直接連線是一種連線解決方案,可讓 Google Cloud 用戶端程式庫與 Cloud Storage 之間建立經過驗證的直接 gRPC 網路連線,進而降低延遲和連線負擔。使用 gRPC 連線至 Google Cloud
使用直接連線時,透過支援的 Google Cloud
用戶端程式庫發出的要求會直接傳送至 Cloud Storage,略過 Google Front Ends (GFEs)。
與 Cloud Storage 值區互動的 Compute Engine VM 必須與該值區位於同一位置。舉例來說,如果值區位於 us-central1,VM 可以位於 us-central1-a。如果值區位於多區域或雙區域,則 VM 必須位於多區域或雙區域中的一個區域。舉例來說,如果值區位於 us 多地區,則 VM 可以位於 us-east4-c。
Using my-bucket bucket for the diagnostic tests.
Bucket location : US
Bucket storage class : STANDARD
Running diagnostic: Direct Connectivity Diagnostic...
WARNING: This diagnostic is experimental. The output may change, and checks may be added or removed at any time. Please do not rely on the diagnostic being present.
Finished running diagnostic: Direct Connectivity Diagnostic
Generating diagnostic report...
NAME
Direct Connectivity Diagnostic
┌────────────────────────────┬─────────────────────────────────────────────────────────────────────────┬──────────┐
│ NAME │ PAYLOAD_DESCRIPTION │ RESULT │
├────────────────────────────┼─────────────────────────────────────────────────────────────────────────┼──────────┤
│ Direct Connectivity Call │ Able to get bucket metadata using Direct Connectivity network path. │ Success. │
└────────────────────────────┴─────────────────────────────────────────────────────────────────────────┴──────────┘
檢查網路設定
如果使用 Google Cloud CLI 檢查直接連線時發生 Unable to connect to Traffic Director 錯誤,請按照下列操作說明,確保網路設定允許流量從 VM 傳輸至必要端點。
[[["容易理解","easyToUnderstand","thumb-up"],["確實解決了我的問題","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["難以理解","hardToUnderstand","thumb-down"],["資訊或程式碼範例有誤","incorrectInformationOrSampleCode","thumb-down"],["缺少我需要的資訊/範例","missingTheInformationSamplesINeed","thumb-down"],["翻譯問題","translationIssue","thumb-down"],["其他","otherDown","thumb-down"]],["上次更新時間:2025-09-05 (世界標準時間)。"],[],[],null,["# gRPC direct connectivity\n\nDirect connectivity is a connection solution that allows high-performance,\nauthenticated, direct gRPC network connections between a Google Cloud client\nlibrary and Cloud Storage, resulting in lower latency and connection\noverhead. When you use gRPC to connect to Google Cloud\nusing direct connectivity, requests initiated through supported Google Cloud\nclient libraries are routed directly to Cloud Storage, bypassing\n[Google Front Ends (GFEs)](/docs/security/infrastructure/design#google-frontend-service).\n\nDirect connectivity is only available for requests made from Compute Engine\nvirtual machines (VMs).\n\nRequirements for direct connectivity\n------------------------------------\n\nDirect connectivity is enabled by default when you use supported\nCloud Storage client libraries to connect to Cloud Storage, but becomes\navailable only if the following conditions are all met:\n\n- The Compute Engine VMs interacting with Cloud Storage must have an\n [attached service account](/compute/docs/instances/change-service-account), even if the service account has no permissions.\n The service account is used to represent the Compute Engine VM in the\n [Application Layer Transport Security](/security/encryption-in-transit/application-layer-transport-security) handshake process.\n\n- The Compute Engine VMs interacting with a Cloud Storage bucket must\n be co-located with the bucket. For example, if the bucket is in `us-central1`,\n the VM can be located in `us-central1-a`.\n\n- Your [routes](/vpc/docs/configure-private-google-access#config-routing-custom) and [firewall rules](/vpc/docs/configure-private-google-access#config-firewall) allow IPv4 traffic to reach\n `34.126.0.0/18` and IPv6 traffic to reach `2001:4860:8040::/42`. In addition,\n traffic must be allowed to reach the endpoints\n `storage.googleapis.com:443` and `directpath-pa.googleapis.com:443`.\n\n To learn how to check whether a connection can be made to these endpoints, see\n [Check network configurations](#check-network-configs). For information about setting up routes,\n see [Configure routes](/vpc-service-controls/docs/set-up-private-connectivity#configure-routes).\n\nCheck connectivity by using the Google Cloud CLI\n------------------------------------------------\n\nThe Google Cloud CLI can test the diagnostics of direct connectivity on your\nbucket by issuing a `GET` call to the bucket using\n`gcloud storage buckets describe gs://example-bucket`. This\nsection describes how to perform a diagnostic test for direct connectivity by\nusing the Google Cloud CLI.\n\n### Before you begin\n\n1. Make sure you have the `storage.buckets.get` IAM permission\n on the bucket, which can be [granted](/storage/docs/access-control/using-iam-permissions) using the Storage Legacy Bucket\n Reader (`roles/storage.legacyBucketReader`) role.\n\n2. The `gcloud alpha storage diagnose` command is only available in the\n Google Cloud CLI version 531.0.0 or later. To use this command, we recommend\n [upgrading to the latest Google Cloud CLI version](/sdk/gcloud/reference/components/update).\n\n### Run the diagnosis\n\nTo check whether direct connectivity is available, run\n[`gcloud alpha storage diagnose`](/sdk/gcloud/reference/alpha/storage/diagnose) with the argument\n`--test-type=DIRECT_CONNECTIVITY`: \n\n```\ngcloud alpha storage diagnose --test-type=DIRECT_CONNECTIVITY gs://BUCKET_NAME\n```\n\nReplace the following:\n\n- \u003cvar translate=\"no\"\u003eBUCKET_NAME\u003c/var\u003e: the name of your bucket. For example, `my-bucket`.\n\nIf a connection can be made, you receive a response similar to the following: \n\n Using my-bucket bucket for the diagnostic tests.\n Bucket location : US\n Bucket storage class : STANDARD\n Running diagnostic: Direct Connectivity Diagnostic...\n WARNING: This diagnostic is experimental. The output may change, and checks may be added or removed at any time. Please do not rely on the diagnostic being present.\n Finished running diagnostic: Direct Connectivity Diagnostic\n Generating diagnostic report...\n NAME\n Direct Connectivity Diagnostic\n ┌────────────────────────────┬─────────────────────────────────────────────────────────────────────────┬──────────┐\n │ NAME │ PAYLOAD_DESCRIPTION │ RESULT │\n ├────────────────────────────┼─────────────────────────────────────────────────────────────────────────┼──────────┤\n │ Direct Connectivity Call │ Able to get bucket metadata using Direct Connectivity network path. │ Success. │\n └────────────────────────────┴─────────────────────────────────────────────────────────────────────────┴──────────┘\n\nCheck network configurations\n----------------------------\n\nIf you encounter an `Unable to connect to Traffic Director` error while checking\nfor direct connectivity using the Google Cloud CLI, use the following\ninstructions to ensure that your network configurations allow traffic to pass\nfrom your VMs to the required endpoints.\n\nDirect connectivity requires a service hosted at\n`directpath-pa.googleapis.com:443` and at `storage.googleapis.com:443`. To check\nwhether a connection can be made to the service, make a curl call to\n`directpath-pa.googleapis.com:443` or `storage.googleapis.com:443`. For example: \n\n curl directpath-pa.googleapis.com:443\n\nIf a connection can be made, you receive an empty response without\nerrors: \n\n curl: (52) Empty reply from server\n\nIf a connection cannot be made, you receive an error similar to the following: \n\n curl: (56) Recv failure: Connection reset by peer"]]