Use VNet Peering (Azure AZ) to Connect to Apache Cassandra
Table of Contents
Setting up VNet Peering
VNet Peering is a method for routing traffic between two virtual networks privately. For an overview on VNet Peering see the Azure Manage VNet Peering page. Instaclustr supports VNet peering as a mechanism for connecting directly to your Instaclustr managed cluster, from your own client VNet. VNet Peering allows you to access your cluster via private IP and makes for a much more secure network setup.
Note: VNet Peering is only supported when running in your own Azure account, customers interested in setting this up should contact Instaclustr Support.
Note: If you only intend to connect to your cluster from a peered VNet, then make sure to enable Use private IPs to broadcast for auto-discovery under Cassandra Setup when you create a new cluster, or create a private network cluster. If you’re peering into an existing public ip cluster, contact support to change the nodes’ broadcast address over to private ip. If you intend to connect from both the peered VNet and other sources then you can refer to our support article to understand your options.
- Once your cluster has been provisioned, you can create a VNet Peering request through the Instaclustr console. Navigate to the Azure VNet Peering tab of your cluster and then click on Add New VNet Connection.
- Fill in the required information on the VNet Peering Connections and click the Submit Virtual Network Peering Request button.
- The peering request is then submitted. If the cluster and the VNet
are both on the same subscription, then the request will automatically be accepted. The peering connection will appear as a new entry in a table with a status of Active.
Note: To test the peering, you may try netcat or telnet. Port 9042 is the exposed port for CQL:
nc -z <node_private_address> 9042; echo $?
A result of 0 indicates success.
telnet <node_private_address> 9042
A telnet prompt indicates success, enter quit to close the connection. The same test can be run using port 7077 to test Spark connectivity.
Troubleshooting
A duplicate request for this VNet Peering Connection already exists.
This indicates that an existing peering request for this Account, VNet and network combination already exists. Check the Peering Connection table at the bottom of the page to verify.
If you still cannot connect to the cluster via your Peered VNet connection, confirm that you have accepted the peering request, through the Azure Console.
Peering Request status is “Failed”
The most common causes of a failed peering request are:
- The name of the resource group or the subscription ID of the peering VNet are incorrect
- The CIDR ranges of the two VNets overlap
For example, your cluster network is 10.0.0.0/16 and you are trying to peer it with a VNet in the range 10.0.0.0/18. Because Azure will need to route traffic for 10.0.0.0/18 to the peered VNet, the overlap will conflict with addresses in the cluster network and is therefore rejected.
Further details are available on the Microsoft website.