Do the service IPs need to be rotable outside the cluster or will they masq behind the nodes as well

i know you can you IP masquerading on pods that way in ZGKE you can use a carrier network so you dont have to bleed ips from the main network and will not have to broadcast out the ips of the pods just the nodes BUT do the service IP need to be broadcasted out past the cluster or can they be a bogus ip cidr as well as long as its not the same CIDR as the pods