Private network access enables supported Google Cloud products to send HTTP requests to a customer VPC network, such as to a VM, Cloud Interconnect IP, or an L4 ILB over the private network, while enforcing IAM and VPC Service Controls.
With Private Service Connect, you can create private endpoints using internal IP addresses within your VPC network. Private network access extends that capability and helps Google Cloud services connect directly to VPC networks.
Private network access offers the following features:
- Provides a unified way of managing customer network, security, and access policies applied to all network paths.
- Enables Google Cloud products reach one or more HTTP(S) endpoints in customer private networks using Google's private network rather than using the internet, and provides a VPC Service Controls-compliant option. This helps in providing better security, managing network security policies, as well as exfiltration protection while still allowing full use of Google Cloud features like HTTP Push.
The following diagram shows how a messaging service connects to a Google Cloud VM by using the internet without private network access.
The following diagram shows that a messaging service connects to a Google Cloud VM directly with private network access by using private networking within a security service perimeter.
For detailed information about VPC Service Controls, see VPC Service Controls documentation.
For information on how to configure private network access, see Configuring private network access.
For information about how you can use Service Directory private network access with Dialogflow, see Using Service Directory for private network access.
Quotas and limits
The following quotas and limits apply for private network access.
- Service Directory limits apply when you use private network access.
- Calls from Google Cloud services that use private network access do not count against your quotas.
- Service Directory pricing applies for calls from Google Cloud services that use private network access. Since Service Directory charges are per API call against the Service Directory service, each private network access is charged as one API call.
- To learn about Service Directory, see Service Directory overview.
- To learn how to configure private network access, see Configuring private network access.
- To find solutions for common issues that you might encounter when using Service Directory, see Troubleshooting.