Create Confluent Cloud Network on Azure
Each Confluent Cloud network is a virtual network that is provisioned in your Confluent Cloud Azure account.
This network allows inbound connections from the connected network to services in Confluent Cloud. It also allows inbound connections from services in Confluent Cloud that are configured to interact with data in the Confluent Cloud network.
You can create multiple Dedicated Kafka clusters within each Confluent Cloud network.
For details on default service quotas, see Network service quotas.
Requirements and considerations
Review the following requirements and considerations when you set up a Confluent Cloud network.
Region and Availability Zones
Dedicated clusters you create in your Confluent Cloud network inherit the selected Region and Availability Zones.
Confluent Cloud network CIDR blocks for VNet peering
When you set up a Confluent Cloud network for VNet peering, the CIDR blocks you specify must meet the follow requirements.
Private Link networks allocate addresses from existing VNet subnets and do not require an additional CIDR block.
The Confluent Cloud network CIDR block must be a
/16CIDR block from one of the following private IP ranges:Private IP address range (RFC 1918):
10.0.0.0/8,172.16.0.0/12,192.168.0.0/16Shared address space (Carrier-grade NAT) (RFC 6598):
100.64.0.0/10Benchmark address space (RFC 2544):
198.18.0.0/15
Do not select CIDR blocks that overlap with the following CIDR blocks that are reserved by Confluent Cloud:
10.253.0.0/16,10.254.0.0/16,172.17.0.0/16,172.30.0.0/16,172.31.0.0/16You cannot use the above CIDRs for peering due to routing conflicts with Confluent services. For example, managed connectors cannot reach the sources or sinks in those IP ranges.
Create a Confluent Cloud network
Follow the procedure below to create a Confluent Cloud network on Azure.
You can host multiple clusters within one Confluent Cloud network`. For details on service quotas, see Networks.
In the Confluent Cloud Console, select an environment for the Confluent Cloud network.
In the Network management tab in the environment, click For dedicated clusters.
Click Add network configuration.
Select Microsoft Azure as the cloud service provider and select the geographic region in Region. Click Continue.
Select the connectivity type: Private Link or VNet Peering.
If you select VNet Peering, CIDR for Confluent Cloud Network fields will appear.
Private Link: Cluster is accessible using Private Link connections.
VNet Peering: Cluster is accessible using VNet Peering.
Complete the steps for the connectivity type you selected.
Important
After provisioning your new Confluent Cloud network, you cannot change your selected Availability Zone (AZ) IDs or CIDR block size.
Under DNS configuration, select the DNS resolution method.
Select Private DNS Resolution to resolve the private DNS name of the Confluent Cloud cluster to the private IP address of the cluster.
If Private DNS Resolution is not selected, the private DNS name of the Confluent Cloud cluster requires public DNS Resolution to resolve the private IP address of the cluster.
Before you select a DNS resolution option, review the details about DNS resolution in Azure Private Link in DNS resolution options.
Click Continue.
In the CIDR for Confluent Cloud Network section, specify a
/16CIDR block.For more information about the CIDR requirements, see Confluent Cloud network CIDR blocks for VNet peering above.
Click Continue.
In Network name, specify the name of the connection.
The name you choose is used to identify your network in the Confluent Cloud Console and when using the Confluent CLI. Choose a meaningful name, but consider including the connection type in the name (for example,
azure-australia-east-private-link).Review your configuration and click Add network configuration.
Here is an example REST API request:
HTTP POST request
POST https://api.confluent.cloud/networking/v1/networks
Authentication
See Authentication.
Request specification
Your REST request body specification should include the following:
display_name(optional) A meaningful name for your Confluent Cloud network.environmentid– The identifier (ID) of your Confluent Cloud environment.cloud– cloud service provider (AZURE)region– The Region where the network is located.connection_types–PEERINGorPRIVATELINKzones– An array listing the three selected Availability Zone IDs in the same Region.cidr– The CIDR block.dns_config- SetresolutiontoPRIVATEorCHASED_PRIVATE. The default value isCHASED_PRIVATE.When
resolutionisCHASED_PRIVATE, clusters in this network require both public and private DNS to resolve cluster endpoints.When
resolutionisPRIVATE, clusters in this network only require private DNS to resolve cluster endpoints.
Before you select a DNS resolution option, review the details about DNS resolution in Azure Private Link in DNS resolution options.
Here are REST specification examples in JSON format. You can use these as templates for your own specification, replacing your unique values.
{
"spec": {
"display_name": "My-NW1",
"cloud": "AZURE",
"region": "centralus",
"connection_types": [
"PEERING"
],
"cidr": "10.0.0.0/16",
"zones": [
"1",
"2",
"3"
],
"environment":{
"id":"env-abc123"
}
}
}
In the request specification, include values for cloud, region, environment, connection type, and, optionally, add the display name, CIDR, and zones for the Confluent Cloud network. Update the attributes below with the correct values.
{
"spec":{
"display_name":"Azure-PL-CCN-1",
"cloud":"AZURE",
"region":"centralus",
"connection_types":[
"PRIVATELINK"
],
"zones":[
"1",
"2",
"3"
],
"dns_config": {
"resolution": "PRIVATE"
},
"environment":{
"id":"env-abc123"
}
}
}
Use the confluent network create Confluent CLI command to create a Confluent Cloud network:
confluent network create <network-name> <flags>
The following command-specific flags are supported:
--cloud: Required. Set toazure.--region: Required. Cloud region ID for this network.--connection-types: Required. The network access type. Specify one ofprivatelink,peering, ortransitgateway.--cidr: A /16 IPv4 CIDR block. Required for networks of connection typepeeringandtransitgateway.--zones: A comma-separated list of availability zones for this network.--dns-resolution: Specify the DNS resolution asprivateorchased-private. The default value ischased-private.When
resolutionischased-private, clusters in this network require both public and private DNS to resolve cluster endpoints.When
resolutionisprivate, clusters in this network only require private DNS to resolve cluster endpoints.
Before you select a DNS resolution option, review the details about DNS resolution in Azure PrivateLink in DNS resolution options.
You can specify additional optional CLI flags described in the Confluent CLI command reference, such as --environment.
The following are example Confluent CLI commands:
confluent network create my_azure_peering --cloud azure \
--region eastus2 \
--connection-types peering \
--cidr 10.1.0.0/16
confluent network create my_azure_pl --cloud azure \
--region eastus2 \
--connection-types privatelink \
--dns-resolution chased_private
Use the confluent_network Confluent Terraform Provider resource to create a Confluent Cloud network.
An example snippet of Terraform configuration for Confluent Cloud network of the Peering type:
resource "confluent_environment" "development" {
display_name = "Development"
lifecycle {
prevent_destroy = true
}
}
resource "confluent_network" "azure-peering" {
display_name = "Azure Peering Network"
cloud = "AZURE"
region = "eastus2"
cidr = "10.10.0.0/16"
connection_types = ["PEERING"]
environment {
id = confluent_environment.development.id
}
lifecycle {
prevent_destroy = true
}
}
Typically, it takes up to 15 to 20 minutes to create a Confluent Cloud network.
Next steps
- After successfully provisioning the Confluent Cloud network on Azure, you can
add Dedicated Kafka clusters within your Confluent Cloud network.