vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/dms/umn/kafka-dnat.html
Chen, Junjie dd8a3a658b DMS UMN Initial Version 
Reviewed-by: Hasko, Vladimir <vladimir.hasko@t-systems.com>
Co-authored-by: Chen, Junjie <chenjunjie@huawei.com>
Co-committed-by: Chen, Junjie <chenjunjie@huawei.com>
2022-12-08 00:33:11 +00:00

37 lines
11 KiB
HTML
Raw Permalink Blame History

<a name="kafka-dnat"></a><a name="kafka-dnat"></a>
<h1 class="topictitle1">Using DNAT to Access a Kafka Instance</h1>
<div id="body0000001281228876"><div class="section" id="kafka-dnat__section185011081712"><h4 class="sectiontitle">Scenario</h4><p id="kafka-dnat__p6619128711">You can use destination NAT (DNAT) to access a Kafka instance so that the instance can provide services on the public network through port mapping.</p>
</div>
<div class="section" id="kafka-dnat__section10453192819399"><h4 class="sectiontitle">Prerequisites</h4><p id="kafka-dnat__p563023215393">You have created EIPs. The number of EIPs is the same as the number of brokers in the Kafka instance.</p>
</div>
<div class="section" id="kafka-dnat__section124115445717"><h4 class="sectiontitle">Step 1: Obtain Information About the Kafka Instance</h4><ol id="kafka-dnat__ol667514716913"><li id="kafka-dnat__li10427115412419"><span>Log in to the management console.</span></li><li id="kafka-dnat__li14905725134512"><span>Click <span><img id="kafka-dnat__image1337542211106" src="en-us_image_0143929918.png"></span> in the upper left corner to select a region.</span><p><div class="note" id="kafka-dnat__note596412409275"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="kafka-dnat__p11964174020277">Select the region where your Kafka instance is located.</p>
</div></div>
</p></li><li id="kafka-dnat__li296363971814"><span>Click <strong id="kafka-dnat__b112249313195654">Service List</strong> and choose <strong id="kafka-dnat__b80900414195654">Application</strong> &gt; <strong id="kafka-dnat__b79452334595654">Distributed Message Service</strong>. The Kafka instance list is displayed.</span></li><li id="kafka-dnat__li1933311013310"><span>Click the desired Kafka instance to view the instance details.</span></li><li id="kafka-dnat__li122701357121013"><a name="kafka-dnat__li122701357121013"></a><a name="li122701357121013"></a><span>In the <strong id="kafka-dnat__b115501449105610">Connection</strong> area on the <strong id="kafka-dnat__b1590151577">Basic Information</strong> tab page, view and record the private network access addresses of the Kafka instance. In the <strong id="kafka-dnat__b1694527155816">Network</strong> area, view and record the VPC and subnet where the Kafka instance is located.</span></li></ol>
</div>
<div class="section" id="kafka-dnat__section1978616273411"><h4 class="sectiontitle">Step 2: Create a Public NAT Gateway</h4><ol id="kafka-dnat__ol3501123519425"><li id="kafka-dnat__li1957691705312"><span>Click <strong id="kafka-dnat__b122081736155919">Service List</strong> and choose <strong id="kafka-dnat__b193951538165913">Network</strong> &gt; <strong id="kafka-dnat__b927844065913">NAT Gateway</strong>.</span></li><li id="kafka-dnat__li28081940204316"><span>Click <strong id="kafka-dnat__b1721018511592">Create Public NAT Gateway</strong>.</span></li><li id="kafka-dnat__li16120183014016"><span>Set the following parameters:</span><p><ul id="kafka-dnat__ul1635420195413"><li id="kafka-dnat__li17354619749"><strong id="kafka-dnat__b16088560271412">Region</strong>: Select the region that the Kafka instance is in.</li><li id="kafka-dnat__li119702211761"><strong id="kafka-dnat__b16495154642716">Name</strong>: Enter a name for the public NAT gateway.</li><li id="kafka-dnat__li1993217546714"><strong id="kafka-dnat__b13966656102720">VPC</strong>: Select the VPC recorded in <a href="#kafka-dnat__li122701357121013">5</a>.</li><li id="kafka-dnat__li11533071682"><strong id="kafka-dnat__b13833177132817">Subnet</strong>: Select the subnet recorded in <a href="#kafka-dnat__li122701357121013">5</a>.</li></ul>
<p id="kafka-dnat__p1023995318102">Set other parameters as required. For details, see <a href="https://docs.otc.t-systems.com/usermanual/nat/en-us_topic_0150270259.html" target="_blank" rel="noopener noreferrer">Creating a NAT Gateway</a>.</p>
</p></li><li id="kafka-dnat__li15281715845"><span>Click <strong id="kafka-dnat__b159351230131013">Create Now</strong>.</span></li><li id="kafka-dnat__li699419581479"><span>Confirm the specifications and click <strong id="kafka-dnat__b69821848111411">Submit</strong>.</span></li></ol>
</div>
<div class="section" id="kafka-dnat__section186861319121618"><h4 class="sectiontitle">Step 3: Add a DNAT Rule</h4><ol id="kafka-dnat__ol1612118951817"><li id="kafka-dnat__li1712118913187"><span>On <strong id="kafka-dnat__b11199114112304">Public NAT Gateways</strong> page, locate the row that contains the newly created public NAT gateway and click <strong id="kafka-dnat__b1047931731212">Add Rule</strong> in the <strong id="kafka-dnat__b197139570307">Operation</strong> column.</span></li><li id="kafka-dnat__li2872030202015"><a name="kafka-dnat__li2872030202015"></a><a name="li2872030202015"></a><span>On the <strong id="kafka-dnat__b6288832203115">DNAT Rules</strong> tab page, click <strong id="kafka-dnat__b19842151993113">Add DNAT Rule</strong>.</span></li><li id="kafka-dnat__li16346843112118"><span>Set the following parameters:</span><p><ul id="kafka-dnat__ul2475183117593"><li id="kafka-dnat__li24751631165919"><strong id="kafka-dnat__b82036753217">Scenario</strong>: Select <strong id="kafka-dnat__b95721411133220">VPC</strong>.</li><li id="kafka-dnat__li768202018196"><strong id="kafka-dnat__b1586721513218">Port Type</strong>: Select <strong id="kafka-dnat__b1267951783218">Specific port</strong>.</li><li id="kafka-dnat__li19509716152312"><strong id="kafka-dnat__b613125163217">Protocol</strong>: Select <strong id="kafka-dnat__b15211726163215">TCP</strong>.</li><li id="kafka-dnat__li35257372235"><strong id="kafka-dnat__b1967832920329">EIP</strong>: Select an EIP.</li><li id="kafka-dnat__li13521754152316"><strong id="kafka-dnat__b11616174873210">Outside Port</strong>: Enter <strong id="kafka-dnat__b436912525327">9011</strong>.</li><li id="kafka-dnat__li1925451814278"><strong id="kafka-dnat__b865617910334">Private IP Address</strong>: Enter one of the private network addresses of the Kafka instance recorded in <a href="#kafka-dnat__li122701357121013">5</a>.</li><li id="kafka-dnat__li615632902718"><strong id="kafka-dnat__b142331632193317">Inside Port</strong>: Enter <strong id="kafka-dnat__b122341932113312">9011</strong>.</li></ul>
<p id="kafka-dnat__p836472133418">For details about more parameters, see <a href="https://docs.otc.t-systems.com/usermanual/nat/en-us_topic_0127489530.html" target="_blank" rel="noopener noreferrer">Adding a DNAT Rule</a>.</p>
<div class="fignone" id="kafka-dnat__fig1340233643915"><span class="figcap"><b>Figure 1 </b>Adding a DNAT rule</span><br><span><img id="kafka-dnat__image440314365393" src="en-us_image_0000001427521685.png"></span></div>
</p></li><li id="kafka-dnat__li295532675915"><a name="kafka-dnat__li295532675915"></a><a name="li295532675915"></a><span>Click <strong id="kafka-dnat__b205004455341">OK</strong>.</span><p><p id="kafka-dnat__p52311272280">View the DNAT rule status in the DNAT rule list. If <strong id="kafka-dnat__b0491122843520">Status</strong> is <strong id="kafka-dnat__b131571232353">Running</strong>, the rule has been added successfully.</p>
</p></li><li id="kafka-dnat__li373210278352"><span>Repeat <a href="#kafka-dnat__li2872030202015">2</a> to <a href="#kafka-dnat__li295532675915">4</a> to create DNAT rules for other private network addresses of the Kafka instance recorded in <a href="#kafka-dnat__li122701357121013">5</a>. Each private network address corresponds to a separate EIP.</span></li><li id="kafka-dnat__li1062193864112"><a name="kafka-dnat__li1062193864112"></a><a name="li1062193864112"></a><span>After all DNAT rules are created, click the <strong id="kafka-dnat__b31657489369">DNAT Rules</strong> tab to view the created DNAT rules and record the EIPs corresponding to the private IP addresses.</span></li></ol>
</div>
<div class="section" id="kafka-dnat__section1937716142915"><h4 class="sectiontitle">Step 4: Bind EIPs on the Kafka Console</h4><ol id="kafka-dnat__ol194925410487"><li id="kafka-dnat__li5884135811429"><span>Click <strong id="kafka-dnat__b6016345795654">Service List</strong> and choose <strong id="kafka-dnat__b88010161395654">Application</strong> &gt; <strong id="kafka-dnat__b17632873995654">Distributed Message Service</strong>. The Kafka instance list is displayed.</span></li><li id="kafka-dnat__li742112394811"><span>Click the desired Kafka instance to view the instance details.</span></li><li id="kafka-dnat__li319117501325"><span>In the <strong id="kafka-dnat__b12591145315012">Advanced Settings</strong> section on the <strong id="kafka-dnat__b165917531009">Basic Information</strong> tab page, click <strong id="kafka-dnat__b8591353202">Modify</strong> next to <strong id="kafka-dnat__b75911653803">Cross-VPC Access</strong>.</span></li><li id="kafka-dnat__li11450213708"><span>Change the values of <strong id="kafka-dnat__b828373793819">advertised.listeners IP Address/Domain Name</strong> to the EIPs in the DNAT rules. Ensure that the mapping between the private network addresses and the EIPs is consistent with that recorded in <a href="#kafka-dnat__li1062193864112">6</a>. Then click <strong id="kafka-dnat__b7580159203815">Save</strong>.</span><p><div class="fignone" id="kafka-dnat__fig15689320154314"><a name="kafka-dnat__fig15689320154314"></a><a name="fig15689320154314"></a><span class="figcap"><b>Figure 2 </b>Changing the advertised.listeners IP addresses</span><br><span><img id="kafka-dnat__image1968919207433" src="en-us_image_0000001329138322.png"></span></div>
</p></li></ol>
</div>
<div class="section" id="kafka-dnat__section72114271643"><h4 class="sectiontitle">Step 5: Verify Connectivity</h4><p id="kafka-dnat__p2063111531619">Check whether messages can be created and retrieved by referring to <a href="kafka-ug-180604020.html">Accessing a Kafka Instance Without SASL</a> or <a href="kafka-ug-180801001.html">Accessing a Kafka Instance with SASL</a>.</p>
<p id="kafka-dnat__p14394610154411">Notes:</p>
<ul id="kafka-dnat__ul469613431451"><li id="kafka-dnat__li247319563436">The address for connecting to a Kafka instance is in the format of "<em id="kafka-dnat__i17826218181118">advertised.listeners IP</em><strong id="kafka-dnat__b12826418121117">:9011</strong>". For example, the addresses for connecting to the Kafka instance shown in <a href="#kafka-dnat__fig15689320154314">Figure 2</a> are <strong id="kafka-dnat__b12827141801116">100.xxx.xxx.20:9011,100.xxx.xxx.21:9011,100.xxx.xxx.23:9011</strong>.</li><li id="kafka-dnat__li14696124317455">Configure security group rules for the Kafka instance to allow inbound access over port <strong id="kafka-dnat__b4178182784120">9011</strong>.</li><li id="kafka-dnat__li924153201410">Public access must be enabled on the client connected to the Kafka instance.</li></ul>
</div>
<p id="kafka-dnat__p19205145574"></p>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="kafka-ug190605003.html">Accessing a Kafka Instance</a></div>
</div>
</div>
View Git Blame Copy Permalink