Why ingress traffic to “the cloud” is free
When looking at the price lists of the major cloud vendors (GCP, AWS, Azure) you can notice that Egress traffic — traffic exiting virtual machine instances or other cloud products towards the Internet — is charged per GB while Ingress traffic — traffic coming from the Internet towards your cloud environment — is free.
People often think that the reason for this imbalance is clouds incentivizing data coming into their environments as this is a prerequisite for running other workloads in the cloud. However more likely the main reason is another one, which is apparent for many network engineers coming from ISP environments but not for other people working with public clouds.
To explain this, I want to go back to the early days of Google nearly 20 years ago. Urs Hölzle once posted Google’s first ever datacenter order form on Google+:
He also shared some details on the network circuits: While the 2Mbps circuit connecting to the servers serving google.com cost $1,200 per Mbit/s, a 15 Mbps circuit for crawling the web was much cheaper at $3,750 total. Why was that?
Probably Exodus had the same issue many content providers, datacenter providers, hosting companies, etc. had and still have. While network circuits such as T1/T3 in those days or 10 Gbps Ethernet nowadays usually (with the exception of ADSL which is mostly for consumers) have the same bandwidth in both directions, content providers typically have much more traffic flowing towards users than traffic coming in (which is mainly small requests and few file uploads). The traffic from Google’s crawler however was mostly inbound (since the crawler does small requests and gets large responses). Since most ISPs charge per bidirectional capacity used (sometimes at 95th percentile to even out short bursts), basically the capacity incoming to the facility is already there and going unused, so offering this for cheap to Google was still a good deal. Actually even offering this for free might have been a good deal to the data center provider as often with bilateral peering agreements between ISPs, bigger carriers typically only offered peering to other parties if their traffic was “balanced” under a specific traffic ratio such as 2:1, so taking on a customer with much ingress traffic would actually ease their business case for peering.
Some of these economics changed over time a bit, for example usually for Internet transit you buy full 10 Gbit/s circuits these days instead of being billed per Mbit/s and traffic ratios might not be as prevalent anymore. But the basic premise is the same: Just like content providers and hosting companies, hyperscale cloud providers have much more traffic leaving their networks than coming in, so offering ingress traffic for free doesn’t need huge investments or subsidies, but roots in the symmetric nature of circuits and how traffic has been historically billed.
So I hope this has been an entertaining history lesson and you now believe that there is a good technical reason to make ingress traffic free for the cloud providers.
Happy 20th birthday Google!