This topic provides an overview of the network access options for Vector Retrieval Service for Milvus and describes how to configure them to ensure a secure and efficient network environment.
Access types
Milvus supports two primary ways to access your instances:
VPC access: Allows you to connect to your Milvus instance from within the same Virtual Private Cloud (VPC) or from other peered VPCs. This is the default and recommended method for secure, low-latency connections.
ImportantEndpoint: When you create an instance, the system automatically provisions an internal endpoint within your selected VPC. The endpoint name follows the format:
<yourInstanceName>-milvus-vpce. Do not delete this endpoint, as doing so will permanently disrupt access to your Milvus instance.Security: Access is controlled by a security group. You can manage its inbound rules from the instance's Details page or the endpoint's details page to allow traffic from specific sources within your VPC.
Public access: Allows you to connect to your Milvus instance from the internet. This option is disabled by default and requires explicit configuration.
ImportantWhitelist: When public access is enabled, you must configure an IP whitelist to control which IP addresses can connect to your instance. You can configure an IP whitelist on the Security Configuration page to restrict access to trusted IP addresses or CIDR blocks.
VPC accessibility: Even with public access enabled, the instance remains accessible from within its VPC.
Enable public access
By default, new Milvus instances are only accessible via their internal endpoints. If you need to connect from the internet, follow these steps to enable public access for the Proxy and Attu components.
The Proxy (port 19530) and Attu (port 3000) share the same public endpoint and security settings.
Navigate to the Security Configuration page for your target instance and click Enable Public Access.
Enter the public IP address of the current server or an IP address range in CIDR format.
To find your server's public IP address, visit myip.ipip.net.
Separate multiple entries with commas (
,).Ensure CIDR blocks are in the correct format, such as
x.x.x.0/24.
ImportantFor consistent connectivity, avoid using proxies or VPNs when connecting, as your source IP may change.
Click OK.
View endpoints
You can find the internal and public endpoints for your instance on the Security Configuration page.
Internal endpoint:
Proxy:
{{clusterId}}-internal.milvus.aliyuncs.com:19530Attu:
{{clusterId}}-internal.milvus.aliyuncs.com:3000
Public endpoint:
Proxy:
{{clusterId}}.milvus.aliyuncs.com:19530Attu:
{{clusterId}}.milvus.aliyuncs.com:3000
Replace {{clusterId}} with your actual Milvus instance ID.
Configure network security
You can restrict access to your Milvus instance using security groups for VPC traffic and IP whitelists for public traffic.
Control VPC access with security groups
On the Details page of the target instance, click the link next to Security Group ID.
On the Security Group Details page, select the Inbound tab, and click Add Rule.
For detailed instructions, see Add a security group rule.
Configure public access with IP whitelist
On the Security Configuration page of the target instance, click Edit next to Public Access Whitelist.
Enter the public IP address of the current server or an IP address range in CIDR format.
To find your server's public IP address, visit myip.ipip.net.
Separate multiple entries with commas (
,).Ensure CIDR blocks are in the correct format, such as
x.x.x.0/24.
ImportantFor consistent connectivity, avoid using proxies or VPNs when connecting, as your source IP may change.
Click OK.