The ongoing "Network is unreachable" errors in Databricks serverless compute suggest that network egress is being blocked, even though you have "Full access" set for Serverless Egress Control and a permissive network policy. The partial DNS resolution and consistent outbound HTTPS failure further indicate a platform-level issue rather than direct misconfiguration within your Databricks workspace.
Possible Causes
-
Serverless Egress Misconfiguration: Sometimes, even with "Full access," effective policy updates may not propagate instantly or may be overridden by account-level restrictions.
-
Databricks Platform Restrictions: Some accounts, typically on trial or unpaid tiers, have full network restrictions despite policy settings, or additional approval is required for egress whitelisting.
-
Region or Workspace-Specific Bug: Specific cloud regions or workspace settings can experience bugs where serverless compute is unable to egress despite correct configurations.
Next Steps & Workarounds
-
Double-Check Account Tier: Verify your workspace's account or subscription type. Free or trial accounts often restrict or block serverless egress, regardless of local policy changes.
-
Egress Control Refresh: Try toggling Serverless Egress Control between restricted and full, then back to full, to force policy propagation. Restart your clusters and jobs afterward.
-
Contact Support via Ticket: If chat is restricted, submit a formal support ticket. As the only account holder, verify that your user is marked as an admin in both the workspace and Databricks account console; re-check user roles and subscription type.
-
Use Classic Compute: As a workaround, switch your jobs/notebooks to classic compute (non-serverless interactive/shared clusters), which are less subject to these network restrictions.
-
Test from Another Workspace or Region: If possible, create a new workspace in a different region or using a different account tier to isolate whether the issue persists.
-
Check Cloud Provider Network Policies: If your workspace uses AWS VPC, Azure Private Link, or GCP custom networking, confirm those outbound firewall rules aren't interfering with Databricks serverless networking.
Diagnosing Further
-
Run a Python script in your notebook to log detailed socket and os error codes when attempting to reach external IPs. Document all logs to escalate to Databricks support.
-
Attempt to reach public endpoints directly using different ports (e.g., 80, 443, 8080) to rule out protocol-based blocking.
Support Challenges
-
If unable to contact Databricks support due to authorization, confirm Workspace Admin rights by checking your "User" and "Admin" status in the workspace’s "Manage Account" section.
-
For urgent issues, leverage Databricks community forums or Stack Overflow, where Databricks engineers are known to respond to network egress issues.
Summary: Serverless egress can be fraught with hidden restrictions. If you're in a trial, community, or free tier, those settings often cannot be overridden. Try classic compute for a workaround and use support ticket channels, not chat, when admin rights block chat.
| Problem Area |
Symptoms |
Recommendation |
| Serverless Policy |
DNS partial, HTTPS blocked |
Refresh egress control, check tier |
| Account Tier |
Workspace trial/free |
Upgrade/check subscription |
| Support Access |
Chat blocked, ticket openable? |
Verify workspace admin, file ticket |
| Cloud Network Policies |
VPC, Private Link, proxies |
Review outbound rules |
| Diagnostic Logging |
Errno 101, socket errors |
Log details, escalate with logs |
| Workaround |
Classic compute works |
Switch job to classic cluster |
If the issue persists after these steps and your account is, in fact, paid and properly configured, it is likely that only Databricks platform-level intervention will resolve the outage.
