EAS (Elastic Algorithm Service) allows you to directly connect a dedicated subscription resource group to your Virtual Private Cloud (VPC). After you purchase a dedicated subscription resource group, EAS assigns resources of specified specifications to the dedicated resource group. This resource group belongs to the VPC of EAS. By default, you cannot directly access the resource group from you own VPC. However, EAS enables direct connect between VPCs. You can attach an Elastic Network Interface (ENI) of your VPC to an EAS instance to support direct connect between two VPCs.
The direct connect feature is based on network connection and service discovery.
- Network connection: After you authorize EAS, EAS will create free ENIs under your account for the specified VSwitch and security group. The ENIs will use IP addresses in the CIDR block of the VSwitch. Therefore, you must make sure that there are sufficient available IP addresses in the CIDR block. EAS will create an ENI for each EAS instance in the subscription resource group, and then bind the ENI to the instance. In this way, you can access the EAS instances from your VPC network.
- Service discovery: After you deploy a service in the subscription resource group, EAS will create a certain number of EAS instances for the service. The number of EAS instances depends on the number of resources that you have requested. Unlike resource group instances, an EAS instance is considered as a service process. Each EAS instance is assigned a port of a resource group node. With the IP address of the ENI bound to an EAS instance and the node port, you can then directly access the EAS instance. Based on service discovery, EAS periodically updates the endpoints (IP:PORT) of the services. For more information, see Use direct connect.
After the resource group is connected to your VPC network, you no longer need to use a gateway to access your services from a VPC network. Requests are directly sent to the EAS instance, without load balancing at Layer 4 and gateway forwarding at Layer 7. At the same time, the RPC framework of EAS implements the HTTP stack to significantly shorten the entire connection. For services that have high queries per second (QPS), such as Image Service, this greatly improves the performance of the service and reduces the response time.
Compared with the gateway mode, the direct connect mode bypasses the Server Load Balancer (SLB) service at Layer 4 and the gateway service at Layer 7 to improve the performance of the deployed service. This means that the direct connect mode does not support load balancing and fault tolerance at the service end. The client has to implement load balancing and fault tolerance. The load balancing and retry on failures algorithms are implemented on the client. This causes more difficulties in service testing and debugging. EAS will soon provide a client SDK with the relevant configuration for you to call your services from a client.
Before using the direct connect mode, you need to grant related permissions to EAS in the console. You must specify the VSwitchId and SecurityGroupId of the VPC that you want to connect to. After you activate direct connect, ECS instances that belong to the VSwitch and security group can connect to EAS instances in the dedicated resource group.
- Click Activate direct connect on the resource group details page. You must grant the permissions for creating ENIs to PAI-EAS before you activate direct connect.
Enter the information of the VPC that you want to connect to, and click OK to activate direct connect.
In the VPC console, locate the VPC that you want to connect to, and click the VPC to go to the details page.
On the resource group details page, check the security group ID and VSwitch ID of the specified VPC. If no security group and no VSwitch exist, you must create them.
After you activate direct connect, you can use this feature for a deployed model.