Create VMs with multiple network interfaces
By default, every compute instance has at least one network interface (vNIC)that determines the Virtual Private Cloud network that the instance uses. You cancreate an instance with multiple network interfaces. Except forVPC networks that are created with an RDMA network profile, eachnetwork interface must be assigned to a subnet in a unique VPCnetwork. The stack type of the network interface and the stack type of thesubnet work together as described inStack types and IP addresses
Each compute instance receives a default route using DHCP Option 121, as definedbyRFC 3442. The default routeis associated withnic0. Unless manually configured otherwise, any trafficleaving an instance for any destination other than a directly connected subnetleaves the instance using the default route onnic0.
On Linux systems, you can configure custom rules and routes within the guest OSusing the/etc/iproute2/rt_tables file and theip rule andip routecommands. For more information, consult the guest OS documentation. For anexample, see the tutorialConfigure routing for an additional interface.
If you don't require multiple network interfaces, follow the procedure forcreating and starting an instanceto create instances with the default network configuration.
Before you begin
- Verify that all required networks and subnets are created before you createthe compute instance. If you need to create networks or subnets, seeCreate and manageVPC networks.
- Verify that each network has appropriate firewall rules that let datatransfer to and from the instance that has multiple interfaces. If youneed to create firewall rules, seeUse VPC firewall rules.
- If you areconnecting aninstance to multiple networks by using IPv6 addresses,then install the
google-guest-agentversion20220603.00or later. For more information, seeI can'tconnect to a secondary interface's IPv6 address. - If you haven't already, then set up authentication.Authentication is the process by which your identity is verified for access to Google Cloud services and APIs. To run code or samples from a local development environment, you can authenticate to Compute Engine by selecting one of the following options:
Select the tab for how you plan to use the samples on this page:
Console
When you use the Google Cloud console to access Google Cloud services and APIs, you don't need to set up authentication.
gcloud
Afterinstalling the Google Cloud CLI,initialize it by running the following command:
gcloudinit
If you're using an external identity provider (IdP), you must first sign in to the gcloud CLI with your federated identity.
Note: If you installed the gcloud CLI previously, make sure you have the latest version by runninggcloud components update.- Set a default region and zone.
REST
To use the REST API samples on this page in a local development environment, you use the credentials you provide to the gcloud CLI.
Afterinstalling the Google Cloud CLI,initialize it by running the following command:
gcloudinit
If you're using an external identity provider (IdP), you must first sign in to the gcloud CLI with your federated identity.
For more information, seeAuthenticate for using REST in the Google Cloud authentication documentation.
Required roles
To get the permissions that you need to create an instance with a specific subnet, ask your administrator to grant you theCompute Instance Admin (v1) (roles/compute.instanceAdmin.v1) IAM role on the project. For more information about granting roles, seeManage access to projects, folders, and organizations.
This predefined role contains the permissions required to create an instance with a specific subnet. To see the exact permissions that are required, expand theRequired permissions section:
Required permissions
The following permissions are required to create an instance with a specific subnet:
compute.instances.createon the project- To specify a subnet for your instance:
compute.subnetworks.useon the project or on the chosen subnet - To assign an external IP address to the instance when using a VPC network:
compute.subnetworks.useExternalIpon the project or on the chosen subnet
You might also be able to get these permissions withcustom roles or otherpredefined roles.
Requirements
Before you create an instance with multiple network interfaces, review thefollowing requirements:
- Except for VPC networks that are created with anRDMA network profile, the followinglimitation applies: If you create an instance with multiple networkinterfaces, each interface must connect to a different VPCnetwork. The networks can be standaloneVPC networks orShared VPC networks.
- Each network interface must use a unique subnet IP address range.
- For multi-NIC compute instances in standalone projects, each networkinterface must use a subnet located in the same project as the instance. Forinstances in Shared VPC host or service projects, seeShared VPCin the Virtual Private Cloud documentation.Private Service Connect interfacesprovide a way for a multi-NIC instance to have network interfaces in subnetsin different projects. For more information, seeAbout network attachments.
Create VM instances with multiple network interfaces
Most Compute Engine instances let you configure multiple vNICs whencreating the instance.
- For information about the number of network interfaces you can create for aninstance, seeMaximum number of network interfaces.
- You can also configureDynamic NICswhen creating an instance.
For information about how to create a compute instance with multiple networkinterfaces, seeCreate VM instances with multiple network interfaces.
Add network interfaces to an existing instance
You can configure virtual NICs (vNICs) for an instance only when creating theinstance. However, you can add or removeDynamic NICsto an existing instance, and you don't have to restart the instance.
Dynamic NICs are subinterfaces of a parent vNIC.When you configure a Dynamic NIC, you specifya VLAN ID that is used to tag network traffic for theDynamic NIC:
- The VLAN ID of a Dynamic NIC must be an integer from 2 to 255.
- The VLAN ID of a Dynamic NIC must be unique within a parentvNIC. However, Dynamic NICs that belong todifferent parent vNICs can use the same VLAN ID.
Google Cloud uses the following format for the name of aDynamic NIC:PARENT_NIC_NUMBER.VLAN_ID
PARENT_NIC_NUMBER is the name of the parent vNIC, for examplenic0. TheVLAN_ID is the number you specified whenconfiguring the Dynamic NIC. An exampleDynamic NIC name isnic0.4.
For information about how to add Dynamic NICs to aninstance, seeAdd Dynamic NICs to an instance.
What's next?
- Learn how to useSSH connections to connectto your instance.
- Access VMs using internal DNS
- Create a PTR record for a VM instance
Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-07-11 UTC.