Cloud Run offers two methods for sending egress (outbound) traffic from a Cloud Run service or job to a VPC network:
This page provides a comparison between the two Cloud Run to VPC network egress methods, both of which allow access to Compute Engine VM instances, Memorystore instances, and any other resources with an internal IP address.
Direct VPC egress
Direct VPC egress brings enhanced infrastructure and simpler VPC egress configuration to Cloud Run, including the following advantages:
- Setup: Cloud Run services and jobs can send traffic to a VPC network without the overhead of managing a Serverless VPC Access connector.
- Cost: You only pay for network traffic charges, which scale to zero just like the service itself.
- Security: You can use network tags directly on service revisions for more granular network security.
- Performance: Lower latency, higher throughput.
Serverless VPC Access connectors
Serverless VPC Access connectors also let you send requests to your VPC network and receive the corresponding responses without using the public internet. Setup requires additional maintenance and cost with lower performance than Direct VPC egress offers.
See the comparison table for details.
Comparison table
Feature | Direct VPC egress | Serverless VPC Access connector |
---|---|---|
Latency | Lower | Higher |
Throughput | Higher | Lower |
IP allocation | Uses more IP addresses in most cases | Uses fewer IP addresses |
Cost | No additional VM charges | Incurs additional VM charges |
Scaling speed | Instance autoscaling is slower during traffic surges while new VPC network interfaces are created. | Network latency occurs during VPC network traffic surges while more connector instances are created. |
Google Cloud console | Supported | Supported |
Google Cloud CLI | Supported | Supported |
Launch stage | GA (with the exception of Cloud Run jobs) | GA |
Pricing
For pricing information, see Cloud Run pricing.
With Serverless VPC Access connectors, you pay for two types of charges: Compute (billed as Compute Engine VMs) and network egress (billed as traffic from VMs). With Direct VPC egress, you pay only for network egress (at the same rate as connectors). You do not pay any compute charges.
If you use Serverless VPC Access connectors, you can view your associated costs as follows:
- Go to the Cloud Billing Reports page in the Google Cloud console.
- If prompted, select the billing account associated with your Google Cloud project.
- In the Filters panel, under Labels,
add a label filter with the key
serverless-vpc-access
. - In the Value field, select the names of the connectors that you want to filter for.
Next steps
- Learn how to configure your service with Direct VPC egress.
- Learn how to configure your job with Direct VPC egress.
- See information about Direct VPC egress with a Shared VPC network.
- Learn how to configure your service with Serverless VPC Access connectors.
- Learn how to configure your job
with Serverless VPC Access connectors.