Elastic Algorithm Service (EAS) allows you to use the virtual private cloud (VPC) direct connection channel feature to connect dedicated resource groups and your VPCs. After you purchase a dedicated resource group, EAS uses the specified type of Elastic Compute Service (ECS) instances to create the resource group. The dedicated resource group also belongs to the VPC of EAS. By default, you cannot access the dedicated resource group from your VPCs. To access the dedicated resource group, you must enable the VPC direct connection channel feature. After you enable this feature, an Elastic Network Interface (ENI) is automatically created in the specified VPC and mounted to an ECS instance in the dedicated resource group. This way, the specified VPC and the VPC of EAS are connected.

How it works

The VPC direct connection channel feature is implemented based on network connectivity and service discovery.
  • Network connectivity

    After you enable the VPC direct connection channel feature for a dedicated resource group, the system creates an ENI for the specified vSwitch and security group in your VPC. This ENI is free of charge. The created ENI occupies IP addresses in the Classless Inter-Domain Routing (CIDR) block of the vSwitch. Make sure that the CIDR block of the vSwitch has sufficient idle IP addresses. EAS creates and binds an ENI for each ECS instance in the dedicated resource group. This way, you can access the ECS instances in the dedicated resource group from your VPC.

  • Service discovery

    After you deploy a service in a dedicated resource group, the system creates an EAS instance for the service based on the number of resources that you request. EAS instances are different from ECS instances in dedicated resource groups and can be considered as processes. The system assigns a port for the EAS instance on the ECS instances of the dedicated resource group. You can access the service based on this port number and the IP address of the ENI that is mounted to the ECS instances of the dedicated resource group. EAS provides the service discovery feature. You can periodically query or update the IP:PORT list of a service. For more information, see Call a service over the VPC direct connection channel.

Benefits

After you enable the VPC direct connection channel feature for a dedicated resource group, you can access services in the dedicated resource group without gateways. Layer 4 load balancing and Layer 7 network forwarding are also avoided. You can access EAS instances directly from your VPCs. In addition, the built-in remote procedure call (RPC) technology of EAS implements the HTTP-related protocol stack. This greatly improves performance and reduces latency for the access to services with high queries per second (QPS), such as image services.

Disadvantages

Compared with the gateway mode, the VPC direct connection channel feature bypasses Layer 4 load balancing and Layer 7 gateway forwarding. This improves performance but sacrifices the load balancing and fault tolerance features of ECS instances. You must implement load balancing and retry algorithms on the client, which increases the difficulty in service testing and debugging. EAS provides configuration SDKs to help you complete the implementation on the client.

Enable the VPC direct connection channel feature

To enable the VPC direct connection channel feature for a dedicated resource group, you must grant EAS-related permissions to the current account, and specify a vSwitch and security group in the VPC that you want to connect to the dedicated resource group. For more information about the required permissions, see Grant permissions to RAM users. After your VPC and the VPC of EAS are connected, ECS instances in your VPC can use the ENI that is created by the system to access ECS instances in the dedicated resource group of EAS.

  1. Go to the Elastic Algorithm Service page.
    1. Log on to the Machine Learning Platform for AI console.
    2. In the left-side navigation pane, choose Model Deployment > EAS-Model Serving.
  2. On the Elastic Algorithm Service page, click View Resource Groups in the upper-right corner.
  3. On the Resource Group List page, find the resource group that you want to view and click the ID in the Resource Group ID/Name column.
  4. On the resource group details page, enable the VPC direct connection channel feature.
    1. Turn on VPC Direct Connection Channel.
    2. In the Activate the VPC direct connection channel dialog box, set the VPC, Vswitch, and SecurityGroup name parameters as required.
    3. Click OK.

Call services

After the VPC direct connection channel feature is enabled for a dedicated resource group, you can access model services that are deployed in the dedicated resource group over the VPC direct connection channel. For more information, see Call a service over the VPC direct connection channel.