Create Confluent Cloud Network on Azure¶

Each Confluent Cloud network is a virtual network that is provisioned in your Confluent Cloud Azure account.

This network allows inbound connections from the connected network to services in Confluent Cloud. It also allows inbound connections from services in Confluent Cloud that are configured to interact with data in the Confluent Cloud network.

You can create multiple Dedicated Kafka clusters within each Confluent Cloud network.

For details on default service quotas, see Network service quotas.

Requirements and considerations¶

Review the following requirements and considerations when you set up a Confluent Cloud network.

Region and Availability Zones¶

Dedicated clusters you create in your Confluent Cloud network inherit the selected Region and Availability Zones.

Confluent Cloud network CIDR blocks for VNet peering¶

When you set up a Confluent Cloud network for VNet peering, the CIDR blocks you specify must meet the follow requirements.

Private Link networks allocate addresses from existing VNet subnets and do not require an additional CIDR block.

The Confluent Cloud network CIDR block must be a /16 CIDR block from one of the following private IP ranges:
- Private IP address range (RFC 1918): 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16
- Shared address space (Carrier-grade NAT) (RFC 6598): 100.64.0.0/10
- Benchmark address space (RFC 2544): 198.18.0.0/15
Do not select CIDR blocks that overlap with the following CIDR blocks that are reserved by Confluent Cloud: 10.253.0.0/16, 10.254.0.0/16, 172.17.0.0/16, 172.30.0.0/16, 172.31.0.0/16

You cannot use the above CIDRs for peering due to routing conflicts with Confluent services. For example, managed connectors cannot reach the sources or sinks in those IP ranges.

Create a Confluent Cloud network¶

Follow the procedure below to create a Confluent Cloud network on Azure.

You can host multiple clusters within one Confluent Cloud network`. For details on service quotas, see Networks.

In the Confluent Cloud Console, select an environment for the Confluent Cloud network.
In the Network management tab in the environment, click For dedicated clusters.
Click Add network configuration.
Select Microsoft Azure as the cloud service provider and select the geographic region in Region. Click Continue.
Select the connectivity type: Private Link or VNet Peering.

If you select VNet Peering, CIDR for Confluent Cloud Network fields will appear.
- Private Link: Cluster is accessible using Private Link connections.
- VNet Peering: Cluster is accessible using VNet Peering.
Complete the steps for the connectivity type you selected.

Important

After provisioning your new Confluent Cloud network, you cannot change your selected Availability Zone (AZ) IDs or CIDR block size.
1. Under DNS configuration, select the DNS resolution method.
  
  Select Private DNS Resolution to resolve the private DNS name of the Confluent Cloud cluster to the private IP address of the cluster.
  
  If Private DNS Resolution is not selected, the private DNS name of the Confluent Cloud cluster requires public DNS Resolution to resolve the private IP address of the cluster.
  
  Before you select a DNS resolution option, review the details about DNS resolution in Azure Private Link in DNS resolution options.
2. Click Continue.
1. In the CIDR for Confluent Cloud Network section, specify a /16 CIDR block.
  
  For more information about the CIDR requirements, see Confluent Cloud network CIDR blocks for VNet peering above.
2. Click Continue.
In Network name, specify the name of the connection.

The name you choose is used to identify your network in the Confluent Cloud Console and when using the Confluent CLI. Choose a meaningful name, but consider including the connection type in the name (for example, azure-australia-east-private-link).
Review your configuration and click Add network configuration.

Here is an example REST API request:

HTTP POST request

POST https://api.confluent.cloud/networking/v1/networks

Authentication

See Authentication.

Request specification

Your REST request body specification should include the following:

display_name (optional) A meaningful name for your Confluent Cloud network.
environment
id – The identifier (ID) of your Confluent Cloud environment.
cloud – cloud service provider (AZURE)
region – The Region where the network is located.
connection_types – PEERING or PRIVATELINK
zones – An array listing the three selected Availability Zone IDs in the same Region.
cidr – The CIDR block.
dns_config - Set resolution to PRIVATE or CHASED_PRIVATE. The default value is CHASED_PRIVATE.
- When resolution is CHASED_PRIVATE, clusters in this network require both public and private DNS to resolve cluster endpoints.
- When resolution is PRIVATE, clusters in this network only require private DNS to resolve cluster endpoints.
Before you select a DNS resolution option, review the details about DNS resolution in Azure Private Link in DNS resolution options.

Here are REST specification examples in JSON format. You can use these as templates for your own specification, replacing your unique values.

{
  "spec": {
      "display_name": "My-NW1",
      "cloud": "AZURE",
      "region": "centralus",
      "connection_types": [
          "PEERING"
      ],
      "cidr": "10.0.0.0/16",
      "zones": [
          "1",
          "2",
          "3"
      ],
      "environment":{
         "id":"env-abc123"
     }
  }
}

In the request specification, include values for cloud, region, environment, connection type, and, optionally, add the display name, CIDR, and zones for the Confluent Cloud network. Update the attributes below with the correct values.

{
   "spec":{
      "display_name":"Azure-PL-CCN-1",
      "cloud":"AZURE",
      "region":"centralus",
      "connection_types":[
         "PRIVATELINK"
      ],
      "zones":[
         "1",
         "2",
         "3"
      ],
      "dns_config": {
         "resolution": "PRIVATE"
      },
      "environment":{
         "id":"env-abc123"
      }
   }
}

Use the confluent network create Confluent CLI command to create a Confluent Cloud network:

confluent network create <network-name> <flags>

The following command-specific flags are supported:

--cloud: Required. Set to azure.
--region: Required. Cloud region ID for this network.
--connection-types: Required. The network acces type. Specify one of privatelink, peering, or transitgateway.
--cidr: A /16 IPv4 CIDR block. Required for networks of connection type peering and transitgateway.
--zones: A comma-separated list of availability zones for this network.
--dns-resolution: Specify the DNS resolution as private or chased-private. The default value is chased-private.
- When resolution is chased-private, clusters in this network require both public and private DNS to resolve cluster endpoints.
- When resolution is private, clusters in this network only require private DNS to resolve cluster endpoints.
Before you select a DNS resolution option, review the details about DNS resolution in Azure PrivateLink in DNS resolution options.

You can specify additional optional CLI flags described in the Confluent CLI command reference, such as --environment.

The following are example Confluent CLI commands:

confluent network create my_azure_peering --cloud azure \
  --region eastus2 \
  --connection-types peering \
  --cidr 10.1.0.0/16

confluent network create my_azure_pl --cloud azure \
  --region eastus2 \
  --connection-types privatelink \
  --dns-resolution chased_private

Typically, it takes up to 15 to 20 minutes to create a Confluent Cloud network.

Next steps¶

After successfully provisioning the Confluent Cloud network on Azure, you can: add Dedicated Kafka clusters within your Confluent Cloud network.