Use VPC Network Peering (GCP) to Connect to Apache Cassandra
VPC Peering is a method for routing traffic between two VPC’s privately. For an overview on VPC Peering in GCP read the GCP VPC Peering Guide. Instaclustr supports VPC peering as a mechanism for connecting directly to your Instaclustr managed cluster, from your own client VPC. VPC Peering allows you to access your cluster via private IP’s and makes for a more secure network setup.
- Once your GCP cluster has been provisioned, you can create a VPC Peering request through the Instaclustr console. Navigate to the VPC Peering tab of your cluster and then click on Add a New VPC Connection.
- Fill in the required information on the VPC Peering Connections and click the Submit VPC Peering Request button.
- If the request is successfully submitted, the Peering Connection will appear as a new entry in the table with a status of Inactive.
- In order to make the peering connection Active, you will need to login to your Google Cloud Console and create a corresponding peering connection.In order to do this click the Activate… Button and copy the gcloud CLI command.The command can be used to create the parallel peering connection from your network to the Instaclustr cluster data centre VPC network.
- Log onto your Google Cloud Account and create the corresponding peering connection by pasting the copied command on your gcloud CLI.
Alternatively, you may create the corresponding peering connection by filling in the required information in the Create VPC Peering Connection page.
- The Peering connection should now display as Active on the Instaclustr console. You should now be able to peer between the 2 networks, provided there are no firewall blocking connectivity between the 2 VPC networks. For more information on configuring firewall rules refer to the GCP documentation on Configuring firewall rules.
Note: To test the peering, you may try netcat or telnet from your application instance. Port 9042 is the exposed port for CQL for a Cassandra Cluster:
nc -z <node_private_address> 9042; echo $?
A result of 0 indicates success.
telnet <node_private_address> 9042
A telnet prompt indicates success, enter quit to close the connection. The same test can be run using port 7077 to test Spark connectivity.
A Vpc Peering Connection with the Same Name already exists
VPC Peering Connection Names need to be unique. Therefore, you would need to use a different peering connection name. If you have failed peering connection with the same name, delete the failed entries and retry.
A Vpc Peering Connection to the Same Network already exists
Only a single peering connection to another VPC Network can be established. If you have failed peering connection requests to the same network, delete the failed entries and retry.
Peering Request status is “Failed”
Peering connection may fail due to multiple reasons, and the reason for the failure may be identified by hovering over the tooltip next to the failure.
The most common cause of failed peering requests are:
- The CIDR ranges of the two VPCs overlap
For example, your cluster network is 10.0.0.0/16 and you are trying to peer it with a VPC in the range 10.0.0.0/18. Because GCP will need to route traffic for 10.0.0.0/18 to the peered VPC, the overlap will conflict with addresses in the cluster network and is therefore rejected.
- Invalid Peer Project ID
The Project ID of your Google account could not be found, as you may have entered an incorrect project ID.
Further details are available in the GCP documentation.