Network bandwidth (original) (raw)

Google Cloud accounts for bandwidth per compute instance, not per virtual network interface (vNIC) or IP address. An instance'smachine type defines its maximum possible egress rate; however, you can only achieve that maximum possible egress rate in specific situations.

This page outlines the network bandwidth limits, which are useful when planning your deployments. It categorizes bandwidth using two dimensions:

• Egress or ingress: As used on this page, egress and ingress are always from the perspective of a Google Cloud instance:
  • Packets sent from a Google Cloud instance compose its egress(outbound) traffic.
  • Packets sent to a Google Cloud instance compose its ingress(inbound) traffic.
• How the packet is routed: A packet can be routed from a sending instance or to a receiving instance using routes whose next hops are within a VPC network or routes outside of a VPC network.

All of the information on this page is applicable to Compute Engine compute instances, as well as products that depend on Compute Engine instances. For example, a Google Kubernetes Engine node is a Compute Engine instance.

Configurations that impact network bandwidth

Neither additional virtual network interfaces (vNICs)nor additional IP addresses per vNIC increase ingress or egress bandwidth for a compute instance. For example, a C3 VM with 22 vCPUs is limited to 23 Gbps total egress bandwidth. If you configure the C3 VM with two vNICs, the VM is still limited to 23 Gbps total egress bandwidth, not 23 Gbps bandwidth per vNIC.

The following sections describe how other compute instance configurations can impact network bandwidth.

Use per VM Tier_1 networking performance

To get the highest possible ingress and egress bandwidth,configure Tier_1 networkingfor your compute instance.

Dynamic Network Interfaces

Dynamic Network Interfaces use the bandwidth of their parent vNIC. There is no traffic isolation within a parent vNIC. Network traffic from a Dynamic NIC can starve the other Dynamic NICs associated with the same parent vNIC. To avoid this conflict, you can use Linux traffic control (TC) to craft application-specific traffic shaping policies. These policies help to implement either fairness or certain types of priority. For prioritization, you map traffic (for example for Dynamic NICs) to a traffic class, and then map that traffic class to a quality of service. For an example of this approach, seeTraffic shaping with Red Hat.

Dynamic NICs aren't supported for Compute Engine instances that run a Windows OS.

Bandwidth sharing with Cloud RDMA

Applications using Cloud RDMA typically use both TCP and RDMA traffic. For example, during high performance computing (HPC) jobs, applications commonly use TCP for communication during load and store phases, and RDMA for compute stages. H4D instances using GVNIC for TCP traffic provide up to 200 Gbps network bandwidth. If you also configure an H4D instance to use Cloud RDMA, then the network bandwidth is shared among the configured network interfaces.

Network bandwidth allocation between Cloud RDMA traffic and TCP traffic is done dynamically. Instead of limiting both Cloud RDMA and TCP traffic to 100 Gbps bandwidth each, the GVNIC network interface can use all of the available bandwidth when the Cloud RDMA network interface is not being used. Similarly, the Cloud RDMA network interface can use all of the available bandwidth when the GVNIC network interface is not being used. When both network interface types are in use, the bandwidth is shared between Cloud RDMA traffic and TCP traffic.

Bandwidth summary

The following table illustrates the maximum possible bandwidth based on whether a packet is sent from (egress) or received by (ingress) a compute instance and the packet routing method.

Egress bandwidth limits

Ingress bandwidth limits

Egress bandwidth

Google Cloud limits outbound (egress) bandwidth using per-instance maximum egress rates. These rates are based the machine type of the compute instance that is sending the packet and whether the packet's destination is accessible using routes within a VPC network or routes outside of a VPC network. Outbound bandwidth includes packets emitted by all of the instance's NICs and data transferred to all Hyperdisk and Persistent Disk volumes connected to the instance.

Per-instance maximum egress bandwidth

Per-instance maximum egress bandwidth is generally 2 Gbps per vCPU, but there are some differences and exceptions, depending on the machine series. The following table shows the range of maximum limits for egress bandwidth for traffic routed within a VPC network.

The following table summarizes the maximum egress bandwidth for each machine series. You can find the per-instance maximum egress bandwidth for every machine type listed on its specific machine family page (using the links for each machine series in the table).

For network bandwidth information for Accelerator-optimized machine series, seeNetworking and GPU machines.

Per-instance maximum egress bandwidth is not a guarantee. The actual egress bandwidth can be lowered according to factors such as the following non-exhaustive list:

• Using VirtIO instead of gVNIC with compute instances that support both network interface drivers
• Packet size
• Protocol overhead
• The number of flows
• Ethernet driver settings of the compute instance's guest OS, such as checksum offload and TCP segmentation offload (TSO)
• Network congestion
• In a situation where Persistent Disk I/Os compete with other network egress traffic, 60% of the maximum network bandwidth is given to Persistent Disk writes, leaving 40% for other network egress traffic. SeeFactors that affect disk performancefor more details.

To get the largest possible per-instance maximum egress bandwidth:

• Enable per VM Tier_1 networking performancewith larger machine types.
• Use the largest VPC networkmaximum transmission unit (MTU) supported by your network topology. Larger MTUs can reduce packet-header overhead and increase payload data throughput.
• Use the latest gVNIC driver version, if supported by your instance and guest OS.
• Use third generation or later machine series that useTitanium to offload network processing from the host CPU.

Egress to destinations routable within a VPC network

From the perspective of a sending instance and for destination IP addresses accessible by means of routes within a VPC network, Google Cloud limits outbound traffic using these rules:

• Per-VM maximum egress bandwidth: The per-instance maximum egress bandwidth described in the Per-instance maximum egress bandwidthsection.
• Per-project inter-regional egress bandwidth: If a sending instance and an internal destination or its next hop are in different regions, Google Cloud enforces a quota based on the region and project of the sending instance and the region of the internal destination or next hop. For more information about this quota, see Inter-region network egress bandwidth (Mbps) from Compute instances in the VPC quotas and limits documentation.
• Cloud VPN and Cloud Interconnect limits: When sending traffic from an instance to an internal IP address destination routable by a next hop Cloud VPN tunnel or Cloud Interconnect VLAN attachment, egress bandwidth is limited by:
  • Maximum packet rate and bandwidth per Cloud VPN tunnel
  • Maximum packet rate and bandwidth per VLAN attachment
  • To fully use the bandwidth of multiple next hop Cloud VPN tunnels or Cloud Interconnect VLAN attachments using ECMP routing, you must use multiple TCP connections (unique 5-tuples).

Destinations routable within a VPC network include all of the following destinations, each of which is accessible from the perspective of the sending instance by a route whose next hop is not the default internet gateway:

• Regional internal IPv4 addresses insubnet primary IPv4 and subnet secondary IPv4 address ranges, including private IPv4 address ranges and privately used public IPv4 address ranges, used by these destination resources:
  • The primary internal IPv4 address of a receiving instance's network interface (vNIC). (When a sending instance connects to another instance's vNIC external IPv4 address, packets are routed using a next hop default internet gateway, soEgress to destinations outside of a VPC networkapplies instead.)
  • An internal IPv4 address in an alias IP range of a receiving instance's vNIC.
  • An internal IPv4 address of an internal forwarding rule for either protocol forwarding or for an internal passthrough Network Load Balancer.
• Global internal IPv4 addresses for these destination resources:
  • Private Service Connect endpoints for Google Cloud APIs
  • Allocated ranges for private services access
• Internal IPv6 subnet address ranges used by these destination resources:
  • An IPv6 address from the /96 IPv6 address range assigned to a dual-stack or IPv6-only receiving instance's vNIC.
  • An IPv6 address from the /96 IPv6 address range of an internal forwarding rule for either protocol forwarding or for an internal passthrough Network Load Balancer.
• External IPv6 subnet address ranges used by these destination resources when packets are routed using subnet routes or peering subnet routes within the VPC network or by custom routes within the VPC network that do not use the default internet gateway next hop:
  • An IPv6 address from the /96 IPv6 address range assigned to a dual-stack or IPv6-only receiving instance's vNIC.
  • An IPv6 address from the /96 IPv6 address range of an external forwarding rule for either protocol forwarding or for an external passthrough Network Load Balancer.
• Other destinations accessible using the following VPC network routes:
  • Dynamic routes
  • Static routes except those that use a default internet gateway next hop
  • Peering custom routes

The following list ranks traffic from sending instances to internal destinations, from highest possible bandwidth to lowest:

• Between compute instances in the same zone
• Between compute instances in different zones of the same region
• Between compute instances in different regions
• From a compute instance to Google Cloud APIs and services usingPrivate Google Access oraccessing Google APIs from an instance's external IP address. This includes Private Service Connect endpoints for Google APIs.

Egress to destinations outside of a VPC network

From the perspective of a sending instance and for destination IP addresses_outside of a VPC network_, Google Cloud limits outbound traffic to whichever of the following rates is reached first:

• Per-instance egress bandwidth: The maximum bandwidth for all connections from a compute instance to destinations outside of a VPC network is the smaller of thePer-instance maximum egress bandwidth and one of these rates:
  • If Tier_1 networking is enabled: 25 Gbps
  • If Tier_1 networking isn't enabled or isn't supported:
    * For G4 instances: 7 Gbps total for machine types with less than 48 vCPUs, and 28 Gbps total for machine types with 48 or more vCPUs
    * 1 Gbps for H4D and H3 instances
    * 7 Gbps per physical NIC for machine series that support multiple physical NICs, such as A3, A4, A4X, and A4X Max instances
    * 7 Gbps for all other machine series

For example, even though a c3-standard-44 VM has a per-instance_maximum_ egress bandwidth of 32 Gbps, the per-instance egress bandwidth from a c3-standard-44 VM to external destinations is either 25 Gbps or 7 Gbps, depending on whether Tier_1 networking is enabled.

• Per-flow maximum egress rate: The maximum bandwidth for each unique 5-tuple connection, from a compute instance to a destination outside of a VPC network is 3 Gbps, except on H4D and H3, where it is 1 Gbps.
• Per-project internet egress bandwidth: The maximum bandwidth for all connections from compute instances in each region of a project to destinations outside of a VPC network is defined by the project's Internet egress bandwidthquotas.

Destinations outside of a VPC network include all of the following destinations, each of which is accessible by a route in the sending instance's VPC network whose next hop is the default internet gateway:

• Global external IPv4 and IPv6 addresses for external proxy Network Load Balancers and external Application Load Balancers
• Regional external IPv4 addresses for Google Cloud resources, including VM vNIC external IPv4 addresses, external IPv4 addresses for external protocol forwarding, external passthrough Network Load Balancers, and response packets to Cloud NAT gateways.
• Regional external IPv6 addresses in dual-stack or IPv6-only subnets withexternal IPv6 address ranges used by external IPv6 addresses of dual-stack or IPv6-only instances, external protocol forwarding, and external passthrough Network Load Balancers. The subnet must be located in a separate, non-peered VPC network. The destination IPv6 address range must be accessible using a route in the sending instance's VPC network whose next hop is the default internet gateway. If a dual-stack or IPv6-only subnet with an external IPv6 address range is located in the same VPC network or in a peered VPC network, seeEgress to destinations routable within a VPC networkinstead.
• Other external destinations accessible using a static route in the sending instance's VPC network provided that the next hop for the route is the default internet gateway.

For details about which Google Cloud resources use what types of external IP addresses, seeExternal IP addresses.

Ingress bandwidth

Google Cloud handles inbound (ingress) bandwidth depending on how the incoming packet is routed to a receiving compute instance.

Ingress to destinations routable within a VPC network

A receiving compute instance can handle as many incoming packets as its machine type, operating system, and other network conditions permit. Google Cloud doesn't implement any purposeful bandwidth restriction on incoming packets delivered to an instance if the incoming packet is delivered using routes_within_ a VPC network:

• Subnet routes in the receiving instance's VPC network
• Peering subnet routes in a peered VPC network
• Routes in another network whose next hops are Cloud VPN tunnels, Cloud Interconnect (VLAN) attachments, or Router appliance instances located in the receiving instance's VPC network

Destinations for packets that are routed within a VPC network include:

• The primary internal IPv4 address of the receiving instance's virtual network interface (vNIC). Primary internal IPv4 addresses are regional internal IPv4 addresses that come from asubnet's primary IPv4 address range.
• An internal IPv4 address from an alias IP range of the receiving instance's vNIC. Alias IP ranges can come from either a subnet's primary IPv4 address range or one of its secondary IPv4 address ranges.
• An IPv6 address from the /96 IPv6 address range assigned to a dual-stack or IPv6-only receiving instance's vNIC. Compute instance IPv6 ranges can come from these subnet IPv6 ranges:
  • An internal IPv6 address range.
  • An external IPv6 address range when the incoming packet is routed internally to the receiving instance using one of the VPC network routes listed previously in this section.
• An internal IPv4 address of a forwarding rule used by internal protocol forwarding to the receiving instance or internal passthrough Network Load Balancer where the receiving instance is a backend of the load balancer. Internal forwarding rule IPv4 addresses come from a subnet's primary IPv4 address range.
• An internal IPv6 address from the /96 IPv6 range of a forwarding rule used by internal protocol forwarding to the receiving instance or internal passthrough Network Load Balancer where the receiving instance is a backend of the load balancer. Internal forwarding rule IPv6 addresses come from a subnet's internal IPv6 address range.
• An external IPv6 address from the /96 IPv6 range of a forwarding rule used by external protocol forwarding to the receiving instance or external passthrough Network Load Balancer. The receiving instance is a backend of the load balancer when the incoming packet is routed within the VPC network using one of the routes listed previously in this section. External forwarding rule IPv6 addresses come from a subnet's external IPv6 address range.
• An IP address within the destination range of a custom static route that uses the receiving instance as a next hop instance (next-hop-instance ornext-hop-address).
• An IP address within the destination range of a custom static route using an internal passthrough Network Load Balancer (next-hop-ilb) next hop, if the receiving instance is a backend for that load balancer.

Ingress to destinations outside of a VPC network

Google Cloud implements the following bandwidth limits for incoming packets delivered to a receiving instance using routes outside a VPC network. When load balancing is involved, the bandwidth limits are applied individually to each receiving instance.

For machine series that don't support multiple physical NICs, the applicable inbound bandwidth restriction applies collectively to all virtual network interfaces (vNICs). The limit is the first of the following rates encountered:

• 1,800,000 packets per second
• 30 Gbps

For machine series that support multiple physical NICs the applicable inbound bandwidth restriction applies individually to each physical NIC. The limit is the first of the following rates encountered:

• 1,800,000 packets per second per physical NIC
• 30 Gbps per physical NIC

Destinations for packets that are routed using routes outside of a VPC network include:

• An external IPv4 address assigned in a one-to-one NAT access configuration on one of the receiving instance's network interfaces (NICs).
• An external IPv6 address from the /96 IPv6 address range assigned to a vNIC of a dual-stack or IPv6-only receiving instance when the incoming packet is routed using a route outside of the receiving instance's VPC network.
• An external IPv4 address of a forwarding rule used by external protocol forwarding to the receiving instance or external passthrough Network Load Balancer where the receiving instance is a backend of the load balancer.
• An external IPv6 address from the /96 IPv6 range of a forwarding rule used by external protocol forwarding to the receiving instance or external passthrough Network Load Balancer. The receiving instance must be a backend of the load balancer when the incoming packet is routed using a route outside of a VPC network.
• Established inbound responses processed by Cloud NAT.

Use jumbo frames to maximize network bandwidth

To receive and send jumbo frames, configure the VPC network used by your compute instances; set themaximum transmission unit (MTU) to a larger value, up to 8896.

Higher MTU values increase the packet size and reduce the packet-header overhead, which increases payload data throughput.

You can use jumbo frames with the gVNIC driver version 1.3 or later on VM instances, or with the IDPF driver on bare metal instances. Not all Google Cloud public images include these drivers. For more information about operating system support for jumbo frames, see theNetworking features tab on theOperating system detailspage.

If you are using an OS image that doesn't have full support for jumbo frames, you can manually install gVNIC driver version v1.3.0 or later. Google recommends installing the gVNIC driver version marked Latest to benefit from additional features and bug fixes. You can download the gVNIC drivers fromGitHub.

To manually update the gVNIC driver version in your guest OS, seeUse on non-supported operating systems.

Jumbo frames and GPU machines

For GPU machine types, use the recommended MTU settings for Jumbo frames. For more information, seeRecommended MTU settings for Jumbo frames.

Receive and transmit queues

Each NIC or vNIC for a compute instance is assigned a number of receive and transmit queues for processing packets from the network.

• Receive Queue (RX): Queue to receive packets. When the NIC receives a packet from the network, the NIC selects the descriptor for an incoming packet from the queue, processes it and hands the packet to the guest OS over a packet queue attached to a vCPU core using an interrupt. If the RX queue is full and there is no buffer available to place a packet, then the packet is dropped. This can typically happen if an application is over-utilizing a vCPU core that is also attached to the selected packet queue.
• Transmit Queue (TX): Queue to transmit packets. When the guest OS sends a packet, a descriptor is allocated and placed in the TX queue. The NIC then processes the descriptor and transmits the packet.

Default queue allocation

Unless you explicitly assign queue counts for NICs, you can model the algorithm Google Cloud uses to assign a fixed number of RX and TX queues per vNIC in this way:

Bare metal instances

For bare metal instances, there is only one vNIC, so the maximum queue count is 16.

VM instances that use the gVNIC network interface

For C4 instances, to improve performance, the following configurations use a fixed number of queues:

• For Linux instances with 2 vCPUs, the queue count is 1.
• For Linux instances with 4 vCPUs, the queue count is 2.

For the other machine series, the queue count depends on whether the machine series uses Titanium or not.

• For third generation(excluding M3) and later instances that use Titanium:
  Divide the number of vCPUs by the number of vNICs (num_vcpus/num_vnics) and discard any remainder.
• For M3 and first and second generation VM instances that don't use Titanium:
  Divide the number of vCPUs by the number of vNICs, and then divide the result by 2 (num_vcpus/num_vnics/2). Discard any remainder.

To finish the default queue count calculation:

1. If the calculated number is less than 1, assign each vNIC one queue instead.
2. Determine if the calculated number is greater than the maximum number of queues per vNIC, which is 16. If the calculated number is greater than 16, ignore the calculated number, and assign each vNIC 16 queues instead.

VM instances using the VirtIO network interface or a custom driver

Divide the number of vCPUs by the number of vNICs, and discard any remainder —[number of vCPUs/number of vNICs].

1. If the calculated number is less than 1, assign each vNIC one queue instead.
2. Determine if the calculated number is greater than the maximum number of queues per vNIC, which is 32. If the calculated number is greater than 32, ignore the calculated number, and assign each vNIC 32 queues instead.

H4D instances with Cloud RDMA

For H4D instances that use Cloud RDMA, each physical host runs a single compute instance. Thus the instance gets all the available queue pairs. H4D instances have 16 queues for the gVNIC network interface and 16 queues for the IRDMA network interface.

Examples

The following examples show how to calculate the default number of queues for a VM instance:

• If a VM instance uses VirtIO and has 16 vCPUs and 4 vNICs, the calculated number is [16/4] = 4. Google Cloud assigns each vNIC four queues.
• If a VM instance uses gVNIC with Titanium offloads, and has 128 vCPUs and 2 vNICs, then the calculated number is [128/2] = 64. Google Cloud assigns each vNIC the maximum number of queues per vNIC, which is 16.

On Linux systems, you can use ethtool to configure a vNIC with fewer queues than the number of queues Google Cloud assigns per vNIC.

Queue counts when using Dynamic Network Interface

If you use Dynamic Network Interfaces with your network interfaces, the queue counts don't change. A Dynamic NIC doesn't have its own receive and transmit queues; it uses the same queues as the parent vNIC.

Custom queue allocation for VM instances

Instead of the default queue allocation, you can assign a custom queue count (total of both RX and TX) to each vNIC when you create a new compute instance by using the Compute Engine API.

The number of custom queues you specify must adhere to the following rules:

• The minimum queue count you can assign per vNIC is one.
• The maximum queue count you can assign to each vNIC of a VM instance is the lower of the vCPU count or the per vNIC maximum queue count, based on the driver type:
  • Using virtIOor a custom driver, the maximum queue count is 32.
  • Using gVNIC, the maximum queue count is 16, except for the following, where the maximum queue count is 32:
    * A2 or G2 instances
    * TPU instances
    * C2, C2D, N2, or N2D instances with Tier_1 networking enabled
  • For the followingConfidential VMconfigurations, the maximum queue count is 8:
    * AMD SEV on C2D and N2D machine types
    * AMD SEV-SNP on N2D machine types
• The sum of queue counts across all NICs configured for the VM instance must adhere to one of the following rules:
  • The maximum value is the lesser of:
    * [number of vCPUS]
    * [number of vNICs] * [max number of queues per vNIC]
  • If using queue oversubscription, the maximum value is:
    * [number of vNICs] * 16

With queue oversubscription, you can assign up to 16 queues for each vNIC of a VM instance, even if the total queue count for the VM exceeds the number of vCPUs. To oversubscribe the custom queue count, the VM instance must satisfy the following conditions:

• Uses gVNIC as the vNIC type for all vNICs configured for the instance.
• Uses a machine type in the N2, N2D, C2, or C2D machine series.
• Has Tier_1 networking enabled.
• Specifies a custom queue count for all vNICs configured for the VM instance.

With queue oversubscription, the maximum queue count for the VM instance is 16 times the number of vNICs. So, if you have 6 vNICs configured for an instance with 30 vCPUs, you can configure a maximum of (16 * 6), or 96 custom queues for your VM instance.

Examples

• For an N2 VM instance with 8 vCPUs and 4 vNICs:
  • You can assign a maximum of 8 queues across the 4 vNICs. For example, you can assign 1 queue to nic0, 4 queues to nic1, and 3 queues to nic2.
  • Queue oversubscription isn't possible because Tier_1 networking with N2 requires a VM with at least 32 vCPUs.
• If a VM has 48 vCPUs and 4 NICs:
  • If you use the virtIO driver for the NICs, then you can assign a maximum of 48 queues across the 4 NICs, with a maximum queue count of 32 for any vNIC. For example, you could have 12 queues on each vNIC, or you could have 32 queues on one of the NICs, 14 queues on another vNIC, and 1 queue on the remaining 2 NICs.
  • If you use the gVNIC driver for the NICs, then you can assign a maximum of 48 queues across the 4 NICs, with a maximum queue count of 16 for any vNIC. For example, you could have 15 queues on 3 NICs, and 3 queues on the remaining vNIC, or you could have 12 queues on each vNIC.
  • If you use gVNIC and queue oversubscription, then you can assign up to 16 queues for each vNIC, for a total of 64 queues total.
• For an N2D VM with 224 vCPUs and 8 NICs:
  • If you use the virtIO driver for the NICs, then you can assign a maximum of 224 queues across the 8 NICs, with a maximum queue count of 32 for any vNIC. For example, you could have 32 queues on 6 of the NICs, and then 16 queues on the remaining 2 NICs.
  • If you use the gVNIC driver for the NICs, then you can use the maximum queue count of 16 for all 8 NICs. The maximum sum of the queue counts is 128.

It's also possible to assign a custom queue count for only some vNICs, letting Compute Engine assign queues to the remaining vNICs. The number of queues that you can assign per vNIC is still subject to the rules mentioned previously. You can model the feasibility of your configuration, and the number of queues that Compute Engine assigns to the remaining vNICs, with this process:

1. Calculate the sum of queues for the vNICs that have a custom queue assignment.
2. Subtract the sum of custom-assigned queues from the number of vCPUs. If the difference is less than the number of remaining vNICs for which Compute Engine must assign queues, then Compute Engine returns an error because each vNIC must have at least one queue.
3. Divide the difference from the previous step by the number of vNICs without a custom queue count and discard any remainder:

[(number of vCPUs - sum of assigned queues)/(number of remaining vNICs)]  

This calculation always results in a whole number (not a fraction) that is at least equal to one because each vNIC must have at least one queue. 4. Compute Engine assigns each remaining vNIC a queue count as follows:

• If the calculated number is less than the maximum number of queues per vNIC, then the queue count is set to the calculated number.
• If the calculated number is greater than the maximum number of queues per vNIC, then the queue count for the vNIC is set to the maximum number of queues.

Example

Assume you have a VM with 20 vCPUs and 6 NICs, and that you assigned 5 queues to nic0, 6 queues to nic1, 4 queues to nic2, and let Compute Engine assign queue counts for nic3, nic4, and nic5.

1. The sum of the custom-assigned queues is 5 + 6 + 4 = 15.
2. Compute Engine has 20 - 15 = 5 queues left to assign to the remaining three vNICs (nic3, nic4, nic5). The difference (5) is greater than the number of vNICs that don't have a custom queue count (3).
3. The difference of 5 is divided by 3, and the remainder discarded. This leaves a value of 1.
4. Because the calculated number (1) is less than the maximum number of queues per vNIC, the queue count for the remaining vNICs is set to 1.

Configure custom queue counts

To create a compute instance that uses a custom queue count for one or more NICs or vNICs, complete the following steps.

In the following code examples, the VM is created with the network interface type set to GVNIC and per VM Tier_1 networking performance enabled. You can use these code examples to specify the maximum queue counts and queue oversubscription that is available for the supported machine types.

gcloud

1. If you don't already have aVPC networkwith a subnet for each vNIC interface you plan to configure, create them.

2. Use thegcloud compute instances create commandto create the compute instance. Repeat the --network-interface flag for each vNIC that you want to configure for the instance, and include the queue-count option.

   gcloud compute instances create INSTANCE_NAME
   --zone=ZONE
   --machine-type=MACHINE_TYPE
   --network-performance-configs=total-egress-bandwidth-tier=TIER_1
   --network-interface=network=NETWORK_NAME_1,subnet=SUBNET_1,nic-type=GVNIC,queue-count=QUEUE_SIZE_1
   --network-interface=network=NETWORK_NAME_2,subnet=SUBNET_2,nic-type=GVNIC,queue-count=QUEUE_SIZE_2

Replace the following:

• INSTANCE_NAME: aname for the new compute instance
• ZONE: the zone to create the instance in
• MACHINE_TYPE: themachine type of the instance. To oversubscribe the queue count, you must use a machine type from the N2, N2D, C2 or C2D machine series that uses gVNIC and Tier_1 networking.
• NETWORK_NAME: the name of the network created previously
• SUBNET_*: the name of one of the subnets created previously
• QUEUE_SIZE: the number of queues for the vNIC, subject to the rules discussed inCustom queue allocation.

Terraform

1. If you don't already have aVPC networkwith a subnet for each vNIC interface you plan to configure, create them.
2. Create a compute instance with specific queue counts for vNICs using thegoogle_compute_instance resource. Repeat the --network-interface parameter for each vNIC you want to configure for the compute instance, and include the queue-count parameter.

Queue oversubscription instance

resource "google_compute_instance" "INSTANCE_NAME" {
project = "PROJECT_ID"
boot_disk {
auto_delete = true
device_name = "DEVICE_NAME"
initialize_params {
image="IMAGE_NAME"
size = DISK_SIZE
type = "DISK_TYPE"
}
}
machine_type = "MACHINE_TYPE"
name = "INSTANCE_NAME"
zone = "ZONE"
network_performance_config {
total_egress_bandwidth_tier = "TIER_1"
}
network_interface {
nic_type = "GVNIC"
queue_count = QUEUE_COUNT_1
subnetwork_project = "PROJECT_ID"
subnetwork = "SUBNET_1"
}
network_interface {
nic_type = "GVNIC"
queue_count = QUEUE_COUNT_2
subnetwork_project = "PROJECT_ID"
subnetwork = "SUBNET_2"
}
network_interface {
nic_type = "GVNIC"
queue_count = QUEUE_COUNT_3
subnetwork_project = "PROJECT_ID"
subnetwork = "SUBNET_3""
}
network_interface {
nic_type = "GVNIC"
queue_count = QUEUE_COUNT_4
subnetwork_project = "PROJECT_ID"
subnetwork = "SUBNET_4""
}
}

Replace the following:

• INSTANCE_NAME: aname for the new compute instance
• PROJECT_ID: ID of the project to create the instance in. Unless you are using a Shared VPC network, the project that you specify must be the same one in which all the subnets and networks were created.
• DEVICE_NAME: The name to associate with the boot disk in the guest OS
• IMAGE_NAME: the name of an image, for example,"projects/debian-cloud/global/images/debian-12-bookworm-v20250311".
• DISK_SIZE: the size of the boot disk, in GiB
• DISK_TYPE: the type of disk to use for the boot disk, for example, pd-standard
• MACHINE_TYPE: themachine type of the instance. To oversubscribe the queue count, you must use a machine type from the N2, N2D, C2 or C2D machine series that uses gVNIC and Tier_1 networking.
• ZONE: the zone to create the instance in
• QUEUE_COUNT: the number of queues for the vNIC, subject to the rules discussed inCustom queue allocation.
• SUBNET_*: the name of the subnet that the network interface connects to

REST

1. If you don't already have aVPC networkwith a subnet for each vNIC interface you plan to configure, create them.
2. Create a compute instance with specific queue counts for vNICs using theinstances.insert method. You can repeat the networkInterfaces property to configure multiple network interfaces.
   POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/zones/ZONE/instances
   {
   "name": "INSTANCE_NAME",
   "machineType": "machineTypes/MACHINE_TYPE",
   "networkPerformanceConfig": {
   "totalEgressBandwidthTier": TIER_1
   },
   "networkInterfaces": [
   {
   "nicType": gVNIC,
   "subnetwork":"regions/region/subnetworks/SUBNET_1",
   "queueCount": "QUEUE_COUNT_1"
   } ],
   "networkInterfaces": [
   {
   "nicType": gVNIC,
   "subnetwork":"regions/region/subnetworks/SUBNET_2",
   "queueCount": "QUEUE_COUNT_2"
   } ]
   }
   Replace the following:
   • PROJECT_ID: ID of the project to create the compute instance in
   • ZONE: zone to create the compute instance in
   • INSTANCE_NAME:name of the new compute instance
   • MACHINE_TYPE: machine type,predefined orcustom, for the new compute instance. To oversubscribe the queue count, you must use a machine type from the N2, N2D, C2 or C2D machine series that uses gVNIC and Tier_1 networking.
   • SUBNET_*: the name of the subnet that the network interface connects to
   • QUEUE_COUNT: Number of queues for the vNIC, subject to the rules discussed inCustom queue allocation.

Queue allocations and changing the machine type

Compute instances are created with adefault queue allocation, or you can assign acustom queue count to each virtual network interface card (vNIC) when you create a new compute instance by using the Compute Engine API. The default or custom vNIC queue assignments are only set when creating a compute instance. If your instance has vNICs that use default queue counts, you canchange its machine type. If the machine type that you are changing to has a different number of vCPUs, the default queue counts for your instance are recalculated based on the new machine type.

If your VM has vNICs which use custom, non-default queue counts, then you can change the machine type by using the Google Cloud CLI or Compute Engine API toupdate the instance properties. The conversion succeeds if the resulting VM supports the same queue count per vNIC as the original instance. For VMs that use the VirtIO-Net interface and have a custom queue count that is higher than 16 per vNIC, you can't change the machine type to a third generation or later machine type, because they use only gVNIC. Instead, you can migrate your VM to a third generation or later machine type by following the instructions inMove your workload to a new compute instance.

What's next

• Create and start a VM instance.
• Configure per VM Tier_1 networking performancefor a compute instance.
• Learn about TCP optimization for network performance