cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 
Help
Administration & Architecture
Explore discussions on Databricks administration, deployment strategies, and architectural best practices. Connect with administrators and architects to optimize your Databricks environment for performance, scalability, and security.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 

NAT Gateway with Azure Databricks

Go to solution
ph1l0s0ph3r
New Contributor II

โ€Ž09-11-2024 06:13 AM

Hi all, what are the steps to enable external communication through a NAT Gateway? Our Databricks instance was created through VNET injection and did not have a NAT gateway created by default. We now want to pass external traffic through NAT gateway rather than the Databricks IP. Thanks

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
szymon_dybczak
Contributor III

โ€Ž09-11-2024 06:51 AM

Hi @ph1l0s0ph3r ,

NAT Gateway is created by default only if you use SCC with default VNet that Azure Databricks creates. Look at below entry in documentation:

Secure cluster connectivity - Azure Databricks | Microsoft Learn

In you case, when you have deployed Databricks instance into your own VNet you need to configure NAT Gateway by yourself. 
Basically, you have following option to configure egress with NPIP in VNet Injected workspace:

  1. Egress Load Balancer
  2. Azure NAT Gateway
  3. Azure Firewall

You're interested in option 2 - Azure NAT Gateway. So to set it up you need  to create:

- NAT Gateway in Azure

szymon_dybczak_1-1726062708941.png

 

-  configure the gateway on both of the workspaceโ€™s subnets to ensure that all outbound traffic to the Azure backbone and public network transits through it.

szymon_dybczak_0-1726062677319.png

 

 

 

 

View solution in original post

0 Kudos
4 REPLIES 4

Go to solution
szymon_dybczak
Contributor III

โ€Ž09-11-2024 06:51 AM

Hi @ph1l0s0ph3r ,

NAT Gateway is created by default only if you use SCC with default VNet that Azure Databricks creates. Look at below entry in documentation:

Secure cluster connectivity - Azure Databricks | Microsoft Learn

In you case, when you have deployed Databricks instance into your own VNet you need to configure NAT Gateway by yourself. 
Basically, you have following option to configure egress with NPIP in VNet Injected workspace:

  1. Egress Load Balancer
  2. Azure NAT Gateway
  3. Azure Firewall

You're interested in option 2 - Azure NAT Gateway. So to set it up you need  to create:

- NAT Gateway in Azure

szymon_dybczak_1-1726062708941.png

 

-  configure the gateway on both of the workspaceโ€™s subnets to ensure that all outbound traffic to the Azure backbone and public network transits through it.

szymon_dybczak_0-1726062677319.png

 

 

 

 

0 Kudos

Go to solution
ph1l0s0ph3r
New Contributor II

โ€Ž09-11-2024 07:04 AM

Thank you, @szymon_dybczak ! I will try this and get back on this thread.

Is a route table necessary for allowing outbound traffic in the subnets at all? Or will just adding the NAT gateway to both the subnets be sufficient?

0 Kudos

Go to solution
szymon_dybczak
Contributor III
In response to ph1l0s0ph3r

โ€Ž09-11-2024 07:21 AM

Adding the NAT Gateway to both subnet should be sufficient. If you encounter any problem let us know ๐Ÿ˜‰

0 Kudos

Go to solution
ph1l0s0ph3r
New Contributor II

โ€Ž09-11-2024 08:05 AM

I made the changes and it works! I was able to communicate to the NAT Gateway IP in our external on-prem application.

I noticed though that Databricks instance is not showing the NAT Gateway within Parameters. Is this an issue?

ph1l0s0ph3r_0-1726066964246.png

 

 

 

0 Kudos

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you wonโ€™t want to miss the chance to attend and share knowledge.

If there isnโ€™t a group near you, start one and help create a community that brings people together.

Request a New Group
Announcements