GCP: If I make an HTTP request to a publicly available API from another service within the same VPC will the request leave the VPC?

Question

I want to know if I make an http request from one service to another and both services are hosted in the same VPC will the request ever leave the VPC.

For example: Let's say I host Next.js on CloudRun in VPC 1 which is a server rendered React frontend framework. When a user makes a request to Next.js to retrieve a page the server may make API or DB requests to hydrate the html with data before sending it to the requesting client.

If I host an expressjs API in VPC 1 as well would a request on the server from the frontend service go to the public dns before being rerouted back to VPC1 or would it remain inside Google's internal network.

Both services are behind an external load balancer.

I imagine if it remains in the network I can see major latency reduction and bandwidth cost savings.

Answer 1

Because your understanding is not really accurate, you don't ask the correct questions.

Firstly, Cloud Run DOES NOT live in your VPC. It's in the "serverless world" managed by Google Cloud.

Sure, you can create a serverless VPC connector which bridge the egress only traffic through your VPC to reach resources connected to the VPC.

So your question could be: If I reach a Cloud Run service from another Cloud Run service, will my request go to the internet?

Logically, no, you stay in the Google Cloud Network. Theorically, also not, the routing should stay you in the region network.

In reality, I can't commit on it, but in reality, I don't care, it's encrypted and my traffic stay secure. In addition, I won't be charge for that also, because I'm in the same region (there is no egress cost inside the same region).

I hope it's clearer now.