This page is for networking specialists who want to compare the followingmethods for sending egress (outbound) traffic from a Cloud Runservice or job to a VPC network:

• Direct VPC egress (recommended)
• Serverless VPC Access connectors

Both of these methods allow access to Compute Engine VM instances,Memorystore instances, and any other resources with an internal IPaddress.

Inbound and outbound requests

When using Direct VPC egress or Serverless VPC Access connectors,outbound connections initiated by Cloud Run services and jobsroute directly to and from their destination.

Inbound requests sent from your VPC network to Cloud Runroute through a custom load balancer, not through Direct VPC egress orServerless VPC Access connectors.

To learn more about sending requests from your VPCnetwork to Cloud Run, seeReceive requests from VPC networks.

Direct VPC egress (recommended)

Direct VPC egress brings enhanced infrastructure and simpler VPCegress configuration to Cloud Run, including the followingadvantages:

• Setup: Cloud Run services and jobs can send traffic to aVPC network without the overhead of managing a Serverless VPC Accessconnector.
• Cost: You only pay for network traffic charges, which scale to zero justlike the service itself.
• Security: You can use network tags directly on service revisions formore granular network security.
• Performance: Lower latency, higher throughput.

Serverless VPC Access connectors

Serverless VPC Access connectors also let you send requests toyour VPC network and receive the corresponding responses withoutusing the public internet. Setup requires additional maintenance and cost withlower performance than Direct VPC egress offers.

See thecomparison table for details.

Comparison table

Feature	Direct VPC egress	Serverless VPC Access connector
Latency	Lower	Higher
Throughput	Higher	Lower
IP allocation	Uses more IP addresses in most cases	Uses fewer IP addresses
Cost	No additional VM charges	Incurs additional VM charges
Scaling speed	Instance autoscaling is slower, including starting from zero, while creating new VPC network interfaces.	Network latency occurs during VPC network traffic surges while more connector instances are created.
Network tags	Finer granularity. Each service or job can have its own unique sets of tags; firewall rules applied separately.	Less granularity. Shared across services and jobs that use the same connectors; firewall rules applied at the connector level.
Firewall Rules Logging	Firewall Rules Logging for Cloud Run egress traffic doesn't include the Cloud Run resource name.	Firewall Rules Logging for Cloud Run egress traffic includes the connector instance name, not the name of the Cloud Run resource.
Google Cloud console	Supported	Supported
Google Cloud CLI	Supported	Supported
Launch stage	GA	GA

Pricing

For pricing information, seeCloud Run pricing.

With Serverless VPC Access connectors, you pay for two types ofcharges: Compute (billed as Compute Engine VMs) and network egress (billed astraffic from VMs). With Direct VPC egress, you pay only for network egress (atthe same rate as connectors). You do not pay any compute charges.

If you use Serverless VPC Access connectors, you can view yourassociated costs as follows:

1. Go to theCloud Billing Reports pagein the Google Cloud console.
2. If prompted, select the billing account associated with yourGoogle Cloud project.
3. In theFilters panel, underLabels,add a label filter with the keyserverless-vpc-access.
4. In theValue field, select the names of the connectors that you wantto filter for.

Next steps

• Learn how toconfigure your servicewith Direct VPC egress.
• Learn how toconfigure your jobwith Direct VPC egress.
• See information aboutDirect VPC egress with a Shared VPC network.
• Learn how toconfigure your servicewith Serverless VPC Access connectors.
• Learn how toconfigure your jobwith Serverless VPC Access connectors.