Networking best practices

This page provides networking best practices, including suggestions for configuring Direct VPC egress settings when sending outbound traffic from Cloud Run to a VPC network.

Use Direct VPC egress for faster network egress throughput

To achieve faster throughput across network egress connections, use Direct VPC egress to route traffic through your VPC network.

Example 1: External traffic to the internet

If you're sending external traffic to the public internet, route all traffic through the VPC network by setting --vpc-egress=all-traffic. With this approach, you must set up Cloud NAT to reach the public internet. Note that Cloud NAT is a paid product.

Example 2: Internal traffic to a Google API

If you're using Direct VPC egress to send traffic to a Google API, such as Cloud Storage, choose one of the following options:

Avoid Cloud NAT with Cloud Run subnets

When you route internal IP address requests to the VPC network (--vpc-egress=private-ranges-only), don't associate Cloud NAT with subnets that run Cloud Run services or revisions. Doing so might incur additional charges.

