Stay organized with collectionsSave and categorize content based on your preferences.
This page describes how to increase the IP address space available to the
private services access configuration that AlloyDB uses for
clusters and instances.
When you create an AlloyDB cluster or instance in a region that
doesn't yet have any clusters or instances, AlloyDB creates a
subnet in that region. If the existing IP address space available to
AlloyDB is not large enough to create the subnet, your attempt to
create the cluster or instance fails. You must increase the IP address space to
resolve the address shortage before retrying to create the cluster or instance.
Use thegcloud config set projectcommand to set the default project to
the one where your VPC network resides.
gcloud config set projectPROJECT_ID
WherePROJECT_IDis the ID of the project where
your VPC network resides.
Use thecompute addresses createcommand to create an additional
allocated IP address range.
To specify an address range and a prefix length (subnet mask), use theaddressesandprefix-lengthflags. For example, to allocate the CIDR
block192.168.0.0/16, specify192.168.0.0for the address and16for the prefix length.
To specify just a prefix length (subnet mask), just use theprefix-lengthflag. When you omit the address range, Google Cloud
automatically selects an unused address range in your VPC
network. The following example selects an unused IP address range with a16bit prefix length.
Replace the following placeholders with relevant values:
RESERVED_RANGE_NAME: a name for the allocated range,
such asadditional-alloydb-range.
DESCRIPTION: a description for the range, such asallocated to extend AlloyDB range.
VPC_NETWORK: the name of your VPC
network, such asmy-vpc-network.
The following example creates a private connection to Google so that the VM
instances in thedefaultVPC network can use private
services access to reach Google services that support it.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[[["\u003cp\u003eThis guide details how to increase the IP address space for AlloyDB's private services access configuration, crucial when creating new clusters or instances if the existing space is insufficient.\u003c/p\u003e\n"],["\u003cp\u003eIncreasing the IP address space involves two key steps: creating an additional allocated IP address range within your VPC network and then adding this new range to the existing private services access connection.\u003c/p\u003e\n"],["\u003cp\u003eTo ensure sufficient space for AlloyDB, the allocated IP range should have a prefix length of 16 or less, and the guide provides options for specifying the range manually or letting Google automatically select it.\u003c/p\u003e\n"],["\u003cp\u003eThe process can be completed using either the Google Cloud Console or the gcloud CLI, with detailed instructions provided for both methods.\u003c/p\u003e\n"],["\u003cp\u003eBefore you start, verify you have the necessary IAM roles and permissions, including \u003ccode\u003ecompute.networks.list\u003c/code\u003e, \u003ccode\u003ecompute.addresses.create\u003c/code\u003e, \u003ccode\u003ecompute.addresses.list\u003c/code\u003e, and \u003ccode\u003eservicenetworking.services.addPeering\u003c/code\u003e, in addition to the required AlloyDB roles.\u003c/p\u003e\n"]]],[],null,["# Increase private services access address space\n\nThis page describes how to increase the IP address space available to the\nprivate services access configuration that AlloyDB uses for\nclusters and instances.\n\nWhen you create an AlloyDB cluster or instance in a region that\ndoesn't yet have any clusters or instances, AlloyDB creates a\nsubnet in that region. If the existing IP address space available to\nAlloyDB is not large enough to create the subnet, your attempt to\ncreate the cluster or instance fails. You must increase the IP address space to\nresolve the address shortage before retrying to create the cluster or instance.\n\n\nBefore you begin\n----------------\n\n- The Google Cloud project you are using must have been [enabled to access AlloyDB](/alloydb/docs/project-enable-access).\n- You must have one of these IAM roles in the Google Cloud project you are using:\n - `roles/alloydb.admin` (the AlloyDB Admin predefined IAM role)\n - `roles/owner` (the Owner basic IAM role)\n - `roles/editor` (the Editor basic IAM role)\n\n If you don't have any of these roles, contact your Organization Administrator to request\n access.\n- To increase the IP address range, you also must have these IAM permissions:\n - `compute.networks.list`\n - `compute.addresses.create`\n - `compute.addresses.list`\n - `servicenetworking.services.addPeering`\n\n\u003cbr /\u003e\n\nProcedure\n---------\n\nTo increase the AlloyDB IP address space, you perform two operations:\n\n- Create an additional allocated IP address range in your VPC network.\n- Add the additional address range to the existing private services access connection in your VPC network.\n\n### Console\n\n1. Go to the VPC networks page in the Google Cloud console.\n\n [Go to the VPC networks page](https://console.cloud.google.com/networking/networks/list)\n2. Select the project where your VPC network resides.\n\n3. Select the VPC network that contains your existing private\n services access connection.\n\n4. Select the **Private services access** tab.\n\n5. In the **Private services access** tab, select the **Allocated IP\n ranges for services** tab.\n\n6. Click **Allocate IP range**.\n\n7. Enter a **Name** and **Description** for the allocated range.\n\n8. Specify an **IP range** for the allocation:\n\n | **Note:** To provide sufficient address space for AlloyDB, specify a prefix length of 16 or less.\n - To specify an IP address range, select **Custom** and then enter a CIDR block, such as `192.168.0.0/16`.\n - To specify a prefix length and let Google select an available range, select **Automatic** and then enter a prefix length, such as `16`.\n9. Click **Allocate** to create the allocated range.\n\n10. In the **Private service access** tab, select the **Private\n connections to services** tab.\n\n11. Click **servicenetworking-googleapis-com**.\n\n12. In the **Update a private connection** dialog, click the **Assigned allocation** box and then select the additional allocated IP range you created earlier.\n\n13. Click **Update** to update the connection.\n\n### gcloud\n\n\nTo use the gcloud CLI, you can\n[install and initialize](/sdk/docs/install) the Google Cloud CLI, or you\ncan use [Cloud Shell](/shell/docs/using-cloud-shell).\n\n\u003cbr /\u003e\n\n1. Use the `gcloud config set project` command to set the default project to\n the one where your VPC network resides.\n\n ```\n gcloud config set project PROJECT_ID\n ```\n\n Where \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e is the ID of the project where\n your VPC network resides.\n2. Use the `compute addresses create` command to create an additional\n allocated IP address range.\n\n | **Note:** To provide sufficient address space for AlloyDB, specify a prefix length of 16 or less.\n - To specify an address range and a prefix length (subnet mask), use the\n `addresses` and `prefix-length` flags. For example, to allocate the CIDR\n block `192.168.0.0/16`, specify `192.168.0.0` for the address and `16`\n for the prefix length.\n\n ```\n gcloud compute addresses create RESERVED_RANGE_NAME \\\n --global \\\n --purpose=VPC_PEERING \\\n --addresses=192.168.0.0 \\\n --prefix-length=16 \\\n --description=\"DESCRIPTION\" \\\n --network=VPC_NETWORK\n ```\n - To specify just a prefix length (subnet mask), just use the\n `prefix-length` flag. When you omit the address range, Google Cloud\n automatically selects an unused address range in your VPC\n network. The following example selects an unused IP address range with a\n `16` bit prefix length.\n\n ```\n gcloud compute addresses create RESERVED_RANGE_NAME \\\n --global \\\n --purpose=VPC_PEERING \\\n --prefix-length=16 \\\n --description=\"DESCRIPTION\" \\\n --network=VPC_NETWORK\n ```\n\n Replace the following placeholders with relevant values:\n - \u003cvar translate=\"no\"\u003eRESERVED_RANGE_NAME\u003c/var\u003e: a name for the allocated range,\n such as `additional-alloydb-range`.\n\n - \u003cvar translate=\"no\"\u003eDESCRIPTION\u003c/var\u003e: a description for the range, such as\n `allocated to extend AlloyDB range`.\n\n - \u003cvar translate=\"no\"\u003eVPC_NETWORK\u003c/var\u003e: the name of your VPC\n network, such as `my-vpc-network`.\n\n The following example creates a private connection to Google so that the VM\n instances in the `default` VPC network can use private\n services access to reach Google services that support it. \n\n ```\n gcloud compute addresses create additional-alloydb-range \\\n --global \\\n --purpose=VPC_PEERING \\\n --prefix-length=16 \\\n --description=\"allocated to extend AlloyDB range\" \\\n --network=default\n ```\n3. Use the `services vpc-peerings list` command to get a list of IP ranges\n already allocated to your private services connection:\n\n ```\n gcloud services vpc-peerings list \\\n --service=servicenetworking.googleapis.com \\\n --network=VPC_NETWORK\n ```\n\n Where \u003cvar translate=\"no\"\u003eVPC_NETWORK\u003c/var\u003e is the name of your\n VPC network, such as `my-vpc-network`.\n\n The list of IP ranges already allocated to your private services\n connection appears after `reservedPeeringRanges`.\n4. Use the `services vpc-peerings update` command to add the additional\n address range to the private services connection.\n\n ```\n gcloud services vpc-peerings update \\\n --service=servicenetworking.googleapis.com \\\n --ranges=RESERVED_RANGE_NAME,EXISTING_RANGES_LIST \\\n --network=VPC_NETWORK\n ```\n\n Replace the following placeholders with relevant values:\n - \u003cvar translate=\"no\"\u003eRESERVED_RANGE_NAME\u003c/var\u003e: the name of the additional\n allocated IP address range you created.\n\n - \u003cvar translate=\"no\"\u003eEXISTING_RANGES_LIST\u003c/var\u003e: a comma-separated list of the\n IP address ranges already allocated to the private services\n connection.\n\n - \u003cvar translate=\"no\"\u003eVPC_NETWORK\u003c/var\u003e: the name of your VPC\n network.\n\n The command initiates a long-running operation, returning an operation\n name.\n5. Check whether the operation was successful.\n\n ```\n gcloud services vpc-peerings operations describe OPERATION_NAME\n ```\n\n Replace \u003cvar translate=\"no\"\u003eOPERATION_NAME\u003c/var\u003e with the operation name that\n was returned from the previous step."]]
