tencent cloud

PrevNext

Feedback

search by keyword

Recent Pages

Documentation
TDMQ for CKafka
    Documentation
    Download PDF

    Adding Routing Policy

    Last updated: 2024-01-09 14:47:32
    Download PDF

      Overview

      This document describes how to configure a routing rule in the CKafka console to enhance network access control in public/private network transfers. For more information on public network access, see Configuring ACL Policy.
      Route Type
      VPC
      Public Domain Name Access
      Access mode
      PLAINTEXT
      SASL_PLAINTEXT
      SASL_SSL (only supported by Pro Edition instances)
      SASL_SCRAM (only supported by instances on v2.4.1; for existing instances, submit a ticket for application)
      SASL_PLAINTEXT
      SASL_SSL (only supported by Pro Edition instances)

      Directions

      Note:
      Up to five routes can be created for an instance and there can be only one public network route.
      VPC
      Public domain name access
      Operation scenario: When purchasing an instance, if you select VPC and choose a corresponding VPC environment (such as VPC A), then CKafka services (such as data production and consumption) can only be accessed from VPC A. If you subsequently find that you need to access the CKafka services in VPC A from other VPCs (such as VPC B), you can select an appropriate routing policy for VPC by configuring the access mode.
      Suggestion: To ensure security, this access mode supports user management and ACL policy configuration to manage user access permission. Configure as appropriate.
      Directions:
      1. Log in to the CKafka console.
      2. Click Instance List on the left sidebar and then the ID/Name of your instance to enter the instance details page.
      3. On the page you enter, click Add a routing policy in the "Access Mode" module.
      4. In the pop-up window, select VPC Network as the route type and select the access mode and network.
      
      
      
      Note:
      If you select VPC access, you can specify the IP to keep it unchanged when changing the access mode.
      5. Click Submit to add the VPC network.
      6. Click View All IPs and Ports in the Operation column to view the list of IPs and ports that should be opened.
      Note:
      As broker scaling and migration will cause port changes, do not add only the current listed ports; otherwise, message read/write may become abnormal after scaling and migration. If your server is configured with security groups for access restrictions, you should open the following port ranges on the server:
      Port range that should be opened for the VPC route: 9092–60000
      Port range that should be opened for the public network route: 50000–53000
      Port range that should be opened for the supportive route: 6000–12000
      
      
      Operation scenario: If your consumer or producer is located in a self-built data center or another cloud, you can produce and consume data in CKafka through public network access.
      Suggestion: To ensure security, Kafka offers various security authentication mechanisms, which mainly fall into two categories: SSL and SASL2. SASL/PLAIN is a more commonly used authentication method based on account and password. CKafka supports SASL_PLAINTEXT and SASL_SSL authentication. We recommend that you configure the authentication method as appropriate when selecting public domain name access.
      Directions:
      1. Log in to the CKafka console.
      2. Click Instance List on the left sidebar and then the ID/Name of your instance to enter the instance details page.
      3. On the page you enter, click Add a routing policy in the "Access Mode" module.
      4. In the pop-up window, select Public domain name access as the route type and select the access mode and network.
      
      
      
      5. Click Submit to add the public network routing policy.
      6. Click View All IPs and Ports in the Operation column to view the list of IPs and ports that should be opened.
      Note:
      As broker scaling and migration will cause port changes, do not add only the current listed ports; otherwise, message read/write may become abnormal after scaling and migration. If your server is configured with security groups for access restrictions, you should open the following port ranges on the server:
      Port range that should be opened for the VPC route: 9092–60000
      Port range that should be opened for the public network route: 50000–53000
      Port range that should be opened for the supportive route: 6000–12000
      CKafka provides 3 Mbps public network bandwidth free of charge by default, which can be increased for Pro Edition instances. For detailed directions, see Public Network Bandwidth Management.
      
      
      
      Contact Us

      Contact our sales team or business advisors to help your business.

      Contact Us
      Technical Support

      Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

      Submit a Ticket
      7x24 Phone Support
      Copyright © 2013-2024 Tencent Cloud. All Rights Reserved.
      Privacy PolicyLegalCookie Policy