All Products
Search

This Product

    Realtime Compute for Apache Flink:Network architecture upgrade

    Document Center

    Realtime Compute for Apache Flink:Network architecture upgrade

    Last Updated:Mar 14, 2024

    A significant upgrade will be performed on the network architecture of Realtime Compute for Apache Flink to improve the quality of service and meet growing business requirements. This upgrade aims to improve the utilization of IP addresses, strengthen network security isolation, and lay the foundation for supporting cross-zone compute units (CUs). After the upgrade, you can have a more robust and efficient data processing experience. You can fully understand the upgrade plan and follow the guidelines to make preparations and perform the upgrade.

    Upgrade purpose

    • Improve the utilization of IP addresses. After the upgrade, the number of IP addresses that are used by your vSwitch can be significantly reduced. Before the upgrade, each JobManager or TaskManager of each Flink deployment requires an IP address. After the upgrade, the number of IP addresses that are required is determined based on the number of workspaces. Each workspace requires two or three IP addresses.

    • Strengthen network security isolation. After the upgrade, the network security isolation in a virtual private cloud (VPC) is further enhanced. The IP addresses and port numbers that are used by the JobManagers or TaskManagers of deployments in a VPC cannot be scanned. The security for access to web UIs and RESTful APIs is enhanced.

    • Lay the foundation for supporting cross-zone high availability. To enable cross-zone high availability, you must purchase cross-zone CUs and complete the network upgrade to support high availability of deployments across zones.

    Upgrade time

    The upgrade starts from December 28, 2023.

    Upgrade method

    You can submit a ticket to apply for the upgrade. You must provide your workspace ID when you submit a ticket. For more information about how to view the ID of a workspace, see How do I view information about a workspace, such as the workspace ID?

    Impact and suggestions

    Network planning

    • The new network architecture requires only a small number of your IP addresses. After the upgrade, you do not need to change the IP addresses of the vSwitch or modify the IP whitelists of upstream and downstream services.

    • If you want to re-plan the current CIDR block, you must change the IP addresses of the vSwitch to the IP addresses of the required CIDR block in the workspace, configure the IP address whitelists of upstream and downstream services, and then submit a ticket to apply for an upgrade. After the upgrade is complete, restart the existing deployments to allow them to use new IP addresses.

    Platform

    • Session clusters cannot be upgraded. After the network architecture is upgraded, you still need to reserve IP addresses for session clusters.

    • After the network architecture is upgraded, deployments cannot be queried based on IP addresses.

    Deployments that are running

    The deployments that are running are not affected during the upgrade. By default, the new architecture applies only to deployments that are started after the upgrade. After the upgrade is complete, you must restart the deployments that are running to apply the new architecture to the deployments.