Compare Direct VPC egress and VPC connectors

Cloud Run offers two methods for sending egress (outbound) traffic from a Cloud Run service or job to a VPC network:

This page provides a comparison between the two Cloud Run to VPC network egress methods, both of which allow access to Compute Engine VM instances, Memorystore instances, and any other resources with an internal IP address.

Direct VPC egress

Direct VPC egress brings enhanced infrastructure and simpler VPC egress configuration to Cloud Run, including the following advantages:

  • Setup: Cloud Run services and jobs can send traffic to a VPC network without the overhead of managing a Serverless VPC Access connector.
  • Cost: You only pay for network traffic charges, which scale to zero just like the service itself.
  • Security: You can use network tags directly on service revisions for more granular network security.
  • Performance: Lower latency, higher throughput.

Serverless VPC Access connectors

Serverless VPC Access connectors also let you send requests to your VPC network and receive the corresponding responses without using the public internet. Setup requires additional maintenance and cost with lower performance than Direct VPC egress offers.

See the comparison table for details.

Comparison table

Feature Direct VPC egress Serverless VPC Access connector
Latency Lower Higher
Throughput Higher Lower
IP allocation Uses more IP addresses in most cases Uses fewer IP addresses
Cost No additional VM charges Incurs additional VM charges
Scaling speed Instance autoscaling is slower during traffic surges while new VPC network interfaces are created. Network latency occurs during VPC network traffic surges while more connector instances are created.
Google Cloud console Supported Supported
Google Cloud CLI Supported Supported
Launch stage Preview (see Limitations) GA (production-ready)

Pricing

For pricing information, see Cloud Run pricing.

With Serverless VPC Access connectors, you pay for two types of charges: Compute (billed as Compute Engine VMs) and network egress (billed as traffic from VMs). With Direct VPC egress, you pay only for network egress (at the same rate as connectors). You do not pay any compute charges.

If you use Serverless VPC Access connectors, you can view your associated costs as follows:

  1. Go to the Cloud Billing Reports page in the Google Cloud console.
  2. If prompted, select the billing account associated with your Google Cloud project.
  3. In the Filters panel, under Labels, add a label filter with the key serverless-vpc-access.
  4. In the Value field, select the names of the connectors that you want to filter for.

Next steps