Stay organized with collections Save and categorize content based on your preferences.
This tutorial describes how to create a virtual machine (VM) instance with multiple network interfaces, each of which is attached to different Virtual Private Cloud (VPC) networks. Additionally, the tutorial provides an example of how to configure routing on a Linux VM so that you can successfully ping the nic1 interface.
The routing configuration in this tutorial applies to both network interface types: vNICs and Dynamic Network Interfaces (NICs). While the example in this tutorial uses an instance with multiple vNICs, you can configure the same example for an instance that has Dynamic NICs.
Instances with multiple network interface are referred to as multi-NIC instances.
CostsIn this document, you use the following billable components of Google Cloud:
To generate a cost estimate based on your projected usage, use the pricing calculator.
New Google Cloud users might be eligible for a
free trial.
Before you beginIn the Google Cloud console, on the project selector page, select or create a Google Cloud project.
Note: If you don't plan to keep the resources that you create in this procedure, create a project instead of selecting an existing project. After you finish these steps, you can delete the project, removing all resources associated with the project.Verify that billing is enabled for your Google Cloud project.
Enable the Compute Engine API.
In the Google Cloud console, on the project selector page, select or create a Google Cloud project.
Note: If you don't plan to keep the resources that you create in this procedure, create a project instead of selecting an existing project. After you finish these steps, you can delete the project, removing all resources associated with the project.Verify that billing is enabled for your Google Cloud project.
Enable the Compute Engine API.
The following diagram shows the VPC networks, subnets, and instances that you create in this tutorial, along with example values that you can use for resource names and subnet IP address ranges:
Figure 1. In this tutorial, you create two VPC networks that each have two subnets. All subnets are in the same region. Additionally, you create three instances: one multi-NIC instance that attaches to the first two subnets, and one instance in each of the two remaining subnets (click to enlarge).
Create two VPC networksTo create a multi-NIC instance, the VPC networks that you are connecting it to must already exist. Create two VPC networks. In this tutorial, each VPC network has two subnets.
To create the configuration shown in the example configuration, create your networks and subnets with the following values:
network-1 that contains the following:
subnet-1 that has a primary IPv4 address range of 10.10.1.0/24.subnet-3 that has a primary IPv4 address range of 10.10.3.0/24.A network called network-2 that contains the following:
subnet-2 that has a primary IPv4 address range of 10.10.2.0/24.subnet-4 that has a primary IPv4 address range of 10.10.4.0/24.In the Google Cloud console, go to the VPC networks page.
Click Create VPC network.
In the Name field, enter a name for the VPC network.
Choose Custom for the Subnet creation mode.
In the New subnet section, specify the following:
Enter an IP address range. This is the primary IPv4 range for the subnet.
If you select a range that is not an RFC 1918 address, confirm that the range doesn't conflict with an existing configuration. For more information, see IPv4 subnet ranges.
Click Done.
Click Add subnet to create a second subnet. Use this second subnet for testing ping from outside of the primary subnet range of the network interface of your instance.
In the Firewall rules section, select the allow-custom rule, and then click EDIT. Configure the rule as follows to ensure that you can test connectivity from the test instances to multi-nic-vm:
35.235.240.0/20 so that you can connect to the test instances using SSH. Including this range allows SSH connections using Identity-Aware Proxy (IAP) TCP forwarding. For more information, see Allow ingress ssh connections to VMs.22, 3389 to allow RDP and SSH.icmp to allow ICMP.Click Create.
Repeat these steps to create a second VPC network. Make sure that the subnet IP address ranges don't overlap with the subnets from your first network, such as the IP address ranges used in the example configuration.
Use the networks create command to create a VPC network.
gcloud compute networks create NETWORK --subnet-mode=custom
Replace the following:
NETWORK: a name for the VPC network.Use the networks subnets create command to create a subnet for your VPC network.
gcloud compute networks subnets create NAME \ --network=NETWORK \ --range=RANGE \ --region=REGION
Replace the following:
NAME: a name for the subnet.NETWORK: the name of the VPC network.RANGE: an IP address range. This is the primary IPv4 range for the subnet.
If you enter a range that is not an RFC 1918 address, confirm that the range doesn't conflict with an existing configuration. For more information, see IPv4 subnet ranges.
REGION: a region. Make sure that both VPC networks that you create use the same region for at least one of their subnets. Use this same region when you create the multi-NIC instance in the following section. The example configuration uses the same region for all subnets.
Repeat the previous step to create another subnet. Use this second subnet for testing ping from outside of the primary subnet range of the network interface of your instance.
Create a firewall rule to allow SSH, RDP, and ICMP:
gcloud compute firewall-rules create allow-ssh-rdp-icmp \ --network NETWORK \ --action=ALLOW \ --direction=INGRESS \ --rules=tcp:22,tcp:3389,icmp \ --source-ranges=SOURCE_RANGE
Replace the following:
NETWORK: enter the value that corresponds to the network you're creating:
network-1.network-2.SOURCE_RANGE: enter the value that corresponds to the network you're creating:
10.10.3.0/24, 35.235.240.0/20. Including 10.10.3.0/24 ensures that you can test connectivity from test-vm-1 to the nic0 interface of the multi-nic-vm. Including 35.235.240.0/20 allows SSH connections using Identity-Aware Proxy (IAP) TCP forwarding. For more information, see Allow ingress ssh connections to VMs.10.10.4.0/24, 35.235.240.0/20. Including 10.10.4.0/24 ensures that you can test connectivity from test-vm-2 to the nic0 interface of the multi-nic-vm. Including 35.235.240.0/20 allows SSH connections using Identity-Aware Proxy (IAP) TCP forwarding. For more information, see Allow ingress ssh connections to VMs.Repeat these steps to create a second VPC network. Make sure that the subnet IP address ranges don't overlap with the subnets from your first network, such as the IP address ranges used in the example configuration.
Create an instance that has one interface for each VPC network that you created in the previous section.
To create a multi-NIC instance:
ConsoleIn the Google Cloud console, go to the Create an instance page.
In the Name field, enter a name for the instance. This corresponds to multi-nic-vm in the example configuration.
In the Region field, select the same region in which you created one subnet in each of your VPC networks. The instance must be in the same region as the subnets to which its interfaces connect. The example configuration uses the same region for all subnets.
In the Zone field, select a zone.
In the Advanced options section, expand Networking, and then do the following:
network-1 and subnet-1 in the example configuration.10.10.1.3.For External IPv4 address, select one None.
To add another interface, click Add network interface.
For Network and Subnetwork, select the second network and subnetwork that you created. This corresponds to network-2 and subnet-2 in the example configuration.
For IP stack type, select IPv4 (single-stack).
For Primary internal IPv4 address, select one of the following:
10.10.2.3.For External IPv4 address, select one None.
To finish adding the network interface, click Done.
Click Create.
To create network interfaces on a new instance, use the instances create command.
Include the --network-interface flag for each interface, followed by any appropriate networking keys, such as network, subnet, private-network-ip. For the external IP address, the following command specifies no-address.
gcloud compute instances create INSTANCE_NAME \
--zone ZONE \
--network-interface \
network=NIC0_NETWORK,subnet=NIC0_SUBNET,private-network-ip=NIC0_INTERNAL_IPV4_ADDRESS,no-address \
--network-interface \
network=NIC1_NETWORK,subnet=NIC1_SUBNET,private-network-ip=NIC1_INTERNAL_IPV4_ADDRESS,no-address
Replace the following:
INSTANCE_NAME: the name of the instance to create. This corresponds to multi-nic-vm in the example configuration.ZONE: the zone where the instance is created. Enter a zone in the same region in which you created one subnet in each of your VPC networks. The instance must be in the same region as the subnets to which its interfaces connect. The example configuration uses the same region for all subnets.NIC0_NETWORK: the network where the interface attaches. This corresponds to network-1 in the example configuration.NIC0_SUBNET: the subnet where the interface attaches. This corresponds to subnet-1 in the example configuration.NIC0_INTERNAL_IPV4_ADDRESS: the internal IPv4 address that you want the interface to have in the target subnet. If you are using the example configuration, enter 10.10.1.3. Omit if you just want any valid address assigned.NIC1_NETWORK: the network where the interface attaches. This corresponds to network-2 in the example configuration.NIC1_SUBNET: the subnet where the interface attaches. This corresponds to subnet-2 in the example configuration.NIC1_INTERNAL_IPV4_ADDRESS: the internal IPv4 address that you want the interface to have in the target subnet. If you are using the example configuration, enter 10.10.2.3. Omit if you just want any valid address assigned.Create two additional instances:
nic0 interface of the multi-NIC instance that you created. This corresponds to test-vm-1 in subnet-3 in the example configuration.nic1 interface of the multi-NIC instance that you created. This corresponds to test-vm-2 in subnet-4 in the example configuration.You use these instances for testing ping from the subnets that are outside of the primary subnet range of your instance that has multiple network interfaces.
To create the instances:
ConsoleIn the Google Cloud console, go to the Create an instance page.
In the Name field, enter a name for the instance.
In the Region field, select the region in which you placed the additional subnet in your first VPC network.
In the Zone field, select a zone.
In the Advanced options section, expand Networking, and then do the following:
nic0 interface of your multi-NIC instance.Click Create.
Repeat these steps to create an instance in your second VPC network, and in a subnet that is different from that of the nic1 interface of your multi-NIC instance.
Run the instances create command and include the --network-interface flag for each interface, followed by any appropriate networking keys, such as network, subnet, private-network-ip, or address.
gcloud compute instances create INSTANCE_NAME \
--zone ZONE \
--network-interface \
network=NIC0_NETWORK,subnet=NIC0_SUBNET, private-network-ip=NIC0_INTERNAL_IPV4_ADDRESS
Replace the following:
INSTANCE_NAME: the name of the instance to create.ZONE: the zone where the instance is created. Enter the region in which you placed the additional subnet in your first VPC network—the subnet that is not used by the multi-NIC instance.NIC0_NETWORK: the network where the interface attaches.NIC0_SUBNET: the subnet where the interface attaches.NIC0_INTERNAL_IPV4_ADDRESS: the internal IPv4 address that you want the interface to have in the target subnet. Omit if you just want any valid address assigned.Repeat the previous step to create an instance in your second VPC network and in a subnet that is different from that of the nic1 interface of your multi-NIC instance.
Follow the steps in this section to test ping from the additional instances that you created to each interface of your instance with multiple network interfaces.
The following table shows the scenarios in which you can successfully ping at this point in the tutorial using the IP address values from the example configuration.
From Toping successful Instance (test-vm-1) in the same network, but different subnet, as the nic0 interface of the multi-nic-vm. Internal IP address (10.10.1.3) of the nic0 interface of multi-nic-vm Instance (test-vm-2) in the same network, but different subnet, as the nic1 interface of multi-nic-vm Internal IP address (10.10.2.3) of the nic1 interface of multi-nic-vm Get the IP addresses of the multi-NIC instance
If necessary, get the interface IP addresses of your multi-NIC instance so that you can ping them in the following sections.
ConsoleIn the Google Cloud console, go to the VM instances page.
In the list of instances, find the multi-NIC instance that you created, and record these values so that you can ping them in the following steps:
nic0 and nic1 interfacesRun the instances list command:
gcloud compute instances list
Locate your multi-NIC instance and record the following from the output:
INTERNAL_IP: the first and second addresses correspond to the nic0 and nic1 network interfaces.nic0 interface of your instance
In the list of instances, locate the instance that you created in the same network, but different subnet, as the nic0 interface of the multi-NIC instance.
Run the following command to ping the internal IP address of the nic0 interface of your multi-NIC instance:
ping INTERNAL_IP_NIC0
Replace INTERNAL_IP_NIC0 with the corresponding address that you recorded previously. If you are using the example configuration, enter 10.10.1.3.
Note that the ping is successful.
Run exit to close the terminal window.
nic1 interface of your instance
In the list of instances, locate the instance that you created in the same network, but different subnet, as the nic1 interface of the multi-NIC instance.
Run the following command to ping the internal IP address of the second interface of your multi-NIC instance:
ping INTERNAL_IP_NIC1
Replace INTERNAL_IP_NIC1 with the corresponding address that you recorded previously. If you are using the example configuration, enter 10.10.2.3.
Note that the ping is unsuccessful.
Run exit to close the terminal window.
The ping test in the preceding section failed due to asymmetric routing— traffic is sent to the nic1 interface of multi-nic-vm, but the default route for the instance results in the replies being sent from nic0. For more information, see Specifications in the Multiple network interfaces overview.
Follow the steps in this section to configure policy routing to make sure that egress packets leave through the correct interface.
This tutorial uses Linux VMs. Source-based policy routing is not supported by Windows operating systems.
Find the default gateway for thenic1 interface of the instance
You can find the default gateway for an instance's interface by querying the metadata server. If you are using the example configuration, the value is 10.10.2.1.
To find the default gateway for the nic1 interface's IPv4 address, make the following request from the multi-NIC instance:
curl http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/1/gateway -H "Metadata-Flavor: Google"
To find the default gateway for a different network interface, specify the appropriate interface number. To find the name that Google Cloud has assigned to the interface, see Get the IP addresses of the multi-NIC instance. This is different from the interface name that the operating system assigns. The interface has the format nicNUMBER. In your request to the metadata server, enter only the number. For example, for nic2, specify 2.
This section describes how to configure a new routing table on the multi-NIC instance.
Note: While the following commands use the internal IP address of thenic1 interface, completing this configuration lets you reach both the internal and external (if assigned) IP addresses of the interface. For example, when you ping the external IPv4 address of an instance, Google Cloud performs destination network address translation (DNAT) to the internal IPv4 address of the instance. The instance then responds using the local routing policy that you configured with the internal IP address. For the response, Google Cloud then performs source network address translation (SNAT) to translate the source back to the external IP address. However, you might need an addition firewall rule to allow ICMP from the external IP address.
Enable the serial console by following the steps in Enabling access for a VM instance.
To avoid losing connectivity to the instance while you change the default route, connect to the serial console.
Run ip link list to list your instance's network interfaces, and then record the name of the nic1 interface, such as ens5.
Run the following command to ensure that the nic1 interface is configured with an IP address.
ip addr show NIC
Replace NIC with the name of the nic1 interface from the previous step.
If the nic1 interface has not been assigned an IP address automatically, you can manually assign an IP address by running the following command:
sudo ip addr add IP_ADDRESS dev NIC
Replace the following:
IP_ADDRESS: the internal IP address to configure on the interface. This corresponds to 10.10.2.3 in the example configuration.NIC: the name of the nic1 interface from the previous step.Create a custom route table for the nic1 network interface.
echo "1 ROUTE_TABLE_NAME" | sudo tee -a /etc/iproute2/rt_tables
Replace ROUTE_TABLE_NAME with a name for the route table, such as route-nic1.
Create the default route in the custom route table intended for the nic1 network interface and a route with a source hint for packets sent to the gateway.
sudo ip route add default via GATEWAY dev NIC table ROUTE_TABLE_NAME sudo ip route add GATEWAY src IP_ADDRESS dev NIC table ROUTE_TABLE_NAME
Replace the following:
GATEWAY: the default gateway IP address of the interface. This corresponds to 10.10.2.1 in the example configuration.NIC: the interface that you want to add a route for. For example, ens5.ROUTE_TABLE_NAME: the name of your route table.IP_ADDRESS: the internal IP address configured on the interface. This corresponds to 10.10.2.3 in the example configuration.Create routing rules that instruct the instance to use the custom route table for packets with sources or destinations that match the primary internal IPv4 address assigned to the nic1 interface:
sudo ip rule add from IP_ADDRESS/PREFIX_LENGTH table ROUTE_TABLE_NAME sudo ip rule add to IP_ADDRESS/PREFIX_LENGTH table ROUTE_TABLE_NAME
Replace the following:
IP_ADDRESS: the internal IP address configured on the interface. This corresponds to 10.10.2.3 in the example configuration.PREFIX_LENGTH: the prefix length for the configured IP address.ROUTE_TABLE_NAME: the name of your route table.Run the following command to remove all entries from the cache route table. This might be necessary if you are using an existing instance with previously configured route tables.
sudo ip route flush cache
The following table shows the scenarios in which you can successfully ping now that you have configured policy routing. Repeat the steps to ping the nic1 interface of your instance to confirm that you can now ping both IP addresses successfully.
From Toping successful Instance (test-vm-1) in the same network, but different subnet, as the nic0 interface of multi-nic-vm. Internal IP address (10.10.1.3) of the nic0 interface of multi-nic-vm Instance (test-vm-2) in the same network, but different subnet, as the nic1 interface of multi-nic-vm Internal IP addresses (10.10.2.3) of the nic1 interface of the multi-nic-vm Clean up
To avoid incurring charges to your Google Cloud account for the resources used in this tutorial, either delete the project that contains the resources, or keep the project and delete the individual resources.
Delete the projectappspot.com URL, delete selected resources inside the project instead of deleting the whole project.If you plan to explore multiple architectures, tutorials, or quickstarts, reusing projects can help you avoid exceeding project quota limits.
If you don't want to delete the entire project, delete the VPC networks and instances that you created for the tutorial.
Before you can delete a network, you must delete all resources in all of its subnets, and all resources that reference the network.
Delete instancesTo delete instances:
ConsoleIn the Google Cloud console, go to the VM instances page.
Check the instances you want to delete.
Click the Delete button.
Use the gcloud compute instances delete command. When you delete an instance in this way, the instance shuts down and is removed from the list of instances, and all resources attached to the instance are released, such as persistent disks and any static IP addresses.
To delete an instance, use the following command:
gcloud compute instances delete example-instance [example-instance-2 example-instance-3..]Delete VPC networks
To delete a VPC network:
ConsoleIn the Google Cloud console, go to the VPC networks page.
Click the name of a VPC network to show its VPC network details page.
Click Delete VPC network.
In the message that appears, click Delete to confirm.
Use the networks delete command.
gcloud compute networks delete NETWORK
Replace NETWORK with the name of the network to delete.
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-08-07 UTC.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-07 UTC."],[],[]]
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4