cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Help
Administration & Architecture
Explore discussions on Databricks administration, deployment strategies, and architectural best practices. Connect with administrators and architects to optimize your Databricks environment for performance, scalability, and security.
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

NAT Gateway with Azure Databricks

Go to solution
ph1l0s0ph3r
New Contributor II

‎09-11-2024 06:13 AM

Hi all, what are the steps to enable external communication through a NAT Gateway? Our Databricks instance was created through VNET injection and did not have a NAT gateway created by default. We now want to pass external traffic through NAT gateway rather than the Databricks IP. Thanks

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
szymon_dybczak
Esteemed Contributor III

‎09-11-2024 06:51 AM

Hi @ph1l0s0ph3r ,

NAT Gateway is created by default only if you use SCC with default VNet that Azure Databricks creates. Look at below entry in documentation:

Secure cluster connectivity - Azure Databricks | Microsoft Learn

In you case, when you have deployed Databricks instance into your own VNet you need to configure NAT Gateway by yourself. 
Basically, you have following option to configure egress with NPIP in VNet Injected workspace:

  1. Egress Load Balancer
  2. Azure NAT Gateway
  3. Azure Firewall

You're interested in option 2 - Azure NAT Gateway. So to set it up you need  to create:

- NAT Gateway in Azure

szymon_dybczak_1-1726062708941.png

 

-  configure the gateway on both of the workspace’s subnets to ensure that all outbound traffic to the Azure backbone and public network transits through it.

szymon_dybczak_0-1726062677319.png

 

 

 

 

View solution in original post

0 Kudos
4 REPLIES 4

Go to solution
szymon_dybczak
Esteemed Contributor III

‎09-11-2024 06:51 AM

Hi @ph1l0s0ph3r ,

NAT Gateway is created by default only if you use SCC with default VNet that Azure Databricks creates. Look at below entry in documentation:

Secure cluster connectivity - Azure Databricks | Microsoft Learn

In you case, when you have deployed Databricks instance into your own VNet you need to configure NAT Gateway by yourself. 
Basically, you have following option to configure egress with NPIP in VNet Injected workspace:

  1. Egress Load Balancer
  2. Azure NAT Gateway
  3. Azure Firewall

You're interested in option 2 - Azure NAT Gateway. So to set it up you need  to create:

- NAT Gateway in Azure

szymon_dybczak_1-1726062708941.png

 

-  configure the gateway on both of the workspace’s subnets to ensure that all outbound traffic to the Azure backbone and public network transits through it.

szymon_dybczak_0-1726062677319.png

 

 

 

 

0 Kudos

Go to solution
ph1l0s0ph3r
New Contributor II

‎09-11-2024 07:04 AM

Thank you, @szymon_dybczak ! I will try this and get back on this thread.

Is a route table necessary for allowing outbound traffic in the subnets at all? Or will just adding the NAT gateway to both the subnets be sufficient?

0 Kudos

Go to solution
szymon_dybczak
Esteemed Contributor III
In response to ph1l0s0ph3r

‎09-11-2024 07:21 AM

Adding the NAT Gateway to both subnet should be sufficient. If you encounter any problem let us know 😉

0 Kudos

Go to solution
ph1l0s0ph3r
New Contributor II

‎09-11-2024 08:05 AM

I made the changes and it works! I was able to communicate to the NAT Gateway IP in our external on-prem application.

I noticed though that Databricks instance is not showing the NAT Gateway within Parameters. Is this an issue?

ph1l0s0ph3r_0-1726066964246.png

 

 

 

0 Kudos

Join Us as a Local Community Builder!

Passionate about hosting events and connecting people? Help us grow a vibrant local community—sign up today to get started!

Sign Up Now
Announcements
Top