Skip to content

Add PrivateLink support #161

New issue
New issue
Open
Epic
Open
Add PrivateLink support#161
Epic
Labels
type/epic
@dkropachev

Description

@dkropachev
dkropachev
opened on Dec 3, 2025

Idea

Enable dynamodb clients to work properly via NLB PrivateLink
PrivateLink, for the drivers is a load balancer that is deployed for a rack or dc (common case), every node in given scope (rack or dc) is going to have distinct port on this load balancer.
This load balancer will also have one port that targets all the nodes, for initial connection.

Initial connection flow

Driver

Driver configuration

Code example:

/// Information about a PrivateLink deployment for a cluster/node.
#[derive(Debug, Clone, PartialEq, Eq)]
pub struct PrivateLinkEndpoint {
    /// Cloud-specific connection identifier
    pub cloud_connection_id: String,

    /// Either DNS name or IP address exposed for this PrivateLink connection, could be empty if private link is deployed with custom CNAME.
    pub endpoint: String,
}

/// Top-level configuration holding all PrivateLink deployments.
#[derive(Debug, Clone, PartialEq, Eq, Default)]
pub struct PrivateLinkConfig {
    pub endpoints: Vec<PrivateLinkEndpoint>,
    pub discoveryPort: u16, // Default is 9042
}

Node operations

When node is added, another distinct port is opened on the load balancer for the node.
When node is removed, port is also decommissioned.
Since there is no way for a client to know to which node it is connected to, we will require from cloud to not to reuse same port when node is removed and added right away.

References

Core design doc: ref

Cloud design doc: ref

Network Diagram:
Image

Metadata

Metadata

Assignees

No one assigned

    Labels

    type/epic

    Type

    Epic

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions