Kafka Network Connection Conditions
A client can connect to a Kafka instance over a public or private network. Notes before using a private network:
- By default, a client and a Kafka instance are interconnected when they are deployed in a VPC.
- If they are not, you need to interconnect them because of isolation among VPCs.
Table 1 lists how to access a Kafka instance on a client.
Mode |
How To Do |
Reference |
---|---|---|
Public access |
|
|
Configure port mapping using DNAT. The client can connect to the Kafka instance in a public network. |
||
Private access |
A client and a Kafka instance are interconnected when they are deployed in a VPC. |
- |
When a client and a Kafka instance are deployed in different VPCs of the same region, connect the client and the Kafka instance across VPCs using a VPC endpoint. |
||
When a client and a Kafka instance are deployed in different VPCs of the same region, interconnect two VPCs using a VPC peering connection. |
Before accessing a Kafka instance on a client, configure the following rules in the security group of the instance.
After a security group is created, its default inbound rule allows communication among ECSs within the security group and its default outbound rule allows all outbound traffic. In this case, you can access a Kafka instance within a VPC, and do not need to add rules according to Table 2.
Direction |
Protocol |
Type |
Port |
Source |
Description |
---|---|---|---|---|---|
Inbound |
TCP |
IPv4 |
9094 |
IP address or IP address group of the Kafka client |
Accessing a Kafka instance over a public network (in plaintext) |
Inbound |
TCP |
IPv4 |
9092 |
IP address or IP address group of the Kafka client |
|
Inbound |
TCP |
IPv6 |
9192 |
IP address or IP address group of the Kafka client |
Accessing a Kafka instance using IPv6 addresses (without SSL) (private or public network) |
Inbound |
TCP |
IPv4 |
9095 |
IP address or IP address group of the Kafka client |
Accessing a Kafka instance over a public network (in ciphertext) |
Inbound |
TCP |
IPv4 |
9093 |
IP address or IP address group of the Kafka client |
|
Inbound |
TCP |
IPv6 |
9193 |
IP address or IP address group of the Kafka client |
Accessing a Kafka instance using IPv6 addresses (with SSL) (private or public network) |
Inbound |
TCP |
IPv4 |
9011 |
198.19.128.0/17 |
Accessing a Kafka instance using a VPC endpoint across VPCs (in cipher- or plaintext) |
Inbound |
TCP |
IPv4 |
9011 |
IP address or IP address group of the Kafka client |
Accessing a Kafka instance using DNAT (in cipher- or plaintext) |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot