Cloud Run Direct VPC egress explained

Key Takeaways

direct VPC egress on cloud run enables you to send traffic through a VPC Network without setting up a serverless VPC access connector it's easier to set up faster can handle more traffic and has lower costs this is a very exciting update to Cloud run let's dive in to learn more but let's take a step back why send traffic to the VPC in the first place top use cases for sending traffic to the VPC include managing traffic with firewall rules Network traffic observability getting static IPS for outbound requests and connecting to internal IP addresses and and that's the most common one and here are some examples of resources with an internal IP address that you might want to connect to from cloud run a memory store instance a cloud SQL instance that doesn't have a public IP and a compute engine virtual machine or services with an internal load balancer on Google kubernetes engine or on-premise resources when you enable directvpc egress on a cloud run service the cloud run instances gets internal IP addresses on the VPC Network and this new interface can only be used for TCP UDP egress you can use it to create new connections from the VPC Network back to the cloud run instance think of this as a firewall in front of the cloud run instance the firewall allows outbound connections only and no inbound could traffic from the VPC but the other interest path doesn't change with directvc egress web requests to the https endpoint of the cloud run service are still routed to Cloud run instances in the same way as before that doesn't change if you're watching this and you're already familiar with serverless VPC access connectors you might be confused is directvc egress just another way of doing the same thing but it has a shorter name well yes but direct VPC egress has many advantages over VPC connectors to understand why let me tell you how VPC connectors work a VPC connector is a group of managed connector instances every connector instance gets an internal IP address and it proxies outbound connections from a cloud run instance introducing an extra hop in a network path and VPC connectors are not paper use you can think of connector instances as fertile machines they are very much alike in the sense that you are charged for enabling them even when they're idle direct VPC egress doesn't need connector instances which means you only play the network charges this is why directvc egress has lower costs and it uses a new direct network path and this New Path is faster and can handle more traffic delivering lower latency and higher throughput so let's wrap up with directvc egress you get fewer hops in a network path enabling lower latency higher throughput because of the new network path lower costs and it's easier to set up and manage if you want to try it out today check send traffic directly to a VPC when configuring network access for your Cloud run service thanks for listening