Contact Us 1-800-596-4880

VPC Network Architecture

An Anypoint VPC is a logically private and isolated network hosted inside CloudHub. You can connect your private intranet to your Anypoint VPC as if they were all part of a single, private network.

The Anypoint VPC configuration exposes the DNS record mule-worker-internal-<app-name>.cloudhub.io. This is a DNS A record, which includes the IP addresses of all your workers. This DNS record cannot be accessed from outside your Anypoint VPC.

Each Anypoint VPC allows you to configure firewall rules to check inbound connections directly to your workers.

Four firewall rules are created by default—​two rules that allow your private address space to connect through ports 8091 and 8092, and two rules that allow external requests proxied by CloudHub’s shared load balancer through ports 8081 and 8082.

All traffic that is not allowed in a firewall rule is blocked by default.

Default Anypoint VPC architecture
Figure 1. The graphic shows the default Anypoint VPC architecture.

You can configure a dedicated load balancer inside your VPC, which allows you to provide custom certificates and optionally enforce two-way SSL client authentication. If you configure proxy rules that map your applications to custom domains, you can, for example, host everything under a single vanity domain.

Anypoint VPC architecture with a dedicated load balancer
Figure 2. The graphic shows the Anypoint VPC architecture with a dedicated load balancer.

A CloudHub dedicated load balancer is assigned to a particular Anypoint VPC. The dedicated load balancer then routes traffic to that particular Anypoint VPC within the particular service region of the VPC.

Each dedicated load balancer has a DNS A record lb-name.lb.anypointdns.net or lb-name.lb-prod-eu-rt.anypointdns.net (for EU control plane) that resolves to two public IP addresses of its two instances.
Through your DNS provider, you can add a CNAME record pointing to the dedicated A record and use your own domain names to access it. This DNS A record can also be reached from outside the VPC.
Additionally, a CloudHub dedicated load balancer has an internal domain name to be used by applications and clients within the Anypoint VPC. The structure is internal-lb-name.lb.anypointdns.net.