Call Kalix from Play in us-east1

Hi, I have a Play service deployed on us-east1 Cloud Run. And a Kalix service in us-east1 too.

Is it possible to call Kalix from Play by staying within the data center? Making the call over the internet when both instances are in us-east1 seems redundant (and slow).


First thing’s first - even if you could access Kalix using a private IP address, that doesn’t mean traffic is staying in the one data center. Kalix deployments are regional. Depending on the region, and the zones in use, this means the same service may be deployed and running across entirely separate (but geographically close) data centers. Even within a zone, when an organization deploys something to a zone, it will be assigned a cluster that lives in a single data center, but when a different organization deploys something to the same zone, it may be assigned a cluster in a different data center. So, just because you’ve deployed your Cloud Run service to us-east1, does not mean that it is deployed to the same data center as your Kalix service running in us-east1, because us-east1 likely consists of many data centers (Google doesn’t publish information about it’s actual physical layout, but given the size of us-east1, I can’t imagine that it would all fit in one data center).

To answer your question, which I’m going to interpret as “can I invoke the Kalix service using a private IP address from the VPC that my Play app is deployed in”, we do support that if you purchase a dedicated cluster from us (that is, a Kalix region that we have provisioned specifically for you). In that case, we can set up VPC peering. This is not available with our standard pay-as-you-go plans, it’s for large enterprises (and costs accordingly). But the reason for doing that has nothing to do with performance, it’s to do with security. Many large enterpises want to keep all their traffic private, they don’t want to expose their services to the internet, even with mTLS.

I could be wrong, but I don’t think, when you invoke a regional public IP address from inside that region, that it’s any slower than invoking a regional private IP address from inside that region. It’s not like Google is going to send that traffic out to its upstream internet provider, who will bounce it back. It’s not going “over the internet” as you say. It will stay in Google infrastructure, if it can - of course, if the region consists of multiple data centers, then there is a good chance it will go out of the datacenter as I explained before, but that’s going to happen regardless of whether you’re using a public or private address.

Understood, thank you @jroper . I toyed a bit with a Google project and understood better what they do and what you’ve described.

I was used with the 2 data centers (one east, one west) of my previous employer. I didn’t imagine Google is so much larger :smiley: