About accessing regional endpoints through Private Service Connect endpoints

This page provides an overview of using Private Service Connect endpoints to access regional endpoints for supported Google APIs in supported regions.

Consider using regional endpoints if you want to ensure that in-transit data remains in a particular region.

For information about other Private Service Connect configurations, see Private Service Connect overview.

Features and compatibility

This table summarizes the features that are supported by endpoints that are used to access regional endpoints for Google APIs.

Configuration Details
Consumer configuration (endpoint)
Global reachability If global access is enabled
Access through VLAN attachments
Access through Cloud VPN
DNS configuration Manual DNS configuration
IP version IPv4
Producer
Supported services Supported regional Google APIs

Specifications

  • Regional endpoint hostnames have two forms:

    • Public hostnames: SERVICE.REGION.rep.DOMAIN
    • Private hostnames: SERVICE.REGION.p.rep.DOMAIN

      The private hostname adds a p subdomain between REGION and rep. Use this format to create DNS records in private DNS zones.

  • The subnet that you specify when you create a endpoint is a regular subnet. The IP address assigned to the endpoint is a regional internal IP address.

  • If you're using Shared VPC, you can create the endpoint in either the host project or a service project.

  • By default, endpoints can be accessed only by clients that are in the same region and the same VPC network (or Shared VPC network) as the endpoint. For information about making endpoints available in other regions, see Global access.

Architecture

Private Service Connect endpoints that have a regional endpoint target point to a service attachment that has been created by Google to direct traffic to the regional service endpoint.

Clients in the same region as the endpoint can send traffic to the endpoint. You can also access the endpoint from connected networks in the same region. If you want to access the endpoint from other regions, configure global access.

Figure 1. An endpoint lets service consumers send traffic from the consumer's VPC network to regional service endpoints for supported Google APIs through a service attachment that is managed by Google (click to enlarge).

Global access

When you create an endpoint, you can configure global access. Global access lets clients in other regions access the endpoint. The endpoint is also accessible from connected networks.

Figure 2. An endpoint with global access enabled can be accessed by clients in another region, including by clients in connected networks (click to enlarge).

Supported regions and services

For a list of supported regions and services, see Regional service endpoints.

Pricing

For pricing information, see Virtual Private Cloud pricing.

Quotas

See the Number of Regional Endpoints per project per region quota in Quotas and limits.

What's next