How many IP addresses does GCP reserve per subnet?

Google Cloud reserves 4 IP addresses per subnet: the network address (.0), the default gateway (second address), the second-to-last address (reserved by GCP), and the broadcast address (.255). This differs from AWS which reserves 5.

What is the difference between auto mode and custom mode VPC in GCP?

Auto mode VPCs automatically create one subnet per region using predefined /20 CIDR blocks from 10.128.0.0/9. Custom mode VPCs give you full control over subnet ranges and are recommended for production workloads to avoid CIDR conflicts with on-premises or peered networks.

What are secondary ranges in GCP and why are they needed for GKE?

GCP subnets support secondary IP ranges that are used by GKE for Pod and Service IP addresses. A GKE cluster needs a primary range for nodes, a secondary range for Pods (typically /16 to support many pods per node), and another secondary range for Services (typically /20).

GCP VPC Subnet Calculator

Last reviewed: May 2026

Plan Google Cloud VPC subnets with correct IP reservation counts. GCP reserves 4 IPs per subnet — one fewer than AWS/Azure. Use the interactive planner below to generate subnets with optional GKE secondary ranges, then export Terraform.

Interactive GCP VPC Subnet Planner

VPC Address Range

Region

Primary subnets:

nodes GKE node IPs — primary range

services General workload subnet

proxy-only Required for Envoy-based Load Balancers

GKE Secondary Ranges (added to nodes subnet)

Pods range:

Services range:

Subnet / Range Name	CIDR	Type	GCP Usable IPs	Purpose

Calculate GCP VPC CIDRs in SubnetSolver →

GCP IP Reservation Rule

GCP reserves 4 IP addresses in every subnet — one fewer than AWS. These are:

.0 — Network address
Second address — Default gateway (e.g., .1 in most subnets)
Second-to-last address — Reserved by Google Cloud
.255 (last address) — Broadcast address

For example, in a 10.0.0.0/24 subnet: .0, .1, .254, and .255 are reserved — leaving 252 usable addresses.

Auto Mode vs Custom Mode VPC

GCP offers two VPC creation modes with significant operational differences:

Feature	Auto Mode	Custom Mode
Subnet creation	Automatic (one per region)	Manual, full control
CIDR range	Predefined /20 from 10.128.0.0/9	Any valid RFC 1918 range
VPC peering	Limited (overlapping ranges)	Recommended for peering
Production workloads	Not recommended	Recommended

Use custom mode VPCs for production. Auto mode VPCs use predictable CIDR ranges that frequently conflict with on-premises networks. You cannot convert an auto mode VPC back to custom mode once created.

GCP VPC Design Best Practices

Always use custom mode VPCs for production workloads
Plan your CIDR space upfront — VPC peering and Shared VPC require non-overlapping ranges
GKE clusters consume large secondary ranges — allocate /16 for pods before provisioning
Use Private Google Access on subnets that need to reach Google APIs without internet access
Cloud NAT requires explicit subnet configuration — plan your NAT gateways per region

Plan your GCP VPC in SubnetSolver →