Cloudera Docs

Network requirements

Learn the address, domain name service, and network mechanism requirements for the hybrid cloud architecture.

Concepts

You must consider the following concepts when reviewing the network requirements for hybrid cloud:
  • Classless Inter-Domain Routing (CIDR)

    CIDR is a notation to represent an IPv4 address range, for example, 10.0.0.0/8. The bitmask, the number after the slash, represents the number of fixed bits in the IP address range. Higher bitmask values indicate a lower number of addresses in the range.

  • Private IP ranges
    Private IP ranges are used for cloud networks and on-premise networks, including the following ranges:
    • 10.0.0.0-10.255.255.255
    • 172.16.0.0-172.31.255.255
    • 192.168.0.0-192.168.255.255
  • Overlapping and non-overlapping networks
    • The following networks are overlapping:
      • 10.0.0.0/8 and 10.0.0.0/16
    • The following networks are not overlapping:
      • 10.0.0.0/16 and 10.1.0.0/16
      • 10.0.0.0/8 and 172.16.0.0/16
      • 10.0.0.0/16 and 192.168.0.0./16
      • 192.0.2.128/28 and 192.0.2.144/28
  • Domain Name System (DNS)

    DNS is a hierarchical, distributed naming system used to translate human-readable domain names into IP addresses. DNS enables resources in cloud and on-premise networks to communicate using stable, memorable names instead of numerical IP addresses. DNS resolution can occur through public resolvers, private or internal DNS servers, or a hybrid approach in which conditional forwarding rules direct specific domains to their correct authoritative resolver. Consistent DNS configuration across cloud and on-premise networks is essential to ensure service discovery, Kerberos authentication, and cross-environment workload communication.

  • Direct Connect or Dedicated Interconnect and Site-to-Site VPN

    Direct Connect, Dedicated Interconnect and Site-to-Site VPN are mechanisms used to establish secure, private connectivity between on-premise data centers and cloud networks. A Direct Connect or the equivalent Dedicated Interconnect service provides a high-bandwidth, low-latency physical link that bypasses the public internet. A Site-to-Site VPN creates an encrypted IPsec tunnel over the internet to connect the on-premise network to the cloud virtual network. These two connectivity options are often used together, with the VPN serving as a failover path when the dedicated link becomes unavailable. When configuring hybrid connectivity, all participating networks must use non-overlapping CIDR ranges, and routing must be set up so on-premise subnets and cloud subnets can reach each other consistently.

Requirements

The following requirements must be met when creating hybrid environments:
  • The on-premise network and the public cloud network must be peered.
  • No overlapping CIDRs must exist between the on-premise network and the public cloud network.
  • Fully connected routing must exist between the on-premise network and the public cloud network with a bidirectional line of sight based on the available ports.
  • You must have high-bandwidth and lower-latency public cloud to private cloud network to transfer the data required for cloud bursting.
  • No network address translation must occur between the on-premise network and the public cloud network.
  • Firewalls are permitted and supported, but they must allow the communication channels described in Security policies and firewall rules.
  • Egress connectivity must be enabled on both the on-premise data lake and on the public cloud FreeIPA instance.