Kafka Network Connection Conditions
A client can connect to a Kafka instance over a public or private network. Notes before using a private network:
- By default, a client and a Kafka instance are interconnected when they are deployed in a VPC.
- If they are not, you need to interconnect them because of isolation among VPCs.
Table 1 lists how to access a Kafka instance on a client.
Mode |
How To Do |
Reference |
---|---|---|
Public access |
Enable public access on the Kafka console and configure elastic IPs (EIPs). A client can connect to the Kafka instance through the EIPs. |
|
Configure port mapping using DNAT. The client can connect to the Kafka instance in a public network. |
||
Private access |
A client and a Kafka instance are interconnected when they are deployed in a VPC. |
- |
When a client and a Kafka instance are deployed in different VPCs of the same region, connect the client and the Kafka instance across VPCs using a VPC endpoint. |
||
When a client and a Kafka instance are deployed in different VPCs of the same region, interconnect two VPCs using a VPC peering connection. |
Before accessing a Kafka instance on a client, configure the following rules in the security group of the instance.
After a security group is created, its default inbound rule allows communication among ECSs within the security group and its default outbound rule allows all outbound traffic. In this case, you can access a Kafka instance within a VPC, and do not need to add rules according to Table 2.
Direction |
Protocol |
Type |
Port |
Source |
Description |
---|---|---|---|---|---|
Inbound |
TCP |
IPv4 |
9094 |
IP address or IP address group of the Kafka client |
Accessing a Kafka instance over a public network (without SSL) |
Inbound |
TCP |
IPv4 |
9092 |
IP address or IP address group of the Kafka client |
|
Inbound |
TCP |
IPv4 |
9095 |
IP address or IP address group of the Kafka client |
Accessing a Kafka instance over a public network (with SSL) |
Inbound |
TCP |
IPv4 |
9093 |
IP address or IP address group of the Kafka client |
|
Inbound |
TCP |
IPv4 |
9011 |
198.19.128.0/17 |
Accessing a Kafka instance using a VPC endpoint across VPCs (with or without SSL) |
Inbound |
TCP |
IPv4 |
9011 |
IP address or IP address group of the Kafka client |
Accessing a Kafka instance using DNAT (with or without SSL) |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.