Allowlists in Apache Kafka® clusters

This page explains what allowlists are and which IP address allocation methods are used to define them.

Allowlist

An allowlist consists of CIDRs and dedicated IP addresses you define as approved to access your cluster. You can also allow or block the DoubleCloud system services from accessing the data on your cluster.

If you define an allowlist, IP addresses not added to this list can't access your cluster.

IP address allocation methods

There are two main IP address allocation methods in DoubleCloud allowlists: CIDRs and single IP addresses.

• CIDR is a compact method for specifying IP addresses and their routing suffixes.

  You can express, for example, the IP address range from 192.168.0.1 to 192.168.0.255 by using a much shorter CIDR notation of 192.168.0.1/24, where 24 represents the Netmask (or the Subnet mask) 255.255.255.0.

  Keep in mind that an IPv4 address is 32 bits in size, so the Netmask value for a CIDR can be between 0 and 32.

  You can check the Netmask value with an external subnet calculator, if needed. For example, CIDR Subnet calculator .

• Single IP address allows you to add one IP address to your allowlist.

Accessible ports

You can connect to DoubleCloud Managed Service for Apache Kafka® clusters via the following ports:

• 9091 - the Native interface port, use it to connect with the clickhouse-client and other CLI tools.
• 19091 - the VPC Peering port.
• 443 - the schema registry interface port.
• 9363 - the metrics port to connect Prometheus or other third-party solutions.

All the above ports are SSL-encrypted.

See also

• Manage Apache Kafka® allowlists