Allow lists in Apache Kafka® clusters
An allow list consists of CIDRs and dedicated IP addresses you define as approved to access your cluster. You can also allow or block the DoubleCloud system services from accessing the data on your cluster.
If you define an allow list, IP addresses not added to this list can't access your cluster.
IP address allocation methods
There are two main IP address allocation methods in DoubleCloud allow lists: CIDRs and single IP addresses.
CIDR is a compact method for specifying IP addresses and their routing suffixes.
You can express, for example, the IP address range from
192.168.0.255by using a much shorter CIDR notation of
24represents the Netmask (or the Subnet mask)
Keep in mind that an IPv4 address is 32 bits in size, so the
Netmaskvalue for a CIDR can be between
You can check the
Netmaskvalue with an external subnet calculator, if needed. For example, CIDR Subnet calculator
Single IP address allows you to add one IP address to your allow list.
You can connect to DoubleCloud Managed Service for Apache Kafka® clusters via the following ports:
9091- the Native interface port, use it to connect with the clickhouse-client
19091- the VPC Peering port.
443- the schema registry interface port.
9363- the metrics port to connect Prometheus or other third-party solutions.
All the above ports are SSL-encrypted.