Private services access
requires a prefix-length of at least /24 (256 addresses).
Parallelstore reserves 64 addresses per instance, which means that you can
re-use this IP range with other services or other Parallelstore instances if
needed.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[],[],null,["# Configure a VPC network\n\nParallelstore runs within a Virtual Private Cloud (VPC) which provides\nnetworking functionality to\n[Compute Engine virtual machine (VM) instances](/compute/docs/instances),\n[Google Kubernetes Engine (GKE) clusters](/kubernetes-engine/docs), and\n[serverless workloads](/serverless#section-3).\n\nThe same VPC network must be specified when creating the Parallelstore instance\nand client Compute Engine VMs or Google Kubernetes Engine clusters\n\nYou must also configure private services access within your VPC.\n\nConfigure IAM permissions\n-------------------------\n\nYou must have one of the following IAM permissions in order to set up network\npeering for your project:\n\n- [Compute Network Admin](/compute/docs/access/iam#compute.networkAdmin) (`roles/compute.networkAdmin`)\n- [Service Networking Admin](/iam/docs/understanding-roles#servicenetworking.networksAdmin) (`roles/servicenetworking.networksAdmin`)\n\nTo grant a role: \n\n gcloud projects add-iam-policy-binding \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e \\\n --member=\"user:\u003cvar translate=\"no\"\u003eEMAIL_ADDRESS\u003c/var\u003e\"\n --role=\u003cvar translate=\"no\"\u003eROLE\u003c/var\u003e\n\nCreate and configure the VPC\n----------------------------\n\n1. Enable service networking.\n\n gcloud services enable servicenetworking.googleapis.com\n\n2. Create a VPC Network.\n\n gcloud compute networks create \u003cvar translate=\"no\"\u003eNETWORK_NAME\u003c/var\u003e \\\n --subnet-mode=auto \\\n --mtu=8896\n\n | **Note:** Setting the value of `mtu` (*maximum transmission unit*, or the size of the largest IP packet that can be transmitted on this network) to the maximum allowed value of 8896 improves performance up to 10% compared to the default value of 1460 bytes.\n3. Create an IP range.\n\n Private services access\n [requires a prefix-length of at least `/24`](/vpc/docs/configure-private-services-access#ip_address_range_size) (256 addresses).\n Parallelstore reserves 64 addresses per instance, which means that you can\n re-use this IP range with other services or other Parallelstore instances if\n needed. \n\n gcloud compute addresses create \u003cvar translate=\"no\"\u003eIP_RANGE_NAME\u003c/var\u003e \\\n --global \\\n --purpose=VPC_PEERING \\\n --prefix-length=24 \\\n --description=\"Parallelstore VPC Peering\" \\\n --network=\u003cvar translate=\"no\"\u003eNETWORK_NAME\u003c/var\u003e\n\n4. Get the CIDR range associated with the range you created in the previous step.\n\n CIDR_RANGE=$(\n gcloud compute addresses describe \u003cvar translate=\"no\"\u003eIP_RANGE_NAME\u003c/var\u003e \\\n --global \\\n --format=\"value[separator=/](address, prefixLength)\"\n )\n\n5. Create a firewall rule to allow TCP traffic from the IP range you created.\n\n gcloud compute firewall-rules create \u003cvar translate=\"no\"\u003eFIREWALL_NAME\u003c/var\u003e \\\n --allow=tcp \\\n --network=\u003cvar translate=\"no\"\u003eNETWORK_NAME\u003c/var\u003e \\\n --source-ranges=$CIDR_RANGE\n\n6. Connect the peering.\n\n gcloud services vpc-peerings connect \\\n --network=\u003cvar translate=\"no\"\u003eNETWORK_NAME\u003c/var\u003e \\\n --ranges=\u003cvar translate=\"no\"\u003eIP_RANGE_NAME\u003c/var\u003e \\\n --service=servicenetworking.googleapis.com\n\nKnown issues\n------------\n\nParallelstore instances and clients cannot use an IP address from the\n172.17.0.0/16 subnet range. See [Known issues](/parallelstore/docs/known-issues)\nfor more information.\n\nWhat's next\n-----------\n\n- [Create a Parallelstore instance](/parallelstore/docs/create-instance)\n- [Troubleshoot VPC networks](/parallelstore/docs/troubleshooting#troubleshooting-vpc-networks)"]]
