
GCP to introduce an additional charge for publicly addressed VM instances - sainyam
https://cloud.google.com/compute/all-pricing#ipaddress
======
xkgt
This is silly and will further harm GCP's viability as alternative to AWS or
Azure. Firstly, I can't find any official announcement regarding the rationale
and suggested solutions for their customers to reduce their cost. Just adding
a banner to docs pages is plain lazy and is not customer friendly.

Ideally IPv6 support should have been added or at least scheduled to be
available at instance level [1] before enforcing such charges. This indicates
a lack of engineering capability (more likely resource commitment) to
implement such a critical feature on its platform in a timely manner,
particularly given that its rivals already have the support in place. To me,
that is more worrying than an increase in bill. What is the pace of innovation
one can expect from GCP platform? How committed are its leaders as a public
cloud service provider?

1\.
[https://googlecloudplatform.uservoice.com/forums/302595-comp...](https://googlecloudplatform.uservoice.com/forums/302595-compute-
engine/suggestions/8518246-support-ipv6)

~~~
jhgg
I think this nets to a < 0.01% delta to our bill. Is this really that _big_ an
issue in practice? For hobbyist projects, maybe? But for larger customers,
this is a drop in the ocean.

I actually think this is a (somewhat) smart move. It incentivizes you to use a
NAT gateway to egress traffic to your instances. You can either run your own
fleet (it's very easy - but you gotta fix it if it breaks), or use their
managed NAT solution (more expensive, but with less worry hopefully) - and not
just tack on a public IP to every instance that needs internet connectivity.
We did this from the get-go (running our own NATs) - and only have a few
public IPs relative to the # of instances we run.

~~~
rohan1024
It's not about the cost. Every Internet connected system(at least in cloud.
Ideally every system) should be publicly accessible but instead of providing
it by default they are providing it as feature. If you don't want to show VM
to the world then you use NAT but they have got this backward.

This is slippery slope. One day they might charge you to open a port to
external world.

~~~
dub
"Every Internet-connected system should be publicly accessible"

That sounds like a security or data leak nightmare waiting to happen. I would
prefer not entrust my data with a company that feels there's value in having
all of their instances publicly addressable.

~~~
coleca
Actually, Google professes in their "BeyondCorp" security model a zero-trust
architecture. You shouldn't be assuming that just because your instance isn't
publicly accessible that it is secure. (See:
[https://cloud.google.com/beyondcorp/](https://cloud.google.com/beyondcorp/))

Which makes this move even more surprising, because GCP reference
architectures have traditionally been focused around public facing Internet
access. Unless, it is a sign that GCP is getting more traction and Google is
running out of public IPs to be handing out like candy. This could be an
economic incentive to encourage people to conserve these IPs.

~~~
nodesecurity
This is not what BeyondCorp means. It doesn't mean everything is publicly
accessible. It means you don't make trust decisions based on "approved
networks", but instead at the device level. It DOES NOT mean that you don't
segment services, restrict access to systems that don't need public access, or
follow any of the other appropriate security guidelines.

> You shouldn't be assuming that just because your instance isn't publicly
> accessible that it is secure

No one thinks this, and no one said anything of the sort. But likewise, making
everything public because Google has a site called BeyondCorp, doesn't make it
secure. There is a lot of effort to adopt a BeyondCorp model. None of which
includes "make everything publicly routable".

------
profmonocle
Cloud NAT would be fine except it costs 4.5¢ per GB (in both directions) which
could hurt some use cases. If your backend VMs pull in more than 64.8 GB per
month from the Internet it's cheaper to just pay for the public IP. (Only
applies to outbound connections initiated by the VM, inbound connections
through load balancers don't go through the NAT.)

I'll echo what others have said - it sucks that they're doing this before
adding IPv6 support. A good portion of traffic could bypass the NAT entirely
considering how many services support IPv6 these days.

They don't start charging until April, so maybe they'll surprise us with an
IPv6 announcement before then, but I'm not betting on it. :(

~~~
vast
Slightly off topic: how does cloud NAT scale. The defaults are way too low for
request heavy projects and the regarding docs were kinda hard to understand
for a non ops guy.

~~~
manigandham
What defaults are you referring to? Cloud NAT is part of the GCP network
fabric and all implemented as software so there's no single point of failure
or bottlenecks.

------
jmb12686
This definitely limits the usefulness of Google's "always free" tier. This
will x2 some bills I have for small personal projects, though will still be a
bit cheaper than an AWS alternative after the 12 month free tier.

Sigh.. I suppose it was a matter of time before they figured out the pricing
loophole. Back to creating new Google accounts every year to get the year of
credits...

~~~
cameronbrown
> Back to creating new Google accounts every year to get the year of
> credits...

I'd be careful doing this. You wouldn't want their automated systems to ban
all your accounts + personal one by association.

~~~
JamesBrooks
I don't know - seems like a really good opportunity to finally kick that
Google habit like I've been meaning to do ;)

~~~
atomi
I will second this wholeheartedly - please proceed Google.

~~~
atomi
In regards to the downvotes:

[https://www.gnu.org/proprietary/malware-
google.html](https://www.gnu.org/proprietary/malware-google.html)

------
miyuru
Al least provide proper IPv6 support before charging for IP addresses.

~~~
privateSFacct
GCP has marketed their amazing network so its interesting this isn't
supported.

~~~
profmonocle
What's weird to me is that Google itself has excellent IPv6 support. Every
Google web site, API, or other service I've come across fully supports IPv6.
Compute Engine VMs are the outlier.

They actually utilize this for their "private Google access" system, which
allows you to access Google services from a compute engine VM without a public
v4 address. The VM's private v4 address gets mapped into an IPv6 address,
along with some extra bytes identifying the customer's network. (You can see
this by setting up such a VM and accessing an AppSpot app that echos your
source IP.)

~~~
lern_too_spel
Google doesn't use GCP for its major applications. Neither should you.

------
QUFB
And yet IPv6 connectivity is still not available for GCE instance VMs.

~~~
privateSFacct
IPv6 is not yet that useful for external facing sites (what do people use IPv6
for on external sites?), but AWS does let you get a /56 for a VPC which should
be enough for most VPC need (you can't specify your own CIDR however).

~~~
profmonocle
> IPv6 is not yet that useful for external facing sites

Google's NAT pricing only affects connections initiated by the VM (external
load balancer traffic doesn't use the NAT). So most of this traffic is going
to be your servers talking to 3rd party APIs, update servers, etc. A lot of
these services support IPv6 now, meaning your NAT costs would be lower if GCE
supported IPv6.

~~~
sieabahlpark
But then they couldn't charge you for the bandwidth.

------
Havoc
>$0.004 per hour

>8760 hours in year so 35 USD

So much for free tier to host low traffic websites.

Good bye and thanks for all the fish! The free VM & ip was appreciated while
it lasted :)

Fortunately I built everything on a Ubuntu VM...so damn near any provider
works for me.

~~~
yjftsjthsd-h
If you were previously entirely on the free tier, what provider are you moving
to that's cost-competitive even against $35 a year?

~~~
Havoc
I've still got a LowEndTalk forums special kicking around somewhere.

15 Eur per year for a 2 CPU/1GB/ipv4/1TB traffic KVM. edit...its one from
alpha vps. So far so good - feel snappier than a google free vm. But that was
on a deep discount special.

It's not that hard to find cheap stuff on specials if you're ok with taking a
calculated risk on the providers.

If I go the cloud route I'll probably jump on a Azure of AWS intro credit
plan.

------
maciel310
Looks like the Always Free page was updated to include a free IP too, so
you'll still be able to use it for free cloud hosting of small loads.

"Each month, eligible use of all of your f1-micro instances _and associated
external IP addresses_ are free until you have used a number of hours equal to
the total hours in the current month" \-
[https://cloud.google.com/free/docs/gcp-free-
tier](https://cloud.google.com/free/docs/gcp-free-tier)

Wasn't there last time archive.org crawled the page, so it is a new addition.

------
mjcarden
Darn. The tiny VM I have hosting my Quassel server for always-on IRC will go
from approx 20 Australian cents per month to approx $4.30 per month. That's a
rather large jump.

------
londons_explore
Notice very few Google employees commenting in this thread?

My guess is they have further announcements planned, and perhaps this
documentation change was inadvertantly pushed out early...

I'd be hoping to see one or more of:

* 1 free IP per account

* free shared HTTP loadbalancing

* IPv6 support

~~~
shusson
> 1 free IP per account

I hope so

------
blibble
I'll be moving my VMs to AWS, given this almost doubles the costs of the
smallest instances

~~~
srj
Have you looked into using Cloud NAT? Do you need all those ephemeral v4 IPs?

(I work in Google Cloud Networking -- though not this particular area.)

~~~
cameronbrown
This seriously hurts some of my use cases: 1\. Running a website on GCE 24/7
2\. Running a Minecraft/CS:GO server for 10hr/day

There's no situation where I won't be paying more. Plus these games don't
really support IPv6.

~~~
hdfbdtbcdg
AWS will charge for the static IP whilst the Minecraft server is down.

~~~
HatchedLake721
This is false, no it will not. AWS charges for unassigned elastic IPs. Elastic
IP can be assigned to a stopped EC2 instance and you will not incur any
charges.

~~~
hdfbdtbcdg
Really? Sorry then I had misunderstood the bill.

------
ggm
If you were in the always free tier, you weren't revenue neutral, you cost
google money.

This just amplifies the truth a bit: being 24/7 on somebody else's hardware
incurs costs, even if you are surprised when the bill of fare is presented

(disclaimer: I work in the internet number ecosystem so I am not un-involved)

~~~
clhodapp
Ah well except it is literally called the "always free" tier so you would
think that something as core as being connected to the internet would be, you
know... free?

~~~
ggm
Did they promise you'd have a static IP? 99% or more of the internet for free
is behind CGN or home NAT and has little or no persisting address binding for
incoming, hence ddns services. Did google distinguish as saying in the
'forever free' bucket they'd do that?

being "on" the net is not the same as being "always reachable at a stable IP
endpoint"

~~~
MGATOR
Correct me if I'm wrong, but it sounds like they are going to charge for
ephemeral IP addresses as well, not just static ones. This means any VM which
accesses an external service via IPV4, i.e. making a request to a
transactional mail service, will now have to pay for this privilege even if
ingress is via a load balancer.

~~~
ggm
I understood it to be a fee for static IP binding, used or reserved. Sad to be
corrected (I mean, happy to be corrected but the news won't be happy)

~~~
clhodapp
You are incorrect. They are going to begin charging a small fee for _public_
IPs (i.e. IPs that can talk to the internet), not static IPs. They do support
NAT as an alternative, but they charge for it (and are slightly lowering that
cost as a part of this change).

To be clear, none of this is going to have any measurable impact on me, I'm
just pointing out the fact that they didn't really hold true to the promise of
the free tier.

Source: the email that they sent out to customers about this

~~~
ggm
Well that's bad. Thanks for clarifying and you were right from the start.

------
iamjustlooking
It feels like GCP figured out a way to charge for ingress. I can get behind
using NAT instead of our instances having external IP's but a 4.5¢/GB hit on
egress AND ingress traffic is hard to swallow.

------
deepsun
Too bad K8S doesn't support IPv6 at all.

~~~
linuxdude314
That is completely untrue. Kubernetes has full support for IPv6.

[https://github.com/kubernetes/enhancements/issues/508](https://github.com/kubernetes/enhancements/issues/508)

~~~
Rockjodd
We still want it to be promoted to beta, so it is actually available in GKE
and other cloud vendors.

Alpha level cluster in GKE gets wiped every 30 days, nothing you want to run
any production workload on.

Of course you have the option of self-hosting..

~~~
jasonvorhe
If you can't move your workloads to a new cluster within 30 days, you should
reflect on how you're using Kubernetes.

------
tgtweak
On another note: $7/mo for an unused static IP...???

The public instance fee feels like the plastic bag fee at the grocery store -
ipv4 space is indeed finite. It is reasonable to assume it costs more to run a
VM with public access than without, but to charge for it?

------
nullify88
Previously, Windows instances required a public IP address in order to connect
to and retrieve a license from Googles KMS server. Looks like that has changed
recently, and this news had me worried we'd have to pay extra for our Windows
instances. So at least now I can save a few pennies and IP addresses.

[https://cloud.google.com/compute/docs/instances/windows/crea...](https://cloud.google.com/compute/docs/instances/windows/creating-
managing-windows-instances#kms-server)

------
kccqzy
I find this doc confusing. In the blue box it appears that all external IPv4
addresses will be charged, but in the paragraph immediately below, it says:

> If you reserve a static external IP address but do not use it, you will be
> charged […]. If you reserve a static external IP address and use it […] you
> will not be charged for it.

This seems like two very different kinds of charges. So is Google changing its
policy with just one blue box? Or is the documentation in error? I suppose
it's the former but it's not clear.

~~~
9nGQluzmnq3M
_Currently_ you're charged only for unused external IPv4 addresses.

Starting January 1st, 2020, you'll receive a bill showing how much you _would_
pay under the new scheme that charges for all external IPs, but won't actually
pay yet.

Actual billing starts April 1st, 2020.

~~~
londons_explore
Thats a while 9 months for them to give a free allowance of IP's (say 5 per
account), support IPv6, or backtrack on the plans entirely.

------
Sami_Lehtinen
This is definition question. As example Scaleway offers free public IPv4
address, but if you don't want it, then you'll get discount. - Are they
charging for it?

------
acd
How about also offering ipv6 public ip for free? Then we would get higher
adoption rate for ipv6

------
exabrial
Conveniently, SRV records were eschewed from http3 which would greatly
diminish the need for this.

------
shusson
I really hope they add one free static external ip in the always free tier.

------
treggle
There’s a growing number of reasons to consider exiting the major clouds.

~~~
SanchoPanda
As cloud becomes the default for small to mid scale computing, storage and
networking, the patience for hiccups due to roll your own solutions falls as
well.

------
kerng
At times I think Google should move some of their core teams over to GCP. It
seems like they dont know what they are doing. The hiring bar also appears
much lower at GCP.

Makes you wonder how important Google sees GCP, or they think the train has
already left...

------
baggy_trough
The network continues to be an annoyingly expensive part of GCP.

~~~
londons_explore
Annoyingly expensive part of all cloud providers...

I think thats deliberate - for most businesses, the cost of networking is
directly proportional to how many customers you have, whereas the cost of
compute isn't so tightly coupled. Startups really care about costs to get
started, and aren't so worried about costs when they have a billion customers.

~~~
baggy_trough
Not all of them. Linode has very cheap network, for example.

------
xxxpupugo
Not a big deal, the bucks are tiny.

------
penagwin
I don't understand this move, over 2$ month extra for any ipv4 address?

Are we actually running out of addresses or is this a money grab kinda thing?
Most of the competitors I know of offer one free ipv4, often a block of ipv6,
and extra ipv4 addresses are normally only a dollar or two at most a month
extra

Like many others said, this can double the cost of small projects.

~~~
profmonocle
> Are we actually running out of addresses or is this a money grab kinda
> thing?

We "ran out" some time ago. Of course, IP addresses don't get used up, so this
can be defined different ways. It's no longer possible to get brand new (i.e.
never used) IP addresses from the regional registries, so the only way to get
a block is to buy it from another company.

Cloud companies have been buying up IPv4 space like crazy since the registries
ran out. A couple years ago Amazon bought half of MIT's /8 block, and just a
few weeks ago they bought a quarter of the /8 that was originally set aside
for HAM radio.

So we'll never exactly "run out" per se. It's like real estate. They're not
making more, but you can still buy it. It just gets more expensive. (And
hopefully we eventually move to IPv6 which isn't so maddeningly restricted.)

~~~
londons_explore
And Google _hasn 't_ been buying up big blocks like that, so are probably
running out, so are having to introduce a charge for them...

~~~
Havoc
>And Google hasn't been buying up big blocks like that, so are probably
running out

That seems like poor planning for a big cloud provider if true. IPV4 will
unfortunately be around for a while

------
reilly3000
This is cheaper than AWS EIP for instances that are using an EIP. It is free
for GCP VMs to have a resevered IP and use it vs $3.60/mo for AWS EIP whether
its used or not. With GCP, unused reserved IP is $7.20/mo. I can't think of a
lot of scenarios where you need to hold on to an IP you're not using for an
extended period of time, but I could be wrong.

~~~
vasco
EIPs are free when attached. And public addressable instances in AWS do not
need an attached EIP, that's only if you want the public IP to be static and
to be able to replace the instance without updating DNS records. So both are
free compared to GCP's paid.

