Networking, DNS, and Service Endpoints¶
Consider the following when determining the public Internet access configuration for resources that fully-managed connectors must access. For Confluent Cloud networking details, see the Cloud Networking docs.
Important
Currently, you can use static egress IP addresses on Amazon Web Services (AWS) and Google Cloud Platform (GCP) only. For details, see static egress IP addresses.
Networking¶
The following tabs provide network connectivity IP address details. Note that a Connect node runs in the same VPC/VNet as the cluster the Connect node was provisioned with. This is true for all cluster types (Basic, Standard, and Dedicated). For Confluent Cloud networking details, see the Cloud Networking docs.
The following information applies to a managed Sink or Source connector connecting to an external system using a public IP address.
| Cluster network type | Public IP address connectivity | IP range used by the connector |
|---|---|---|
| Public Endpoint (AWS and Google Cloud Platform) | Yes | Fixed set of static egress IP addresses (see static egress IP addresses) |
| Public Endpoint (Azure) | Yes | Dynamic public IP/CIDR range from the cloud provider region where the Confluent Cloud cluster is located |
| VPC Peering and Transit Gateway | Yes | Dynamic public IP/CIDR range from the cloud provider region where the Confluent Cloud cluster is located |
| Private Link | Yes | Dynamic public IP/CIDR range from the cloud provider region where the Confluent Cloud cluster is located |
The following information applies to a managed Sink or Source connector connecting to an external system using a private IP address.
| Cluster network type | Private IP address connectivity | IP range used by the connector |
|---|---|---|
| VPC Peering and Transit Gateway | Yes | Source IP address used is from the /16 CIDR range configured by the customer for the Confluent Cloud Cluster |
| Private Link | No | N/A |
| Public Endpoint | No | N/A |
Note
See the following cloud provider documentation for additional information:
DNS considerations¶
Fully qualified domain names: Some services require fully qualified domain names (FQDNs) to access the service. In order for a managed connector to access such a service, the service must use public DNS records pointing to the IP address (public or private). Private DNS zones are not supported in Confluent Cloud.
Private service endpoints: Cloud service providers offer the ability to set up private endpoints with custom or vanity DNS names for native cloud provider services. Private endpoints are only supported if the provider supports resolving the endpoints using public DNS.
Service and gateway endpoints¶
Azure service endpoints and AWS gateway endpoints provide secure and direct private connectivity to Azure and AWS services over the cloud provider network backbone using an optimized route. These endpoints are located in the Confluent Cloud VPC/Vnet.
Managed connectors and other Confluent Cloud resources access these service and gateway endpoints using private IP addresses. Managed connector network traffic is never routed over cloud provider public endpoints for the following services:
- AWS
- Amazon S3
- Amazon DynamoDB
- Azure
- Azure Blob Storage
- Azure Cosmos DB
- Azure Event Hubs
- Azure Service Bus
- Microsoft SQL Server
For Confluent Cloud networking details, see the Cloud Networking docs.