VPC release notes

This page contains release notes for features and updates to Virtual Private Cloud (VPC) networking in Google Cloud.

You can see the latest product updates for all of Google Cloud on the Google Cloud page, browse and filter all release notes in the Google Cloud console, or programmatically access release notes in BigQuery.

To get the latest product updates delivered to you, add the URL of this page to your feed reader, or add the feed URL directly.

November 14, 2025

Feature

Dynamic Private Service Connect interfaces are available in General Availability. Private Service Connect interfaces let service producers initiate connections to service consumers. You can update a VM instance to add or remove dynamic Private Service Connect interfaces without needing to restart or recreate the instance.

For more information, see Private Service Connect interface types.

November 10, 2025

November 03, 2025

Feature

VPC Network Peering supports peering connections in consensus mode. This feature is available in General Availability. For more information, see Connection mode.

October 30, 2025

Feature

Dynamic Network Interfaces (NICs) are available in General Availability.

Dynamic NICs let you update an instance to add or remove network interfaces without having to restart or recreate the instance.

You can also use Dynamic NICs when you need more network interfaces. The maximum number of vNICs for most machine types in Google Cloud is 10; however, you can configure up to 16 total interfaces by using Dynamic NICs.

For more information, see the following:

October 29, 2025

October 24, 2025

Feature

You can view IP address utilization when you list or describe subnets. IP address utilization displays the number of free and allocated IP addresses in a subnet. This feature is available in General Availability.

October 20, 2025

October 15, 2025

September 26, 2025

September 25, 2025

September 23, 2025

September 12, 2025

Feature

You can create a VPC network that supports RDMA over Falcon transport, which lets you run AI and high performance computing (HPC) workloads on VM instances that have the IRDMA network interface type in Google Cloud, such as H4D instances. This feature is available in Preview. For more information, see RDMA network profiles.

August 26, 2025

August 08, 2025

Feature

VPC Flow Logs includes metadata annotations for Google services such as Google APIs and VPC-hosted services. The following annotations are available in General Availability:

  • service_name
  • connectivity
  • private_domain

These annotations are supported for flows between VMs in VPC networks and Google services and for flows between on-premises endpoints and Google services (through Cloud Interconnect and Cloud VPN). For more information, see GoogleServiceDetails field format.

August 04, 2025

Feature

When you reserve an internal range with an automatically allocated IPv4 CIDR block, you can specify the allocation strategy that is used to select a free block. This feature is available in General Availability.

July 09, 2025

Feature

Dynamic Private Service Connect interfaces are available in Preview. You can update VM instances to add or remove dynamic Private Service Connect interfaces without restarting or recreating the instance.

For more information, see Private Service Connect interface types.

Feature

VPC Network Peering supports peering connections in consensus mode. This feature is available in Preview. For more information, see Update strategy.

July 08, 2025

Feature

The following features of policy-based routes are available in General Availability:

  • Applying policy-based routes to IPv6 traffic
  • Using a next hop that is in a peered VPC network

For more information, see Create policy-based routes.

June 27, 2025

Feature

Private Service Connect service connectivity automation periodically retries endpoint create or delete operations that fail due to errors. This feature is available in General Availability. For more information, see Automatic retries for endpoint failures.

June 18, 2025

June 16, 2025

Feature

VPC Flow Logs annotates RDMA traffic that is reported from A3 Mega VMs. This feature is available in General Availability. For more information, see About VPC Flow Logs records.

June 13, 2025

Feature

Dynamic Network Interfaces (NICs) are available in Preview.

Dynamic NICs let you update an instance to add or remove network interfaces without having to restart or recreate the instance.

You can also use Dynamic NICs when you need more network interfaces. The maximum number of vNICs for most machine types in Google Cloud is 10; however, you can configure up to 16 total interfaces by using Dynamic NICs.

For more information, see the following:

June 05, 2025

Feature

You can publish a Secure Web Proxy instance as a Private Service Connect service. Making Secure Web Proxy available as a published service lets you centralize egress traffic management across multiple VPC networks. This feature is available in General Availability.

May 28, 2025

Feature

You can assign IPv6 bring your own IP (BYOIP) addresses to a subnet's external address range. These subnet ranges can only be used by VM instances, either as ephemeral or reserved addresses. To reserve addresses from these ranges, create a static regional external IPv6 address with the VM endpoint type. This feature is available in General Availability.

For more information, see Create and use IPv6 sub-prefixes.

May 19, 2025

May 12, 2025

Feature

You can exclude IP address ranges from being used for automatic IP address allocation for internal ranges. This feature is available in General Availability. For more information, see Reserve internal ranges.

May 07, 2025

Feature

The following features of internal ranges are available in General Availability:

  • Reserving internal ranges with IPv6 addresses
  • Creating immutable ranges (ranges that can't be edited, except for the description)
  • Editable descriptions

For more information, see Internal ranges overview.

Feature

When you reserve an internal range with an automatically allocated IPv4 CIDR block, you can specify the allocation strategy that is used to select a free block. This feature is available in Preview.

April 30, 2025

Feature

If you're a service producer that makes a service available through VPC Network Peering, you can migrate your service to Private Service Connect without changing the IPv4 address that consumers use to access the service. This feature is available in General Availability.

April 10, 2025

March 31, 2025

Feature

You can access global Google APIs by using Private Service Connect backends that are based on cross-region internal Application Load Balancers. This feature is available in General Availability. For more information, see Access global Google APIs through backends.

March 26, 2025

Feature

Support for the following is available in General availability for dual-stack configurations:

  • IPv6 static routes with a next hop internal passthrough Network Load Balancer (next-hop-ilb)
  • IPv6 static routes with a next hop instance identified by address (next-hop-address)

For more information, see Next hops and features in the static routes overview.

March 07, 2025

Feature

The following features of internal ranges are available in Preview:

  • Reserving internal ranges with IPv6 addresses
  • Creating immutable internal ranges (ranges that can't be updated, except for the description)
  • Editable descriptions

For more information, see Internal ranges overview.

Feature

You can create internal ranges that overlap with routes and subnets. This feature is available in General Availability. For more information, see Internal ranges overview.

Feature

You can exclude IP address ranges from internal range automatic IP address allocation. This feature is available in Preview. For more information, see Reserve internal ranges.

March 04, 2025

Feature

For auto mode VPC networks, added a new subnet 10.226.0.0/20 for the Stockholm europe-north2 region. For more information, see Global Locations and Auto mode IP ranges.

February 28, 2025

February 27, 2025

February 26, 2025

Feature

Private Service Connect propagated connections are available in General Availability. With propagated connections, services that are accessible in one consumer VPC spoke through Private Service Connect endpoints can be privately accessed by other consumer VPC spokes that are connected to the same Network Connectivity Center hub.

February 20, 2025

Feature

Private Service Connect service connectivity automation supports IPv6 connectivity to eligible managed services. This feature is available in General availability. For more information, see Endpoint IP versions.

January 27, 2025

Feature

VPC Flow Logs metadata annotations include InstanceGroupDetails. This feature is available in General Availability.

Issue

There is a known issue with global access endpoints that access services that are published by using internal passthrough Network Load Balancers or internal protocol forwarding (target instances). Private Service Connect doesn't validate that the global access setting on the endpoint matches the setting on the producer's load balancer. We recommend the following:

  • If you're a service consumer, only enable global access on an endpoint if you know that the producer's load balancer is configured for global access. For more information, see endpoint Known issues.

  • If you're a service producer whose services are hosted on internal passthrough Network Load Balancers or internal protocol forwarding (target instances), and those services are accessed through global access endpoints, ensure that global access is enabled on your services' load balancers. For more information, see published services Known issues.

January 16, 2025

January 15, 2025

Feature

If you're a service producer that makes a service available through VPC Network Peering, you can migrate your service to Private Service Connect without changing the IP address that consumers use to access the service. This feature is available in Preview.

Feature

The network profile resource and an RDMA network profile are available in General Availability. You can create a VPC network with the RDMA network profile, which lets you run AI workloads on VM instances that have RDMA network interfaces (NICs). For more information, see the following:

Feature

You can create an internal range with the usage type FOR_MIGRATION to migrate a CIDR range from one subnet to another. For more information, see Migrating subnet ranges. This feature is available in General Availability.

Feature

If you create a Private Service Connect backend to connect to a published service, and the producer has let you know which port the service is available on, you can include the producer port in the backend configuration.

For more information about the producer's configuration, see Producer port configuration.

Specifying the producer port in a Private Service Connect backend is available in General Availability.

January 14, 2025

Feature

VPC Flow Logs can sample traffic that is sent through VLAN attachments for Cloud Interconnect and Cloud VPN tunnels. This feature is available in General Availability. To enable VPC Flow Logs for VLAN attachments and Cloud VPN tunnels, see Configure VPC Flow Logs.

December 17, 2024

December 13, 2024

December 11, 2024

Feature

Private Service Connect port mapping is available in General Availability. Port mapping lets consumer virtual machine (VM) instances privately communicate with specific service ports on specific producer VMs through a single Private Service Connect endpoint.

November 18, 2024

Feature

For auto mode VPC networks, added a new subnet 10.224.0.0/20 for the Mexico northamerica-south1 region. For more information, see Global Locations and Auto mode IP ranges.

October 31, 2024

Feature

Support for IPv6 static routes with a next hop internal passthrough Network Load Balancer (next-hop-ilb) is available in Preview.

September 27, 2024

September 13, 2024

August 23, 2024

Breaking

The live migration feature for bring your own IP v1 has been removed. For new configurations, we recommend that you use bring your own IP v2, which lets you control when prefixes are advertised.

Feature

VPC Flow Logs can sample traffic that is sent through VLAN attachments for Cloud Interconnect and Cloud VPN tunnels. This feature is available in Preview. For more information, see VPC Flow Logs.

August 12, 2024

Feature

VPC Flow Logs includes the following metadata annotations in General Availability:

  • src_gateway and dest_gateway
  • src_google_service and dest_google_service
  • load_balancing
  • network_service
  • psc

For more information, see Record Format.

July 24, 2024

July 22, 2024

Feature

In the Google Cloud Console, the Effective routes tab on the Routes page shows only routes that are effective. You can optionally show suppressed routes by using the Show suppressed routes toggle. You can also view the reason why a given route is suppressed. For more information, see List routes for a VPC network.

July 17, 2024

June 28, 2024

June 17, 2024

June 14, 2024

Feature

Private Service Connect propagated connections are available in Preview. With propagated connections, services that are accessible in one consumer VPC spoke through Private Service Connect endpoints can be privately accessed by other consumer VPC spokes that are connected to the same Network Connectivity Center hub.

Feature

Private Service Connect port mapping is available in Preview. Port mapping lets consumer virtual machine (VM) instances privately communicate with specific service ports on specific producer VMs through a single Private Service Connect endpoint.

June 10, 2024

Feature

The following features of policy-based routes are available in Preview:

  • Applying policy-based routes to IPv6 traffic
  • Using a next hop that is in a peered VPC network

For more information, see Create policy-based routes.

Feature

VPC Flow Logs includes internet routing details for egress flows. For more information, see InternetRoutingDetails field format. This field is available in General Availability.

June 03, 2024

Feature

Support for IPv6 static routes with a next hop instance identified by address (next-hop-address) is available in Preview.

May 03, 2024

May 02, 2024

Announcement

Service producers are no longer charged producer data processing for ingress or egress traffic through a Private Service Connect service attachment. For more information, see pricing for published services.

Announcement

Private Service Connect now offers consumers volume-based discounts for consumer data processing. For more information, see Consumer data processing.

April 26, 2024

April 23, 2024

Change

The Private Service Connect interface documentation has been updated. Google recommends avoiding multi-tenant architectures, where multiple consumers connect to the same Private Service Connect interface VM. In a multi-tenant architecture, if one consumer terminates their Private Service Connect interface connection, other consumers that are connected to the same VM also lose connectivity. For more information, see Limitations.

April 01, 2024

Feature

You can use Packet Mirroring to collect IPv6 traffic. This feature is available in General Availability.

March 07, 2024

Feature

Internal ranges are available in General Availability. Internal ranges let you allocate blocks of private IP addresses in VPC networks and specify how those addresses can be used.

February 26, 2024

Change

The VPC documentation has been updated with a new page that describes which services in Google Cloud include support for IPv6. For more information, see IPv6 support in Google Cloud.

February 05, 2024

January 31, 2024

Feature

Private Service Connect interfaces are available in General Availability. Private Service Connect interfaces let service producers initiate connections to consumer VPC networks.

Feature

For auto mode VPC networks, added a new subnet 10.218.0.0/20 for the Johannesburg africa-south1 region. For more information, see Auto mode IP ranges.

January 11, 2024

December 19, 2023

Feature

You can use Packet Mirroring to collect IPv6 traffic. This feature is available in General Availability.

This note is incorrect. The feature was released in Preview on this date.

December 13, 2023

November 20, 2023

October 02, 2023

September 29, 2023

September 19, 2023

Feature

For auto mode VPC networks, added a new subnet 10.216.0.0/20 for the Dammam me-central2 region. For more information, see Auto mode IP ranges.

September 14, 2023

Feature

Policy-based routing is available in General Availability. You can select a next hop based on more than a packet's destination IP address. You can match traffic by protocol and source IP address as well.

Issue

If you've used Google provider for Terraform versions earlier than 4.76.0 to create Private Service Connect service attachments, do not upgrade to versions 4.76.0 through 4.81.x. When you run terraform apply after the upgrade, Terraform might unintentionally delete and recreate the service attachments and close existing Private Service Connect connections. Recreated service attachments do not automatically re-establish Private Service Connect connections.

Upgrading to version 4.82.0 or later ensures that service attachments are not recreated.

Versions 4.76.0 and later turn on connection reconciliation by default, which might result in different service attachments having different settings for this field, depending on when they were created.

For more information and workarounds, see Disconnections after upgrading the Google provider for Terraform.

September 05, 2023

Feature

Support for IPv6 static routes with the following next hops is generally available (GA):

  • next-hop-gateway
  • next-hop-instance

August 30, 2023

August 22, 2023

Feature

For auto mode VPC networks, added a new subnet 10.214.0.0/20 for the Berlin europe-west10 region. For more information, see Auto mode IP ranges.

August 14, 2023

Change

VLAN attachments for Cloud Interconnect that have Dataplane v1 can access Private Service Connect endpoints from hybrid networks. For more information, see access endpoints from hybrid networks.

August 02, 2023

Feature

Connection reconciliation is available in General Availability. When connection reconciliation is enabled for a service attachment, updating the service attachment's consumer accept or reject lists affects existing Private Service Connect connections in addition to new and pending connections.

July 28, 2023

July 18, 2023

Change

All service attachments, including those created before March 1, 2023, consume one NAT IP address for each connected endpoint or backend. For more information, see NAT subnet sizing.

July 17, 2023

July 10, 2023

Breaking

By default, public advertised prefixes can be used only to create regional public delegated prefixes. If you need to create global public delegated prefixes, you must request access. For more information about this behavior change and how to request access, see Behavior changes for BYOIP.

July 05, 2023

June 30, 2023

Feature

You can use custom constraints to provide more granular and customizable control over specific fields for some VPC resources. For more information, see Manage VPC resources by using custom constraints. This feature is available in Preview.

June 20, 2023

June 13, 2023

Feature

Private Service Connect interfaces are available in Preview. Private Service Connect interfaces let service producers initiate connections to consumer VPC networks.

June 04, 2023

Feature

Support for IPv6 static routes with the following next hops is available in Preview:

  • next-hop-gateway
  • next-hop-instance

May 26, 2023

May 23, 2023

Feature

Internal ranges are available in Preview. Internal ranges let you allocate blocks of private IP addresses in VPC networks and specify how those addresses can be used.

May 18, 2023

May 17, 2023

Feature

Global access for Private Service Connect endpoints for published services is available in General Availability. When global access is configured, clients in any region can send traffic to Private Service Connect endpoints.

April 20, 2023

April 19, 2023

Feature

Private Service Connect endpoints for published services can be configured with global access. When global access is configured, clients in any region can send traffic to endpoints. Global access for endpoints is available in Preview.

April 10, 2023

Change

Documentation updates for Private Service Connect:

April 05, 2023

March 30, 2023

Feature

For auto mode VPC networks, added a new subnet 10.212.0.0/20 for the Doha me-central1 region. For more information, see Auto mode IP ranges.

March 23, 2023

Feature

For auto mode VPC networks, added a new subnet 10.210.0.0/20 for the Turin europe-west12 region. For more information, see Auto mode IP ranges.

March 20, 2023

March 14, 2023

Feature

Hybrid subnets are available in Preview. A hybrid subnet combines an on-premises subnet and a VPC subnet into a single logical subnet. You can migrate individual workloads and instances from the on-premises subnet to the VPC subnet over time without needing to change IP addresses.

March 10, 2023

Feature

Consumption of IP addresses in Private Service Connect NAT subnets is improved for service attachments that are created after March 1st, 2023. For more information, see NAT subnets. This improvement is available in General Availability.

January 26, 2023

Feature

Policy-based routing is available in Preview. You can select a next hop based on more than a packet's destination IP address. You can match traffic by protocol and source IP address as well.

December 20, 2022

Feature

Preview: You can use geo-location objects in firewall policy rules to filter external IPv4 and external IPv6 traffic based on specific geographic locations or regions.

Feature

Preview: You can use address groups to combine multiple IP addresses and IP ranges into a single named logical unit. You can then use this unit across multiple rules in the same or different firewall policies.

December 14, 2022

December 13, 2022

November 17, 2022

November 16, 2022

November 08, 2022

November 01, 2022

October 21, 2022

October 14, 2022

October 05, 2022

Feature

For auto mode VPC networks, added a new subnet 10.208.0.0/20 for the Tel Aviv me-west1 region. For more information, see Auto mode IP ranges.

October 04, 2022

September 26, 2022

Feature

General Availability: You can monitor the following Private Service Connect producer metrics using Cloud Monitoring:

  • Connected consumer forwarding rules
  • Used NAT IP addresses

For more information, see Monitor Private Service Connect published services.

September 23, 2022

Change

VPC Service Controls ingress and egress rules are no longer required to establish Private Service Connect connections from inside a VPC Service Controls perimeter.

Establishing a Private Service Connect connection between consumer and producer projects that are not in the same VPC Service Controls perimeter does not require explicit authorization with egress policies. However, all communication to VPC Service Controls-supported services through the Private Service Connect endpoint is protected by the VPC Service Controls perimeter.

For more information, see VPC Service Controls.

August 08, 2022

August 05, 2022

July 14, 2022

June 22, 2022

Feature

Private Service Connect supports publishing a service that is hosted on an internal regional TCP proxy load balancer in a service producer VPC network. The backends can be located in Google Cloud, in other clouds, in an on-premises environment, or any combination of these locations.

This feature is available in Preview.

June 13, 2022

June 07, 2022

Feature

For auto mode VPC networks, added a new subnet 10.206.0.0/20 for the Dallas us-south1 region. For more information, see Auto mode IP ranges.

May 24, 2022

Feature

For auto mode VPC networks, added a new subnet 10.202.0.0/20 for the Columbus us-east5 region. For more information, see Auto mode IP ranges.

May 17, 2022

May 10, 2022

Feature

For auto mode VPC networks, added a new subnet 10.204.0.0/20 for the Madrid europe-southwest1 region. For more information, see Auto mode IP ranges.

May 09, 2022

May 02, 2022

Feature

For auto mode VPC networks, added a new subnet 10.200.0.0/20 for the Paris europe-west9 region. For more information, see Auto mode IP ranges.

April 25, 2022

Feature

Automatic DNS configuration for Private Service Connect endpoints is available in General Availability.

For service producers: When you publish a managed service with Private Service Connect, you can optionally specify a domain name for the service.

For service consumers: When you create a Private Service Connect endpoint to connect to a managed service that has a specified domain name, a DNS entry for the Private Service Connect endpoint is created in a Service Directory DNS zone.

April 20, 2022

Feature

For auto mode VPC networks, added a new subnet 10.198.0.0/20 for the Milan europe-west8 region. For more information, see Auto mode IP ranges.

January 24, 2022

January 06, 2022

Change

By default, Google Cloud blocks egress packets sent to TCP destination port 25 of an external IP address (including an external IP address of another Google Cloud resource). This restriction has been removed from projects owned by select Google Cloud customers.

For more information, see Blocked and limited traffic.

December 15, 2021

Feature

When you create a custom mode VPC network, you can select predefined firewall rules which address common use cases for connectivity to instances. This feature is available in General Availability.

December 13, 2021

Fixed

Connectivity from on-premises hosts to a Private Service Connect endpoint that is used to access managed services now correctly establishes for all service attachment configurations.

November 16, 2021

Feature

For auto mode VPC networks, added a new subnet 10.194.0.0/20 for the Santiago southamerica-west1 region. For more information, see Auto mode IP ranges.

November 12, 2021

November 02, 2021

October 21, 2021

Fixed

This issue is now fixed: Connectivity from on-premises hosts to a Private Service Connect endpoint that is used to access published services might not establish for some existing Cloud VPN connections. As a workaround, recreate the VPN gateway and the VPN tunnels.

October 12, 2021

Issue

Connectivity from on-premises hosts to a Private Service Connect endpoint that is used to access published services might not establish for some existing Cloud VPN connections. As a workaround, recreate the VPN gateway and the VPN tunnels.

Issue

Connectivity from on-premises hosts to a Private Service Connect endpoint that is used to access managed services does not establish if both of the following conditions are met:

  • The service is published with explicit project approval

  • Your project is not already approved before you create the endpoint.

See known issues for a workaround while this feature is in Preview.

October 04, 2021

Fixed

If you are using Private Service Connect endpoints to access services in another VPC network, and you create more endpoints than are allowed by the limit set by the service producer, any endpoints created after the limit is reached have a status of Pending, as expected. Now, if you remove endpoints to get below the limit, the status of those endpoints correctly changes to Accepted.

September 16, 2021

Fixed

Enabling or disabling PROXY protocol after a Private Service Connect service attachment is created now correctly changes the configuration.

September 14, 2021

Feature

Full control over which protocols are mirrored by Packet Mirroring is now available in General Availability.

August 25, 2021

August 23, 2021

August 17, 2021

August 03, 2021

Feature

For auto mode VPC networks, added a new subnet 10.188.0.0/20 for the Toronto northamerica-northeast2 region. For more information, see Auto mode IP ranges.

July 28, 2021

Issue

If you are using Private Service Connect to publish or consume services, the following items are not logged in Cloud Logging: changes in endpoint status, and service attachment deletions.

July 20, 2021

July 14, 2021

Fixed

Private Service Connect service attachment details now correctly shows the status for consumer endpoints. Consumer endpoints can have a status other than Accepted.

Fixed

If you're creating a Private Service Connect endpoint in a Shared VPC network, the endpoint no longer needs to be in the same project that contains the virtual machines (VMs) that send requests to the endpoint.

June 30, 2021

Feature

Deleting a private services access connection now also removes configurations created by the service producer, if Google is the service producer (for example, Cloud SQL). The improved deletion process simplifies administration if you delete a private services access connection, but later want to recreate it. This feature is now available in General Availability.

June 29, 2021

Feature

For auto mode VPC networks, added a new subnet 10.190.0.0/20 for the Delhi asia-south2 region. For more information, see Auto mode IP ranges.

June 23, 2021

Issue

If you are using Private Service Connect endpoints to access services in another VPC network, and you create more endpoints than are allowed by the limit set by the service producer, any endpoints created after the limit is reached have a status of Pending, as expected. However, if you remove endpoints to get below the limit, the status of those endpoints does not change to Accepted.

Issue

If you are using Private Service Connect endpoints to access services in another VPC network, and you delete multiple endpoints in a short period of time, one or more of the deletions might fail. To avoid this issue, wait 20 seconds between deletions.

June 21, 2021

Feature

For auto mode VPC networks, added a new subnet 10.192.0.0/20 for the Melbourne australia-southeast2 region. For more information, see Auto mode IP ranges.

June 16, 2021

Fixed

Private Service Connect endpoints in consumer networks now won't become unresponsive if they are connected to a service attachment that references a load balancer without backend VMs.

June 15, 2021

June 14, 2021

Issue

Enabling or disabling PROXY protocol after a Private Service Connect service attachment is created does not change the configuration. However, the status shown in the service attachment details incorrectly shows that the status has changed. To enable or disable PROXY protocol, delete the service attachment and recreate it with the correct PROXY protocol configuration.

June 09, 2021

Fixed

If you enable PROXY protocol for a Private Service Connect service attachment, the PROXY protocol header value was previously either 0xEA or 0xE0. Starting today, the value will always be 0xE0.

June 04, 2021

Fixed

The Private Service Connect Published Services tab in the Google Cloud Console now correctly displays service attachments. You can now view and manage service attachments using the Console, the gcloud command-line tool, or the API

June 02, 2021

Issue

If you publish a service using Private Service Connect, and the referenced load balancer does not have any backend VMs, all Private Service Connect endpoints in the consumer network might become unresponsive. Make sure that that all load balancers that are referenced by a service attachment have backend VMs.

Issue

The Private Service Connect Published Services tab in the Google Cloud Console does not display service attachments. Use the gcloud command-line tool or the API to view and manage service attachments.

Issue

If you want to create a Private Service Connect endpoint in a Shared VPC network, the endpoint must be created in the same project that contains the virtual machines (VMs) that send requests to the endpoint.

Issue

If you enable PROXY protocol for a Private Service Connect service attachment, the PROXY protocol header value might be 0xEA or 0xE0. After General Availability, the value will always be 0xE0.

May 07, 2021

Feature

GRE support for VPC networks is now available in General Availability.

April 14, 2021

Issue

Using non-RFC 1918 addresses for Private Service Connect endpoints results in unexpected costs due to a billing issue. To prevent this issue, avoid using non-RFC 1918 IP addresses and instead use RFC 1918 IP addresses for Private Service Connect endpoints. If you are affected by this issue, contact your account team for remediation.

March 24, 2021

Feature

For auto mode VPC networks, added a new subnet 10.186.0.0/20 for the Warsaw europe-central2 region. For more information, see Auto mode IP ranges.

Feature

The ability to connect VM interfaces other than nic0 to a Shared VPC is now available in General Availability for instance templates and managed instance groups. This feature is available in the gcloud command-line tool and the API.

March 18, 2021

February 26, 2021

February 23, 2021

Feature

The ability to connect VM interfaces other than nic0 to a Shared VPC is now available in General Availability. This feature presently only GA for individual VM instances. Support for instance templates and managed instance groups is still Preview.

January 11, 2021

December 16, 2020

December 15, 2020

Feature

The ability to connect VM interfaces other than nic0 to a Shared VPC is now available in Preview. This feature presently only works with individual VM instances, not with instance templates or managed instance groups.

December 07, 2020

October 15, 2020

September 02, 2020

August 13, 2020

Feature

GRE support for VPC networks is now available in Beta.

July 23, 2020

June 12, 2020

June 08, 2020

Feature

For auto mode VPC networks, added a new subnet 10.184.0.0/20 for the Jakarta asia-southeast2 region. For more information, see Auto mode IP ranges.

June 03, 2020

May 29, 2020

Feature

GKE annotations and advanced controls for VPC Flow Logs is now available in General Availability.

May 18, 2020

Feature

Subnets in VPC networks now support IP addresses other than RFC 1918 addresses. For more information, see Subnet ranges.

April 29, 2020

Change

Google Cloud now encrypts VPC traffic within the boundaries of the data centers in asia-east2. We will roll out this feature gradually to other regions. Google Cloud already encrypts VPC traffic between all data centers as described in Encryption in Transit in Google Cloud.

April 24, 2020

April 20, 2020

Change

Packet Mirroring pricing will come into effect from June 20, 2020. There is no charge for Packet Mirroring until that time.

Feature

For auto mode VPC networks, added a new subnet 10.182.0.0/20 for the Las Vegas us-west4 region. For more information, see Auto mode IP ranges.

March 03, 2020

February 24, 2020

Feature

For auto mode VPC networks, added a new subnet 10.180.0.0/20 for the Salt Lake City us-west3 region. For more information, see Auto mode IP ranges.

January 24, 2020

Change

For auto mode VPC networks, added a new subnet 10.178.0.0/20 for the Seoul asia-northeast3 region. For more information, see Auto mode IP ranges.

January 01, 2020

Change

Google now charges for static external IPv4 addresses that are in use, except for ones that are used by forwarding rules. For more information, see the Network pricing.

December 19, 2019

December 11, 2019

November 22, 2019

Feature

Virtual machines with 2 or 4 vCPUs now have a maximum egress rate of 10 Gbps. This feature is Generally Available. For more information, see Machine types in the Compute Engine documentation.

November 18, 2019

November 13, 2019

September 23, 2019

Change

The quotas for subnet ranges per network and per peering group have changed.

September 20, 2019

August 13, 2019

June 19, 2019

Feature

The increased egress rate of 32Gbps of network I/O for virtual machines that use either the Skylake CPU platform or ultramem machine types, is now available in General Availability.

April 09, 2019

April 05, 2019

Feature

You can get up to 32Gbps of network I/O for virtual machines that use either the Skylake CPU platform or ultramem machine types. This increased egress rate is now available in Beta.

April 04, 2019

April 01, 2019

March 27, 2019

February 07, 2019

February 01, 2019

Feature

The private access option for on-premises hosts is now Generally Available. On-premises hosts with only private IP addresses can access Google APIs through a Cloud VPN or Cloud Interconnect connections (hybrid connectivity scenarios).

January 24, 2019

January 09, 2019

December 20, 2018

October 19, 2018

Feature

Private Google Access for on-premises hosts is now available in Beta. On-premises hosts with only private IP addresses can now access Google APIs through Cloud VPN or Cloud Interconnect connections (hybrid connectivity scenarios).

September 26, 2018

Feature

Private services access provides a private connection between your VPC network and a network owned by Google or a third party. Private services access is in Beta.

September 18, 2018

September 05, 2018

July 31, 2018

Feature

In Shared VPC service projects, listing usable subnets in the host project is now available in General Availability.

June 28, 2018

May 09, 2018

May 01, 2018

April 23, 2018

March 29, 2018

November 13, 2017

September 05, 2017

Feature

Alias IP Ranges allows you to assign additional IP addresses to a VM instance. These addresses can be used by containers running on the VM. Alias IP Ranges is now available in General Availability.

Feature

Firewall Rules egress and deny rules allows you to create firewall rules that govern egress as well as ingress traffic. You can now also create deny rules and you can prioritize the order in which rules are evaluated. Firewall Rules egress and deny rules is now available in General Availability.

August 18, 2017

Feature

Multiple Network Interfaces allows a VM instance to have more than one virtual network interfaces. Each interface must point to a different VPC network. Multiple Network Interfaces is now available in General Availability.

August 11, 2017

July 14, 2017

Feature

VPC Network Peering allows you to peer VPC networks, even networks in different organizations, so that the networks can communicate with each other using internal IP addresses. VPC Network Peering is now available in General Availability.

June 21, 2017

Feature

Multiple Network Interfaces allows a VM instance to have more than one virtual network interface. Each interface must point to a different VPC network. Multiple Network Interfaces is now available in Beta.

June 07, 2017

Feature

Shared VPC (Previously Cross-Project Networking (XPN)) is now available in General Availability.

May 22, 2017

Feature

Alias IP Ranges allows you to assign additional IP addresses to a VM instance. These addresses can be used by containers running on the VM. Alias IP Ranges is now available in Beta.

May 08, 2017

Feature

VPC Network Peering allows you to peer VPC networks, even networks in different organizations, so that the networks can communicate with each other using internal IP addresses. VPC Network Peering is now available in Beta.

May 04, 2017

Feature

Private Google Access allows Compute Engine VM instances to access Google APIs using an internal IP address only. Private Google Access is now available in General Availability.

May 01, 2017

Change

Decoupled labels and tags so that creating either a label or a tag will not create the opposing resource. For example, creating a label will no longer create a tag and vice-versa. For more information, read Relationship between instance labels and network tags.

Change

You can now find information about network tags in the VPC networking documentation.

April 17, 2017

Feature

Firewall Rules egress and deny rules allows you to create firewall rules that govern egress as well as ingress traffic. You can now also create deny rules and you can prioritize the order in which rules are evaluated. Firewall Rules egress and deny rules is now available in Beta.

March 09, 2017

Feature

Shared VPC allows you to share a VPC network with other GCP projects. Shared VPC is now available in Beta.

March 07, 2017

Feature

Private Google Access allows Compute Engine VM instances to access Google APIs using an internal IP address only. Private Google Access is now available in Beta.

December 21, 2016

May 11, 2016

Feature

The following VPC IAM roles are now generally available: roles/compute.networkAdmin, roles/compute.securityAdmin, roles/iam.serviceAccountActor

For more information, read the IAM documentation.

November 04, 2014

May 05, 2014

Change

Updated default firewall rule names. Default firewall rules are automatically created with every project. These rules were previously named default-internal and default-ssh. New projects will have the same default firewalls but with the following new names:

  • default-allow-internal - Allows network connections of any protocol and port between any two instances.
  • default-allow-ssh - Allows TCP connections from any source to any instance on the network, over port 22.

Change

Introduced new default firewall rule that will be created with each new project.

  • default-allow-icmp - Allows ICMP traffic from any source to any instance on the network.

December 17, 2013

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-12-19 UTC.