Serverless compute cannot access internet
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-19-2025 03:02 PM
- Labels:
-
Workflows
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-19-2025 03:08 PM
I've run diagnostic tests and found:
✅ **DNS Resolution**: Partially working
- `github.com` resolves successfully and HTTPS works
- `pokeapi.co` fails DNS resolution
- `google.com` fails DNS resolution
- `databricks.com` fails DNS resolution
❌ **Outbound HTTPS**: Completely blocked
- Direct IP connections fail with "Network is unreachable"
- Error: `[Errno 101] Network is unreachable`
- Happens even when using IP addresses directly (bypassing DNS)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-20-2025 03:46 AM
The ongoing "Network is unreachable" errors in Databricks serverless compute suggest that network egress is being blocked, even though you have "Full access" set for Serverless Egress Control and a permissive network policy. The partial DNS resolution and consistent outbound HTTPS failure further indicate a platform-level issue rather than direct misconfiguration within your Databricks workspace.
Possible Causes
-
Serverless Egress Misconfiguration: Sometimes, even with "Full access," effective policy updates may not propagate instantly or may be overridden by account-level restrictions.
-
Databricks Platform Restrictions: Some accounts, typically on trial or unpaid tiers, have full network restrictions despite policy settings, or additional approval is required for egress whitelisting.
-
Region or Workspace-Specific Bug: Specific cloud regions or workspace settings can experience bugs where serverless compute is unable to egress despite correct configurations.
Next Steps & Workarounds
-
Double-Check Account Tier: Verify your workspace's account or subscription type. Free or trial accounts often restrict or block serverless egress, regardless of local policy changes.
-
Egress Control Refresh: Try toggling Serverless Egress Control between restricted and full, then back to full, to force policy propagation. Restart your clusters and jobs afterward.
-
Contact Support via Ticket: If chat is restricted, submit a formal support ticket. As the only account holder, verify that your user is marked as an admin in both the workspace and Databricks account console; re-check user roles and subscription type.
-
Use Classic Compute: As a workaround, switch your jobs/notebooks to classic compute (non-serverless interactive/shared clusters), which are less subject to these network restrictions.
-
Test from Another Workspace or Region: If possible, create a new workspace in a different region or using a different account tier to isolate whether the issue persists.
-
Check Cloud Provider Network Policies: If your workspace uses AWS VPC, Azure Private Link, or GCP custom networking, confirm those outbound firewall rules aren't interfering with Databricks serverless networking.
Diagnosing Further
-
Run a Python script in your notebook to log detailed
socketandoserror codes when attempting to reach external IPs. Document all logs to escalate to Databricks support. -
Attempt to reach public endpoints directly using different ports (e.g., 80, 443, 8080) to rule out protocol-based blocking.
Support Challenges
-
If unable to contact Databricks support due to authorization, confirm Workspace Admin rights by checking your "User" and "Admin" status in the workspace’s "Manage Account" section.
-
For urgent issues, leverage Databricks community forums or Stack Overflow, where Databricks engineers are known to respond to network egress issues.
Summary: Serverless egress can be fraught with hidden restrictions. If you're in a trial, community, or free tier, those settings often cannot be overridden. Try classic compute for a workaround and use support ticket channels, not chat, when admin rights block chat.
| Problem Area | Symptoms | Recommendation |
|---|---|---|
| Serverless Policy | DNS partial, HTTPS blocked | Refresh egress control, check tier |
| Account Tier | Workspace trial/free | Upgrade/check subscription |
| Support Access | Chat blocked, ticket openable? | Verify workspace admin, file ticket |
| Cloud Network Policies | VPC, Private Link, proxies | Review outbound rules |
| Diagnostic Logging | Errno 101, socket errors | Log details, escalate with logs |
| Workaround | Classic compute works | Switch job to classic cluster |
If the issue persists after these steps and your account is, in fact, paid and properly configured, it is likely that only Databricks platform-level intervention will resolve the outage.