Cloud Number Registry overview

Cloud Number Registry lets you view, manage, and plan your IP address usage in Google Cloud. This page provides an overview of the IP address management (IPAM) capabilities of Cloud Number Registry.

After you've set up Cloud Number Registry, you can use it to find the following types of information:

• View IP address utilization for discovered ranges or custom ranges.
• Find available IP address ranges within discovered ranges or custom ranges.
• Search for IP address resources within a registry book.

Cloud Number Registry resources

Cloud Number Registry uses the following resources to help you organize your IP address resources.

IPAM admin scope

To use Cloud Number Registry, you create an IPAM admin scope in a project. We strongly recommend that you create a new project that is used only for Cloud Number Registry. For more information, see Limitations.

The project must be part of an organization.

Creating an IPAM admin scope starts a discovery process which imports Compute Engine resources in the parent organization of the project to Cloud Number Registry. These imported resources are known as discovered resources.

Only one project in a given organization can contain and manage the IPAM admin scope for the organization.

Registry books

A registry book is a container for IP address management information. When you create an IPAM admin scope, Cloud Number Registry automatically creates a registry book called default and imports the discovered resources to it.

You can also create additional registry books to help you organize your discovered resources. When you create a registry book, you defined a claimed scope— one or more projects that you add to the registry book.

A project can be claimed by only one registry book. When you create a registry book and define the claimed scope, the realms and ranges that are associated with the projects in the claimed scope are added to the new registry book and removed from the default registry book.

You can query registry books for information about IP address usage and free IP address ranges.

Realms

A realm is a set of managed IP address ranges that represent a network routing domain. IP address ranges that are managed within a realm can't overlap, unless one range is the parent of another shared range.

Cloud Number Registry creates a realm for each discovered VPC network. Discovered realms are managed by Cloud Number Registry—you can't modify them. However, you can create custom realms, which lets you include any ranges in Cloud Number Registry, including ranges that are outside of Google Cloud.

Discovered ranges

The IP address ranges and IP addresses that Cloud Number Registry discovers are known as discovered ranges.

You can't directly update or delete discovered ranges in Cloud Number Registry. To modify a discovered range, you must modify the source Compute Engine resource. Cloud Number Registry reflects any changes that you make to the source resource.

Custom ranges

Custom ranges are IP address ranges that you've added to a custom realm. Because custom ranges are user-managed, you can update or delete these ranges from Cloud Number Registry directly.

Updating or deleting custom ranges doesn't affect the source Google Cloud resources.

Supported Compute Engine resources

The discovery process for Compute Engine resources creates the following realms:

• A realm for each VPC network's internal IPv4 resources. This realm contains discovered ranges for the following resources, if they are present:

  • Subnet primary IPv4 address ranges.
  • Subnet secondary IPv4 address ranges.

  • Ephemeral and reserved internal IPv4 addresses.

    These addresses are displayed as child ranges (/32) of the parent discovered range. For example, a regional internal IPv4 address that is assigned to an instance or a forwarding rule is displayed as a child range of the subnet's primary IPv4 address range.

• A realm for each VPC network's internal IPv6 resources. This realm contains discovered ranges for the following resources, if they are present:

  • ULA internal IPv6 range for internal IPv6 subnet ranges.
  • Subnet internal IPv6 address ranges.

  • Ephemeral and reserved internal IPv6 address ranges.

    These ranges are displayed as child ranges of the parent discovered range. For example, a regional internal IPv6 address range that is assigned to an instance or a forwarding rule is displayed as a child range of the subnet's internal IPv6 address range.

• A realm named google-owned-ipv4 that contains ephemeral and reserved external IPv4 addresses.

• A realm named google-owned-ipv6 that contains the following:

  • Subnet external IPv6 address ranges.
  • Reserved external IPv6 address ranges.
  • Ephemeral IPv6 address ranges that are assigned to resources such as instances and forwarding rules.

Limitations

The following limitations apply to Cloud Number Registry:

• When you enable Cloud Number Registry in a project, the read-only discovery process discovers IP address range information for the whole organization. To limit access to Cloud Number Registry information, we strongly recommend that you use the following configuration:

  • Create a new project to use for Cloud Number Registry.
  • Configure Identity and Access Management policies so that only principals that need to view all IP address ranges in the organization can access that project.

• The following resources aren't discovered:

  • Bring your own IP addresses (BYOIP) public advertised prefixes and public delegated prefixes.

  • BYOIP internal IPv6 subnet ranges. However, BYOIP external IPv6 subnet ranges are discovered.

  • Internal ranges.

What's next

• Set up Cloud Number Registry