All Products
Document Center

Connect a resource group to a VPC

Last Updated: Jun 01, 2020

Elastic Algorithm Service (EAS) allows you to directly connect a dedicated subscription resource group to your Virtual Private Cloud (VPC). After you purchase a dedicated subscription resource group, EAS assigns resources with the specified specifications to the dedicated resource group. This resource group belongs to the VPC of EAS. By default, you cannot directly access the resource group from your own VPC. However, EAS enables direct connect between VPCs. You can attach an Elastic Network Interface (ENI) of your VPC to an EAS instance to support direct connect between two VPCs.

How direct connect works

The direct connect feature is based on network connection and service discovery.

  1. Network connection: After you authorize EAS, EAS will create ENIs for free under your account for the specified VSwitch and security group. The ENIs will use IP addresses in the CIDR block of the VSwitch. Therefore, you must make sure that there are sufficient available IP addresses in the CIDR block. EAS will create an ENI for each EAS instance in the subscription resource group, and then bind the ENI to the instance. In this way, you can access the EAS instances from your VPC network.
  2. Service discovery: After you deploy a service in the subscription resource group, EAS will create a certain number of EAS instances for the service. The number of EAS instances depends on the number of resources that you have requested. Different from instances in a resource group, an EAS instance created this way is considered to be a service process. Each EAS instance is assigned a port of a resource group node. With the IP address of the ENI bound to an EAS instance and the port, you can then directly access the EAS instance. Based on service discovery, EAS periodically updates the endpoints (IP:PORT) of the services.


After the resource group is connected to your VPC network, you no longer need to use a gateway to access your services from a VPC network. Requests are directly sent to the EAS instance, without load balancing at Layer 4 and gateway forwarding at Layer 7. At the same time, the Remote Procedure Call (RPC) framework of EAS implements the HTTP stack to significantly shorten the entire connection. For services that have high queries per second (QPS), such as Image Service, this greatly improves the performance of the service and reduces the response time.


Compared with the gateway mode, the direct connect mode bypasses the Server Load Balancer (SLB) service at Layer 4 and the gateway service at Layer 7 to improve the performance of the deployed service. This means that the direct connect mode does not support load balancing and fault tolerance at the service end. The client has to implement load balancing and fault tolerance. The load balancing and retry on failure algorithms are implemented on the client. This causes more difficulties in service testing and debugging. EAS will soon provide an SDK with the relevant configuration for you to call your services from a client.

Activate direct connect

Before using direct connect, you need to grant related permissions to EAS in the console. You must specify the VSwitchId and SecurityGroupId of the VPC that you want to connect to. After you activate direct connect, ECS instances that belong to the VSwitch and security group can connect to EAS instances in the dedicated subscription resource group.

  1. Click Activate the VPC direct connection channel on the resource group details page. You must grant the permissions for creating ENIs to EAS before you activate direct connect.


  2. Enter the information of the VPC that you want to connect to, and click OK to activate direct connect.


Service calling method

You can use VPC direct connect to call the services deployed in resource groups that activate the VPC direct connect feature. For more information, see Use direct connect.