Assign a public IP address to the instance.

Assign a new reserved internal IP address to the instance.

Change the instance's current internal IP address to static.

Add custom metadata to the instance with key internal-address and value reserved.

The less specific VPC subnet route is taking priority.

The more specific VPC subnet route is taking priority.

The on-premises router is not advertising a route for the database server.

A cloud firewall rule that blocks traffic to the on-premises database server was created during the change.

Configure global load balancing to point 172.16.45.0/24 to the correct instance.

Create unique DNS records for each service that sends traffic to the desired IP address.

Configure an alias-IP range of 172.16.45.0/24 on the virtual instances within the VPC subnet of 10.1.1.0/24.

Use VPC peering to allow traffic to route between the 10.1.0.0/24 network and the 172.16.45.0/24 network.

HTTP(S) load balancer

Network load balancer

Internal load balancer

TCP/SSL proxy load balancer

Configure the existing Cloud Routers to advertise the Google API's public virtual IP addresses.

Use Private Google Access for on-premises hosts with restricted.googleapis.com virtual IP addresses.

Configure the existing Cloud Routers to advertise a default route, and use Cloud NAT to translate traffic from your on-premises network.

Add Direct Peering links, and use them for connectivity to Google APIs that use public virtual IP addresses

Configure Firewall Rules Logging. Use Firewall Insights to display the number of hits.

Configure Firewall Rules Logging. View the logs in Cloud Logging, and create a custom dashboard in Cloud Monitoring to display the number of hits.

Configure a firewall appliance from the Google Cloud Marketplace. Route all traffic through this appliance, and apply the firewall rules at this layer. Use the firewall appliance to display the number of hits.

Configure Packet Mirroring on the VPC. Apply a filter with an IP address list of the Denied Firewall rules. Configure an intrusion detection system (IDS) appliance as the receiver to display the number of hits.

Configure the route advertisement to the default setting

On the on-premises router, configure a static route for the storage API virtual IP address which points to the Cloud Router's link-local IP address.

Configure the route advertisement to the custom setting, and manually add prefix 199.36.153.8/30 to the list of advertisements. Leave all other options as their default settings.

Configure the route advertisement to the custom setting, and manually add prefix 199.36.153.8/30 to the list of advertisements. Advertise all visible subnets to the Cloud Router.