vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/dms/umn/kafka-dnat.html
Chen, Junjie 1588318a68 DMS UMN 20240723 version 
Reviewed-by: Antonova, Ekaterina <ekantono@noreply.gitea.eco.tsi-dev.otc-service.com>
Co-authored-by: Chen, Junjie <chenjunjie@huawei.com>
Co-committed-by: Chen, Junjie <chenjunjie@huawei.com>
2024-08-14 12:31:58 +00:00

42 lines
12 KiB
HTML
Raw Permalink Blame History

<a name="kafka-dnat"></a><a name="kafka-dnat"></a>
<h1 class="topictitle1">Accessing Kafka in a Public Network Using DNAT</h1>
<div id="body0000001281228876"><p id="kafka-dnat__p19683172804311">Enable public access in either of the following ways:</p>
<ul id="kafka-dnat__ul348793544318"><li id="kafka-dnat__li9674183914311">On the Kafka console, access Kafka instances using EIPs. For details, see <a href="kafka-ug-0319001.html">Configuring Kafka Public Access</a>.</li><li id="kafka-dnat__li94871335104318">Configure port mapping from EIPs to specified instance ports using destination NAT (DNAT).</li></ul>
<p id="kafka-dnat__p152752135016">This section describes how to access Kafka over a public network using DNAT.</p>
<div class="section" id="kafka-dnat__section10453192819399"><h4 class="sectiontitle">Prerequisites</h4><p id="kafka-dnat__p1031515311514">You have created EIPs. The number of EIPs is the same as the number of brokers in the Kafka instance. For details about how to create an EIP, see <a href="https://docs.otc.t-systems.com/en-us/usermanual/eip/eip_0002.html" target="_blank" rel="noopener noreferrer">Assigning an EIP</a>.</p>
</div>
<div class="section" id="kafka-dnat__section124115445717"><h4 class="sectiontitle">Step 1: Obtain Information About the Kafka Instance</h4><ol id="kafka-dnat__ol667514716913"><li id="kafka-dnat__li10427115412419"><span>Log in to the console.</span></li><li id="kafka-dnat__li14905725134512"><span>Click <span><img id="kafka-dnat__image1337542211106" src="en-us_image_0143929918.png"></span> in the upper left corner to select a region.</span><p><div class="note" id="kafka-dnat__note596412409275"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="kafka-dnat__p11964174020277">Select the region where your Kafka instance is located.</p>
</div></div>
</p></li><li id="kafka-dnat__li296363971814"><span>Click <strong id="kafka-dnat__b112249313195654">Service List</strong> and choose <strong id="kafka-dnat__b80900414195654">Application</strong> &gt; <strong id="kafka-dnat__b79452334595654">Distributed Message Service</strong>. The Kafka instance list is displayed.</span></li><li id="kafka-dnat__li1933311013310"><span>Click the desired Kafka instance to view its details.</span></li><li id="kafka-dnat__li122701357121013"><a name="kafka-dnat__li122701357121013"></a><a name="li122701357121013"></a><span>In the <strong id="kafka-dnat__b115501449105610">Connection</strong> area on the <strong id="kafka-dnat__b1590151577">Basic Information</strong> tab page, view and record the private network access addresses of the Kafka instance. In the <strong id="kafka-dnat__b1694527155816">Network</strong> area, view and record the VPC and subnet where the Kafka instance is located.</span><p><div class="fignone" id="kafka-dnat__fig151109411894"><span class="figcap"><b>Figure 1 </b>Kafka instance information</span><br><span><img id="kafka-dnat__image17455915189" src="en-us_image_0000001803492553.png"></span></div>
</p></li></ol>
</div>
<div class="section" id="kafka-dnat__section1978616273411"><h4 class="sectiontitle">Step 2: Create a Public NAT Gateway</h4><ol id="kafka-dnat__ol3501123519425"><li id="kafka-dnat__li1957691705312"><span>Click <strong id="kafka-dnat__b122081736155919">Service List</strong> and choose <strong id="kafka-dnat__b193951538165913">Network</strong> &gt; <strong id="kafka-dnat__b927844065913">NAT Gateway</strong>.</span></li><li id="kafka-dnat__li28081940204316"><span>Click <strong id="kafka-dnat__b1721018511592">Create Public NAT Gateway</strong>.</span></li><li id="kafka-dnat__li16120183014016"><span>Set the following parameters:</span><p><ul id="kafka-dnat__ul1635420195413"><li id="kafka-dnat__li17354619749"><strong id="kafka-dnat__b16088560271412">Region</strong>: Select the region that the Kafka instance is in.</li><li id="kafka-dnat__li119702211761"><strong id="kafka-dnat__b16495154642716">Name</strong>: Enter a name for the public NAT gateway.</li><li id="kafka-dnat__li1993217546714"><strong id="kafka-dnat__b13966656102720">VPC</strong>: Select the VPC recorded in <a href="#kafka-dnat__li122701357121013">5</a>.</li><li id="kafka-dnat__li11533071682"><strong id="kafka-dnat__b13833177132817">Subnet</strong>: Select the subnet recorded in <a href="#kafka-dnat__li122701357121013">5</a>.</li></ul>
<p id="kafka-dnat__p1023995318102">Set other parameters as required. For details, see <a href="https://docs.otc.t-systems.com/usermanual/nat/en-us_topic_0150270259.html" target="_blank" rel="noopener noreferrer">Creating a NAT Gateway</a>.</p>
<div class="fignone" id="kafka-dnat__fig832016220120"><span class="figcap"><b>Figure 2 </b>Create Public NAT Gateway</span><br><span><img id="kafka-dnat__image1426533411714" src="en-us_image_0000001614245881.png"></span></div>
</p></li><li id="kafka-dnat__li15281715845"><span>Click <strong id="kafka-dnat__b18741625132111">Create Now</strong>.</span></li><li id="kafka-dnat__li699419581479"><span>Confirm the specifications and click <strong id="kafka-dnat__b69821848111411">Submit</strong>.</span></li></ol>
</div>
<div class="section" id="kafka-dnat__section186861319121618"><h4 class="sectiontitle">Step 3: Add a DNAT Rule</h4><ol id="kafka-dnat__ol1612118951817"><li id="kafka-dnat__li1712118913187"><span>On <strong id="kafka-dnat__b154727291276">Public NAT Gateways</strong> page, locate the row containing the newly created public NAT gateway and click <strong id="kafka-dnat__b1613814557228">Add Rule</strong> in the <strong id="kafka-dnat__b6473429371">Operation</strong> column.</span></li><li id="kafka-dnat__li2872030202015"><a name="kafka-dnat__li2872030202015"></a><a name="li2872030202015"></a><span>On the <strong id="kafka-dnat__b6288832203115">DNAT Rules</strong> tab page, click <strong id="kafka-dnat__b19842151993113">Add DNAT Rule</strong>.</span><p><div class="fignone" id="kafka-dnat__fig17184141691412"><span class="figcap"><b>Figure 3 </b>Public NAT gateway details</span><br><span><img id="kafka-dnat__image325610412282" src="en-us_image_0000001614425289.png"></span></div>
</p></li><li id="kafka-dnat__li16346843112118"><span>Set the following parameters:</span><p><ul id="kafka-dnat__ul2475183117593"><li id="kafka-dnat__li24751631165919"><strong id="kafka-dnat__b82036753217">Scenario</strong>: Select <strong id="kafka-dnat__b95721411133220">VPC</strong>.</li><li id="kafka-dnat__li768202018196"><strong id="kafka-dnat__b1586721513218">Port Type</strong>: Select <strong id="kafka-dnat__b1267951783218">Specific port</strong>.</li><li id="kafka-dnat__li19509716152312"><strong id="kafka-dnat__b613125163217">Protocol</strong>: Select <strong id="kafka-dnat__b15211726163215">TCP</strong>.</li><li id="kafka-dnat__li35257372235"><strong id="kafka-dnat__b185695211211">EIP</strong>: Select an EIP.</li><li id="kafka-dnat__li13521754152316"><strong id="kafka-dnat__b11616174873210">Outside Port</strong>: Enter <strong id="kafka-dnat__b436912525327">9011</strong>.</li><li id="kafka-dnat__li20191155932310"><strong id="kafka-dnat__b279165983215">Instance Type</strong>: Select <strong id="kafka-dnat__b1785210133320">Custom</strong>.</li><li id="kafka-dnat__li1925451814278"><strong id="kafka-dnat__b865617910334">Private IP Address</strong>: Enter one of the private network addresses of the Kafka instance recorded in <a href="#kafka-dnat__li122701357121013">5</a>.</li><li id="kafka-dnat__li615632902718"><strong id="kafka-dnat__b142331632193317">Inside Port</strong>: Enter <strong id="kafka-dnat__b122341932113312">9011</strong>.</li></ul>
<p id="kafka-dnat__p836472133418">For details about more parameters, see <a href="https://docs.otc.t-systems.com/usermanual/nat/en-us_topic_0127489530.html" target="_blank" rel="noopener noreferrer">Adding a DNAT Rule</a>.</p>
<div class="fignone" id="kafka-dnat__fig1340233643915"><span class="figcap"><b>Figure 4 </b>Adding a DNAT rule</span><br><span><img id="kafka-dnat__image1912615243716" src="en-us_image_0000001563854478.png"></span></div>
</p></li><li id="kafka-dnat__li295532675915"><a name="kafka-dnat__li295532675915"></a><a name="li295532675915"></a><span>Click <strong id="kafka-dnat__b205004455341">OK</strong>.</span><p><p id="kafka-dnat__p52311272280">View the DNAT rule status in the DNAT rule list. If <strong id="kafka-dnat__b0491122843520">Status</strong> is <strong id="kafka-dnat__b131571232353">Running</strong>, the rule has been added successfully.</p>
</p></li><li id="kafka-dnat__li183907943516"><span>Create DNAT rules for other private network addresses of the Kafka instance recorded in <a href="#kafka-dnat__li122701357121013">5</a>. <strong id="kafka-dnat__b1172611241982">Configure a unique EIP for each DNAT rule.</strong></span><p><p id="kafka-dnat__p1944471016354">For details about how to create a DNAT rule, see <a href="#kafka-dnat__li2872030202015">2</a> to <a href="#kafka-dnat__li295532675915">4</a>.</p>
</p></li><li id="kafka-dnat__li1062193864112"><a name="kafka-dnat__li1062193864112"></a><a name="li1062193864112"></a><span>After all DNAT rules are created, click the <strong id="kafka-dnat__b31657489369">DNAT Rules</strong> tab to view the created DNAT rules and record the EIPs corresponding to the private IP addresses.</span></li></ol>
</div>
<div class="section" id="kafka-dnat__section1937716142915"><h4 class="sectiontitle">Step 4: Map EIPs to the Port 9011 of Private IP Addresses</h4><ol id="kafka-dnat__ol194925410487"><li id="kafka-dnat__li5884135811429"><span>Click <strong id="kafka-dnat__b6016345795654">Service List</strong> and choose <strong id="kafka-dnat__b88010161395654">Application</strong> &gt; <strong id="kafka-dnat__b17632873995654">Distributed Message Service</strong>. The Kafka instance list is displayed.</span></li><li id="kafka-dnat__li742112394811"><span>Click the desired Kafka instance to view its details.</span></li><li id="kafka-dnat__li319117501325"><span>In the <strong id="kafka-dnat__b12591145315012">Advanced Settings</strong> section on the <strong id="kafka-dnat__b165917531009">Basic Information</strong> tab page, click <strong id="kafka-dnat__b8591353202">Modify</strong> next to <strong id="kafka-dnat__b75911653803">Cross-VPC Access</strong>.</span></li><li id="kafka-dnat__li11450213708"><span>Change the values of <strong id="kafka-dnat__b828373793819">advertised.listeners IP Address/Domain Name</strong> to the EIPs in the DNAT rules. Ensure that the mapping between the private network addresses and the EIPs is consistent with that recorded in <a href="#kafka-dnat__li1062193864112">6</a>. Then click <strong id="kafka-dnat__b7580159203815">Save</strong>.</span><p><div class="fignone" id="kafka-dnat__fig15689320154314"><a name="kafka-dnat__fig15689320154314"></a><a name="fig15689320154314"></a><span class="figcap"><b>Figure 5 </b>Changing the advertised.listeners IP address (for DNAT access)</span><br><span><img id="kafka-dnat__image1968919207433" src="en-us_image_0000001329138322.png"></span></div>
</p></li></ol>
</div>
<div class="section" id="kafka-dnat__section72114271643"><h4 class="sectiontitle">Step 5: Verify Connectivity</h4><p id="kafka-dnat__p2063111531619">Check whether messages can be created and retrieved by referring to <a href="kafka-ug-180604020.html">Connecting to Kafka Using the Client (Plaintext Access)</a> or <a href="kafka-ug-180801001.html">Connecting to Kafka Using the Client (Ciphertext Access)</a>.</p>
<p id="kafka-dnat__p14394610154411">Notes:</p>
<ul id="kafka-dnat__ul469613431451"><li id="kafka-dnat__li247319563436">The address for connecting to a Kafka instance is in the format of "<em id="kafka-dnat__i17826218181118">advertised.listeners IP</em><strong id="kafka-dnat__b12826418121117">:9011</strong>". For example, the addresses for connecting to the Kafka instance shown in <a href="#kafka-dnat__fig15689320154314">Figure 5</a> are <strong id="kafka-dnat__b12827141801116">100.xxx.xxx.20:9011,100.xxx.xxx.21:9011,100.xxx.xxx.23:9011</strong>.</li><li id="kafka-dnat__li14696124317455">Configure security group rules for the Kafka instance to allow inbound access over port <strong id="kafka-dnat__b4178182784120">9011</strong>.</li><li id="kafka-dnat__li924153201410">Public access must be enabled on the client connected to the Kafka instance.</li></ul>
</div>
<p id="kafka-dnat__p19205145574"></p>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="kafka-ug-0059.html">Configuring Kafka Network Connections</a></div>
</div>
</div>
View Git Blame Copy Permalink