API request.

Console

gcloud

  • To view all internal ranges in your current project, use the internal-ranges list command.

    gcloud network-connectivity internal-ranges list
    
  • To view all internal ranges in a VPC network, use the internal-ranges list command and include a filter.

    gcloud network-connectivity internal-ranges list \
        --filter=network:NETWORK_NAME \
        --project=PROJECT_ID
    

    Replace the following:

    • NETWORK_NAME: the name of the VPC network to list internal ranges in.
    • PROJECT_ID: the ID of the project that contains the VPC network.

API

  • To view all internal ranges in a project, make a GET request to the projects.locations.internalRanges.list method.

    GET https://networkconnectivity.googleapis.com/v1/projects/PROJECT_ID/locations/global/internalRanges
    

    Replace PROJECT_ID with the ID of the project to view internal ranges in.

  • To view all internal ranges in a VPC network, make a GET request to the projects.locations.internalRanges.list method and include a filter.

    GET https://networkconnectivity.googleapis.com/v1/projects/PROJECT_ID/locations/global/internalRanges?filter=network=\"https://www.googleapis.com/compute/v1/projects/PROJECT_ID/global/networks/NETWORK_NAME\"
    

    Replace NETWORK_NAME with the name of the VPC network to list internal ranges in.

Describe an internal range

You can describe an internal range to view details about the chosen range, including any subnetworks that are associated with the internal range.

Console

  1. In the Google Cloud console, go to the Internal ranges page.

    Go to Internal ranges

  2. Click the Name of the internal range that you want to describe.

gcloud

Use the internal-ranges describe command.

gcloud network-connectivity internal-ranges describe RANGE_NAME

Replace RANGE_NAME with the name of the internal range to describe.

API

Make a GET request to the projects.locations.internalRanges.get method.

GET https://networkconnectivity.googleapis.com/v1/projects/PROJECT_ID/locations/global/internalRanges/RANGE_NAME

Replace the following:

  • PROJECT_ID: the ID of the parent project for the internal range.
  • RANGE_NAME: the name of the internal range to describe.

Expand an internal range

You can expand the IP address range that is allocated to an internal range resource, but it's not possible to narrow the range. The updated range must contain the previous range. If you want to narrow the allocated range or modify another element, delete the internal range and create a new one.

Expand the IP CIDR range of an internal range

To expand an internal range by updating its IP CIDR range, follow these steps.

Console

  1. In the Google Cloud console, go to the Internal ranges page.

    Go to Internal ranges

  2. Click the Name of the internal range that you want to update.

  3. Click Expand range.

  4. Click IP range.

  5. Enter a new IP range, which must contain the previous range.

  6. Click Expand.

gcloud

Use the internal-ranges update command.

gcloud network-connectivity internal-ranges update RANGE_NAME \
    --ip-cidr-range=CIDR_RANGE

Replace the following:

  • RANGE_NAME: the name of the internal range.
  • CIDR_RANGE: the updated CIDR range, which must contain the previous range.

API

Make a PATCH request to the projects.locations.internalRanges.patch method.

PATCH https://networkconnectivity.googleapis.com/v1/projects/PROJECT_ID/locations/global/internalRanges/RANGE_NAME?updateMask=ipCidrRange
{
  "ipCidrRange": "CIDR_RANGE"
}

Replace the following:

  • PROJECT_ID: the ID of the parent project for the internal range.
  • RANGE_NAME: the name of the internal range.
  • CIDR_RANGE: the updated CIDR range, which must contain the previous range.

Expand an internal range by decreasing its prefix length

To expand an internal range by decreasing its prefix length, follow these steps.

Console

  1. In the Google Cloud console, go to the Internal ranges page.

    Go to Internal ranges

  2. Click the Name of the internal range that you want to update.

  3. Click Expand range.

  4. Click Prefix length.

  5. In the Prefix length list, select a prefix length that is less than the existing prefix length.

  6. Click Expand.

gcloud

Use the internal-ranges update command.

gcloud network-connectivity internal-ranges update RANGE_NAME \
    --prefix-length=PREFIX_LENGTH

Replace the following:

  • RANGE_NAME: the name of the internal range.
  • PREFIX_LENGTH: the updated prefix length, which must be less than the previous prefix length.

API

Make a PATCH request to the projects.locations.internalRanges.patch method.

PATCH https://networkconnectivity.googleapis.com/v1/projects/PROJECT_ID/locations/global/internalRanges/RANGE_NAME?updateMask=prefixLength
{
  "prefixLength": PREFIX_LENGTH
}

Replace the following:

  • PROJECT_ID: the ID of the parent project for the internal range.
  • RANGE_NAME: the name of the internal range.
  • PREFIX_LENGTH: the updated prefix length, which must be less than the previous prefix length.

Delete an internal range

You can delete an internal range if it is not associated with a Google Cloud resource such as a subnetwork. To delete an internal range that is associated with a Google Cloud resource, first delete the associated resource.

Console

  1. In the Google Cloud console, go to the Internal ranges page.

    Go to Internal ranges

  2. Click the Name of the internal range that you want to delete.

  3. Click Delete.

  4. To confirm, click Delete.

gcloud

Use the internal-ranges delete command.

gcloud network-connectivity internal-ranges delete RANGE_TO_DELETE

Replace RANGE_TO_DELETE with the name of the internal range to delete.

API

Make a DELETE request to the internalRanges.delete method.

DELETE https://networkconnectivity.googleapis.com/v1/projects/PROJECT_ID/locations/global/internalRanges/RANGE_NAME

Replace the following:

  • PROJECT_ID: the ID of the parent project for the internal range.
  • RANGE_NAME: the name of the internal range.