Articles in this section

See more

Private Link network traffic flow

Frank Yao
  • Updated
Follow

bloom-privatelink

Please review the Aura PrivateLink/PSC architecture diagram above.  This diagram illustrates the network package traffic flow when an application connects to an Aura instance.

We will use dbid: abcd1234 and orch-id: 0000 in this article. (It will be different with your own Aura Enterprise environment.)

  1. The process begins with the application initializing a driver connection to neo4j+s://abcd1234.production-orch-0000.neo4j.io.
  2. The network layer then queries the DNS server to resolve the fully qualified domain name (FQDN) (in this case, abcd1234.production-orch-0000.neo4j.io) to its corresponding IP address.
  3. The Cloud Virtual Network private DNS is queried, and it resolves the FQDN to 10.10.10.10, based on the wildcard DNS A record created: *.production-orch-0000.neo4j.io -> 10.10.10.10
  4. The application's connection is directed to 10.10.10.10, which is the PrivateLink Endpoint. From there, the privatelink endpoint forwards the network connection to the private ingress through the privatelink.
  5. The private ingress extracts the dbid information from the FQDN and sends the connection to the Aura instance with dbid:abcd1234
  6. The Aura instance responds by sending the neo4j cluster routing table back to the application, which contains information about the available nodes and their roles.
    abcd1234-core-1.production-orch-0000.neo4j.io role: write
    abcd1234-core-2.production-orch-0000.neo4j.io role: read
    abcd1234-core-3.production-orch-0000.neo4j.io role: read
  7. The application then selects an appropriate node to execute a read or write transaction. In the case of a write transaction, the application sends the transaction to abcd1234-core-1.production-orch-0000.neo4j.io.
  8. Similar to before, the Cloud Virtual Network private DNS is queried and resolves the FQDN to 10.10.10.10. The application's connection is sent to the PrivateLink Endpoint (10.10.10.10), which forwards the network connection to the private ingress through the privatelink. The private ingress then directs the connection to the Aura instance with dbid: abcd1234.
  9. Finally, the write transaction is received and executed within the Aura instance with dbid: abcd1234.

 

 

 

 

 

Tags: Private linkTags: privatelinkTags: private service connectTags: PSC

Related articles

Comments

0 comments

Please sign in to leave a comment.