forked from docs/doc-exports
chenjunjie
190f09501c
Reviewed-by: Liudmila Denisova <ldenisov@noreply.gitea.eco.tsi-dev.otc-service.com> Co-authored-by: chenjunjie <chenjunjie@huawei.com> Co-committed-by: chenjunjie <chenjunjie@huawei.com>
115 lines
16 KiB
HTML
115 lines
16 KiB
HTML
<a name="kafka-dnat"></a><a name="kafka-dnat"></a>
|
|
|
|
<h1 class="topictitle1">Accessing Kafka in a Public Network Using DNAT</h1>
|
|
<div id="body0000001281228876"><p id="kafka-dnat__p19683172804311">Enable public access in either of the following ways:</p>
|
|
<ul id="kafka-dnat__ul348793544318"><li id="kafka-dnat__li9674183914311">On the Kafka console, access Kafka instances using EIPs. For details, see <a href="kafka-ug-0319001.html">Configuring Kafka Public Access</a>.</li><li id="kafka-dnat__li94871335104318">Configure port mapping from EIPs to specified instance ports using destination NAT (DNAT).</li></ul>
|
|
<p id="kafka-dnat__p152752135016">This section describes how to access Kafka over a public network using DNAT.</p>
|
|
<div class="section" id="kafka-dnat__section10453192819399"><h4 class="sectiontitle">Prerequisites</h4><p id="kafka-dnat__p1031515311514">You have created EIPs. The number of EIPs is the same as the number of brokers in the Kafka instance. For details about how to create an EIP, see <a href="https://docs.otc.t-systems.com/en-us/usermanual/eip/eip_0002.html" target="_blank" rel="noopener noreferrer">Assigning an EIP</a>.</p>
|
|
</div>
|
|
<div class="section" id="kafka-dnat__section124115445717"><h4 class="sectiontitle">Step 1: Obtain Information About the Kafka Instance</h4><ol id="kafka-dnat__ol667514716913"><li id="kafka-dnat__li10427115412419"><span>Log in to the console.</span></li><li id="kafka-dnat__li14905725134512"><span>Click <span><img id="kafka-dnat__image1337542211106" src="en-us_image_0143929918.png"></span> in the upper left corner to select the region where your instance is located.</span></li><li id="kafka-dnat__li296363971814"><span>Click <strong id="kafka-dnat__b112249313195654">Service List</strong> and choose <strong id="kafka-dnat__b80900414195654">Application</strong> > <strong id="kafka-dnat__b79452334595654">Distributed Message Service</strong>. The Kafka instance list is displayed.</span></li><li id="kafka-dnat__li1933311013310"><span>Click the desired instance to go to the instance details page.</span></li><li id="kafka-dnat__li122701357121013"><a name="kafka-dnat__li122701357121013"></a><a name="li122701357121013"></a><span>In the <strong id="kafka-dnat__b115501449105610">Connection</strong> area on the <strong id="kafka-dnat__b1590151577">Basic Information</strong> page, view and record the private network access addresses of the Kafka instance. In the <strong id="kafka-dnat__b1694527155816">Network</strong> area, view and record the VPC and subnet where the Kafka instance is located.</span><p><div class="fignone" id="kafka-dnat__fig151109411894"><span class="figcap"><b>Figure 1 </b>Kafka instance information</span><br><span><img id="kafka-dnat__image29782016164116" src="en-us_image_0000002029070918.png"></span></div>
|
|
</p></li></ol>
|
|
</div>
|
|
<div class="section" id="kafka-dnat__section1978616273411"><h4 class="sectiontitle">Step 2: Create a Public NAT Gateway</h4><ol id="kafka-dnat__ol3501123519425"><li id="kafka-dnat__li1957691705312"><span>Click <strong id="kafka-dnat__b122081736155919">Service List</strong> and choose <strong id="kafka-dnat__b193951538165913">Network</strong> > <strong id="kafka-dnat__b927844065913">NAT Gateway</strong>.</span></li><li id="kafka-dnat__li28081940204316"><span>Click <strong id="kafka-dnat__b1721018511592">Create Public NAT Gateway</strong>.</span></li><li id="kafka-dnat__li16120183014016"><span>Set parameters by referring to <a href="#kafka-dnat__table021473214566">Table 1</a> and other parameters as required. For details, see <a href="https://docs.otc.t-systems.com/usermanual/nat/en-us_topic_0150270259.html" target="_blank" rel="noopener noreferrer">Creating a Public NAT Gateway</a>.</span><p><div class="fignone" id="kafka-dnat__fig832016220120"><span class="figcap"><b>Figure 2 </b>Create Public NAT Gateway</span><br><span><img id="kafka-dnat__image1426533411714" src="en-us_image_0000001614245881.png"></span></div>
|
|
|
|
<div class="tablenoborder"><a name="kafka-dnat__table021473214566"></a><a name="table021473214566"></a><table cellpadding="4" cellspacing="0" summary="" id="kafka-dnat__table021473214566" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Public NAT gateway creation parameters</caption><thead align="left"><tr id="kafka-dnat__row19215232155610"><th align="left" class="cellrowborder" valign="top" width="30%" id="mcps1.3.6.2.3.2.2.2.3.1.1"><p id="kafka-dnat__p7215532105618">Parameter</p>
|
|
</th>
|
|
<th align="left" class="cellrowborder" valign="top" width="70%" id="mcps1.3.6.2.3.2.2.2.3.1.2"><p id="kafka-dnat__p421516329562">Description</p>
|
|
</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody><tr id="kafka-dnat__row9215632105616"><td class="cellrowborder" valign="top" width="30%" headers="mcps1.3.6.2.3.2.2.2.3.1.1 "><p id="kafka-dnat__p12151232185611">Region</p>
|
|
</td>
|
|
<td class="cellrowborder" valign="top" width="70%" headers="mcps1.3.6.2.3.2.2.2.3.1.2 "><p id="kafka-dnat__p921563217569">Region where the public NAT gateway is located. Select the region that the Kafka instance is in.</p>
|
|
</td>
|
|
</tr>
|
|
<tr id="kafka-dnat__row121513215565"><td class="cellrowborder" valign="top" width="30%" headers="mcps1.3.6.2.3.2.2.2.3.1.1 "><p id="kafka-dnat__p12215203285610">Name</p>
|
|
</td>
|
|
<td class="cellrowborder" valign="top" width="70%" headers="mcps1.3.6.2.3.2.2.2.3.1.2 "><p id="kafka-dnat__p20215143211561">Enter a name for the public NAT gateway. Enter up to 64 characters. Only letters, digits, underscores (_), hyphens (-), and periods (.) are allowed.</p>
|
|
</td>
|
|
</tr>
|
|
<tr id="kafka-dnat__row1121563245613"><td class="cellrowborder" valign="top" width="30%" headers="mcps1.3.6.2.3.2.2.2.3.1.1 "><p id="kafka-dnat__p17215173212564">VPC</p>
|
|
</td>
|
|
<td class="cellrowborder" valign="top" width="70%" headers="mcps1.3.6.2.3.2.2.2.3.1.2 "><p id="kafka-dnat__p92151232115613">VPC where the public NAT gateway resides. Select the VPC recorded in <a href="#kafka-dnat__li122701357121013">5</a>.</p>
|
|
</td>
|
|
</tr>
|
|
<tr id="kafka-dnat__row221513324564"><td class="cellrowborder" valign="top" width="30%" headers="mcps1.3.6.2.3.2.2.2.3.1.1 "><p id="kafka-dnat__p1321513323560">Subnet</p>
|
|
</td>
|
|
<td class="cellrowborder" valign="top" width="70%" headers="mcps1.3.6.2.3.2.2.2.3.1.2 "><p id="kafka-dnat__p321573275617">Subnet in the VPC where the public NAT gateway resides. Select the subnet recorded in <a href="#kafka-dnat__li122701357121013">5</a>.</p>
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
</p></li><li id="kafka-dnat__li15281715845"><span>Click <strong id="kafka-dnat__b18741625132111">Create Now</strong>.</span></li><li id="kafka-dnat__li699419581479"><span>Confirm the specifications and click <strong id="kafka-dnat__b69821848111411">Submit</strong>.</span></li></ol>
|
|
</div>
|
|
<div class="section" id="kafka-dnat__section186861319121618"><h4 class="sectiontitle">Step 3: Add a DNAT Rule</h4><ol id="kafka-dnat__ol1612118951817"><li id="kafka-dnat__li1712118913187"><span>On <strong id="kafka-dnat__b154727291276">Public NAT Gateways</strong> page, locate the row containing the newly created public NAT gateway and click <strong id="kafka-dnat__b1613814557228">Add Rule</strong> in the <strong id="kafka-dnat__b6473429371">Operation</strong> column.</span></li><li id="kafka-dnat__li2872030202015"><a name="kafka-dnat__li2872030202015"></a><a name="li2872030202015"></a><span>On the <strong id="kafka-dnat__b6288832203115">DNAT Rules</strong> tab page, click <strong id="kafka-dnat__b19842151993113">Add DNAT Rule</strong>.</span><p><div class="fignone" id="kafka-dnat__fig17184141691412"><span class="figcap"><b>Figure 3 </b>Public NAT gateway details</span><br><span><img id="kafka-dnat__image325610412282" src="en-us_image_0000001614425289.png"></span></div>
|
|
</p></li><li id="kafka-dnat__li16346843112118"><span>Set parameters by referring to <a href="#kafka-dnat__table18913152420910">Table 2</a>. For details about more parameters, see <a href="https://docs.otc.t-systems.com/usermanual/nat/en-us_topic_0127489530.html" target="_blank" rel="noopener noreferrer">Adding a DNAT Rule</a>.</span><p><div class="fignone" id="kafka-dnat__fig1340233643915"><span class="figcap"><b>Figure 4 </b>Adding a DNAT rule</span><br><span><img id="kafka-dnat__image1912615243716" src="en-us_image_0000001563854478.png"></span></div>
|
|
|
|
<div class="tablenoborder"><a name="kafka-dnat__table18913152420910"></a><a name="table18913152420910"></a><table cellpadding="4" cellspacing="0" summary="" id="kafka-dnat__table18913152420910" frame="border" border="1" rules="all"><caption><b>Table 2 </b>Adding a DNAT rule</caption><thead align="left"><tr id="kafka-dnat__row1891314241398"><th align="left" class="cellrowborder" valign="top" width="30%" id="mcps1.3.7.2.3.2.2.2.3.1.1"><p id="kafka-dnat__p79135240912">Parameter</p>
|
|
</th>
|
|
<th align="left" class="cellrowborder" valign="top" width="70%" id="mcps1.3.7.2.3.2.2.2.3.1.2"><p id="kafka-dnat__p1791313248914">Description</p>
|
|
</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody><tr id="kafka-dnat__row1391312243910"><td class="cellrowborder" valign="top" width="30%" headers="mcps1.3.7.2.3.2.2.2.3.1.1 "><p id="kafka-dnat__p16913142412915">Scenario</p>
|
|
</td>
|
|
<td class="cellrowborder" valign="top" width="70%" headers="mcps1.3.7.2.3.2.2.2.3.1.2 "><p id="kafka-dnat__p2091310241791">Select <strong id="kafka-dnat__b1425784824715">VPC</strong>. The servers in a VPC will share an EIP to provide services accessible from the Internet through the DNAT rule.</p>
|
|
</td>
|
|
</tr>
|
|
<tr id="kafka-dnat__row1913824996"><td class="cellrowborder" valign="top" width="30%" headers="mcps1.3.7.2.3.2.2.2.3.1.1 "><p id="kafka-dnat__p39131241695">Port Type</p>
|
|
</td>
|
|
<td class="cellrowborder" valign="top" width="70%" headers="mcps1.3.7.2.3.2.2.2.3.1.2 "><p id="kafka-dnat__p1391314246911">Select <strong id="kafka-dnat__b3399750104911">Specific port</strong>. The public NAT gateway forwards requests to your servers only from the outside port and to the inside port configured here, and only if they use the right protocol.</p>
|
|
</td>
|
|
</tr>
|
|
<tr id="kafka-dnat__row10913724396"><td class="cellrowborder" valign="top" width="30%" headers="mcps1.3.7.2.3.2.2.2.3.1.1 "><p id="kafka-dnat__p991322417913">Protocol</p>
|
|
</td>
|
|
<td class="cellrowborder" valign="top" width="70%" headers="mcps1.3.7.2.3.2.2.2.3.1.2 "><p id="kafka-dnat__p1491352415910">Select <strong id="kafka-dnat__b72337144509">TCP</strong>.</p>
|
|
</td>
|
|
</tr>
|
|
<tr id="kafka-dnat__row991313241793"><td class="cellrowborder" valign="top" width="30%" headers="mcps1.3.7.2.3.2.2.2.3.1.1 "><p id="kafka-dnat__p39136246914">EIP</p>
|
|
</td>
|
|
<td class="cellrowborder" valign="top" width="70%" headers="mcps1.3.7.2.3.2.2.2.3.1.2 "><p id="kafka-dnat__p891315246915">Select the created EIP.</p>
|
|
</td>
|
|
</tr>
|
|
<tr id="kafka-dnat__row17914112412915"><td class="cellrowborder" valign="top" width="30%" headers="mcps1.3.7.2.3.2.2.2.3.1.1 "><p id="kafka-dnat__p109144246917">Outside Port</p>
|
|
</td>
|
|
<td class="cellrowborder" valign="top" width="70%" headers="mcps1.3.7.2.3.2.2.2.3.1.2 "><p id="kafka-dnat__p79141247919">Enter <strong id="kafka-dnat__b32313194534">9011</strong>.</p>
|
|
</td>
|
|
</tr>
|
|
<tr id="kafka-dnat__row1891411247914"><td class="cellrowborder" valign="top" width="30%" headers="mcps1.3.7.2.3.2.2.2.3.1.1 "><p id="kafka-dnat__p119145241592">Instance Type</p>
|
|
</td>
|
|
<td class="cellrowborder" valign="top" width="70%" headers="mcps1.3.7.2.3.2.2.2.3.1.2 "><p id="kafka-dnat__p1891417240919">Instance type for providing services over external public networks. Select <strong id="kafka-dnat__b822010152566">Custom</strong>.</p>
|
|
</td>
|
|
</tr>
|
|
<tr id="kafka-dnat__row149545178122"><td class="cellrowborder" valign="top" width="30%" headers="mcps1.3.7.2.3.2.2.2.3.1.1 "><p id="kafka-dnat__p10954181751211">Private IP Address</p>
|
|
</td>
|
|
<td class="cellrowborder" valign="top" width="70%" headers="mcps1.3.7.2.3.2.2.2.3.1.2 "><p id="kafka-dnat__p17954191713121">Enter one of the private network addresses of the Kafka instance recorded in <a href="#kafka-dnat__li122701357121013">5</a>.</p>
|
|
</td>
|
|
</tr>
|
|
<tr id="kafka-dnat__row152732020131214"><td class="cellrowborder" valign="top" width="30%" headers="mcps1.3.7.2.3.2.2.2.3.1.1 "><p id="kafka-dnat__p12739206124">Inside Port</p>
|
|
</td>
|
|
<td class="cellrowborder" valign="top" width="70%" headers="mcps1.3.7.2.3.2.2.2.3.1.2 "><p id="kafka-dnat__p1527322011128">Enter <strong id="kafka-dnat__b1587012590561">9011</strong>.</p>
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
</p></li><li id="kafka-dnat__li295532675915"><a name="kafka-dnat__li295532675915"></a><a name="li295532675915"></a><span>Click <strong id="kafka-dnat__b205004455341">OK</strong>.</span><p><p id="kafka-dnat__p52311272280">View the DNAT rule status in the DNAT rule list. If <strong id="kafka-dnat__b0491122843520">Status</strong> is <strong id="kafka-dnat__b131571232353">Running</strong>, the rule has been added successfully.</p>
|
|
</p></li><li id="kafka-dnat__li183907943516"><span>Create DNAT rules for other private network addresses of the Kafka instance recorded in <a href="#kafka-dnat__li122701357121013">5</a>. <strong id="kafka-dnat__b1172611241982">Configure a unique EIP for each DNAT rule.</strong></span><p><p id="kafka-dnat__p1944471016354">For details about how to create a DNAT rule, see <a href="#kafka-dnat__li2872030202015">2</a> to <a href="#kafka-dnat__li295532675915">4</a>.</p>
|
|
</p></li><li id="kafka-dnat__li1062193864112"><a name="kafka-dnat__li1062193864112"></a><a name="li1062193864112"></a><span>After all DNAT rules are created, click the <strong id="kafka-dnat__b31657489369">DNAT Rules</strong> tab to view the created DNAT rules and record the EIPs corresponding to the private IP addresses.</span></li></ol>
|
|
</div>
|
|
<div class="section" id="kafka-dnat__section1937716142915"><h4 class="sectiontitle">Step 4: Map EIPs to the Port 9011 of Private IP Addresses</h4><ol id="kafka-dnat__ol194925410487"><li id="kafka-dnat__li5884135811429"><span>Click <strong id="kafka-dnat__b6016345795654">Service List</strong> and choose <strong id="kafka-dnat__b88010161395654">Application</strong> > <strong id="kafka-dnat__b17632873995654">Distributed Message Service</strong>. The Kafka instance list is displayed.</span></li><li id="kafka-dnat__li742112394811"><span>Click the desired Kafka instance to view its details.</span></li><li id="kafka-dnat__li319117501325"><span>In the <strong id="kafka-dnat__b12591145315012">Advanced Settings</strong> area on the <strong id="kafka-dnat__b165917531009">Basic Information</strong> page, click <strong id="kafka-dnat__b8591353202">Modify</strong>.</span></li><li id="kafka-dnat__li11450213708"><span>Change the values of <strong id="kafka-dnat__b828373793819">advertised.listeners IP Address/Domain Name</strong> to the EIPs in the DNAT rules. Ensure that the mapping between the private network addresses and the EIPs is consistent with that recorded in <a href="#kafka-dnat__li1062193864112">6</a>. Then click <strong id="kafka-dnat__b7580159203815">Save</strong>.</span><p><div class="fignone" id="kafka-dnat__fig15689320154314"><a name="kafka-dnat__fig15689320154314"></a><a name="fig15689320154314"></a><span class="figcap"><b>Figure 5 </b>Changing the advertised.listeners IP address (for DNAT access)</span><br><span><img id="kafka-dnat__image149814191477" src="en-us_image_0000002029078598.png"></span></div>
|
|
</p></li></ol>
|
|
</div>
|
|
<div class="section" id="kafka-dnat__section72114271643"><h4 class="sectiontitle">Step 5: Verify Connectivity</h4><p id="kafka-dnat__p2063111531619">Check whether messages can be created and retrieved by referring to <a href="kafka-ug-180604020.html">Connecting to Kafka Using the Client (Plaintext Access)</a> or <a href="kafka-ug-180801001.html">Connecting to Kafka Using the Client (Ciphertext Access)</a>.</p>
|
|
<p id="kafka-dnat__p14394610154411">Notes:</p>
|
|
<ul id="kafka-dnat__ul469613431451"><li id="kafka-dnat__li247319563436">The address for connecting to a Kafka instance is in the format of "<em id="kafka-dnat__i17826218181118">advertised.listeners IP</em><strong id="kafka-dnat__b12826418121117">:9011</strong>". For example, the addresses for connecting to the Kafka instance shown in <a href="#kafka-dnat__fig15689320154314">Figure 5</a> are <strong id="kafka-dnat__b12827141801116">100.xxx.xxx.20:9011,100.xxx.xxx.21:9011,100.xxx.xxx.23:9011</strong>.</li><li id="kafka-dnat__li14696124317455">Configure security group rules for the Kafka instance to allow inbound access over port <strong id="kafka-dnat__b4178182784120">9011</strong>.</li><li id="kafka-dnat__li924153201410">Public access must be enabled on the client connected to the Kafka instance.</li></ul>
|
|
</div>
|
|
</div>
|
|
<div>
|
|
<div class="familylinks">
|
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="kafka-ug-0059.html">Configuring Kafka Network Connections</a></div>
|
|
</div>
|
|
</div>
|
|
|