In some cases, event broker services may need to initiate outbound connections with external hosts that are outside of the virtual private network where they are deployed. Typically, an external host permits connections to be initiated through their firewall based on an allowed list of IP addresses.
Connections to external hosts can include these reasons:
- using REST destination points (RDPs) to deliver REST requests to a remote server, for example, for outbound RDPs by subscribing applications (consumers)
- linking to a replication mate (for disaster recovery)
- creating Dynamic Message Routing (DMR) links to another node
- creating VPN bridges made to other brokers
- spawning new connections to an LDAP database
Depending on the infrastructure of the region, you have the following alternatives:
-
For Dedicated Region and Public Region deployments, the availability of static IPs depends on the deployment type and cloud provider you choose. For more information, see Static IP Availability for Messaging Connectivity in Public Regions and Dedicated Regions. If static IPs are available, you can contact Solace to request the static IP address of the network address translation (NAT).
For Kubernetes-based deployments in Customer-Controlled Regions, customers can get the static IP address themselves their own because they own the deployment. For more information, see Using NAT with Static IP Addresses for Outbound Connections for Kubernetes-Based Deployments.
- For deployments on VM-based infrastructure in Dedicated Regions, there are some considerations to see the IP address for an event broker service, see Considerations for Viewing the IP Address for an Event Broker Service for more information. For more information about configuring a deployment to use outbound IP addresses in your Customer-Controlled Region, see (The following links direct you to a previous version of the help documentation because VM-based deployments have been deprecated)
- Using NAT with Static IP addresses for Outbound Connections for AWS
- Using NAT with Static IP addresses for Outbound Connections for Azure
Support for VM-based deployments is now deprecated and version 10.0.1 was the last event broker release that supported deployments in VM-based regions. For more details, see the Deprecated Features list.
For information about how to find the IP addresses, see Viewing the Static IP Addresses for an Event Broker Service.
Considerations for Viewing the IP Address for an Event Broker Service
The following are considerations for retrieving an IP address to use in allowed lists (whitelists) on external hosts (typical for firewalls):
- The IP addresses are available only if your deployment has been configured to support outbound connections through static IP addresses in a VM-based deployment.
- Depending on how the datacenter is configured, there may be more than one static IP address. Solace recommends that at least two IP addresses are provided for redundancy so both IP addresses must be allowed.
- If you are permitting connectivity to a number of event broker services from the same datacenter, those event broker services from the same datacenter share the same static IP addresses.
Viewing the Static IP Addresses for an Event Broker Service
Static IP addresses are visible only for VM-based deployments, which are now deprecated in Dedicated Regions and Customer-Controlled Regions.
Follow these steps to see the static IP addresses assigned to an event broker service:
- Log in to the PubSub+ Cloud Console if you have not done so yet. The URL to access the Cloud Console differs based on your authentication scheme. For more information, see
- Select Cluster Manager
from the navigation bar. - Select the event broker service you want to view.
- On the page for your service, select the Configuration tab.
The IP addresses are visible on the tab for an event broker service deployed in a VM-based deployment as shown here:
Using the specified static IP addresses listed, you (or network administrator) can configure the firewall between your host application and the internet to permit connections to be initiated from the event broker service.
Static IP addresses only appear when an event broker service connects to external hosts through the NAT gateway and those NAT gateways are provisioned with static, public IP addresses in your datacenter.