Using VPC Peering (AWS)

For an overview on VPC Peering see the AWS VPC Peering Guide. Instaclustr supports VPC peering as a mechanism for connecting directly to your Instaclustr managed cluster. VPC Peering allows you to access your cluster via private IP and makes for a much more secure network setup.

Note: If you only intend to connect to your cluster from a peered VPC, then choose Use private IP addresses for node discovery under Cassandra Options when you create a new cluster. If you're peering to an existing cluster, contact support to change the nodes' broadcast address. If you intend to connect from both the peered VPC and other sources then see this blog post to understand your options (https://www.instaclustr.com/apache-cassandra-deployed-on-private-and-public-networks/).

1. Once your cluster has been provisioned you can create a VPC Peering request through the Instaclustr dashboard. Click Cluster Settings from the Manage Cluster menu.

01_pix.png

2. Once you are on the Cluster Settings page, click the VPC Peering Settings button.

02_pix.png 

3. Fill in the required information on the VPC Peering Connections and click Submit VPC Peering Request.

03.png

Once you have submitted the peering request, you will need to login to your AWS console to accept the request and add a route in your VPC to our VPC.

Note: You will need to explicitly assign the route you created to the subnet of the instances that need to access the peering connection. You can do this by:

  • Checking the instance details to find its subnet
  • Copying the subnet ID
  • Navigating to the VPC section and filtering the Subnets for the copied ID
  • Click on the "Route Table" tab and change the assigned route table to the new route table

vpc-peering-route-table.png

Once the new route table has been assigned to your subnet, the "Main" column will change to "Yes".

We automatically generate the routes within our VPC to ensure traffic is routed correctly to your VPC. Once you have accepted the peering request, the VPC peering connection will show up as active in your Instaclustr dashboard. 

4. Once you have accepted the peering request, the VPC Peering Settings page will show the peering connection as active.

active_status.png

Note: To test the peering succeeded, you may try netcat or telnet. Port 9042 is the exposed port for CQL:

nc -z <node_private_address> 9042; echo $?

  • A result of 0 indicates success

telnet <node_private_address> 9042

  • A telnet prompt indicates success, enter quit to close the connection.
The same test can be run using port 7077 to test Spark connectivity.
Last updated:
If you have questions regarding this article, feel free to add it to the comments below.

0 Comments

Please sign in to leave a comment.