Alation’s IP Addresses for Allow Lists

Alation Cloud Service Applies to Alation Cloud Service instances of Alation

This page contains a list of IP addresses that Alation Cloud Service uses to communicate with external resources over the public internet. Examples of external resources include the Alation Agent and data sources that you want to catalog.

Depending on your network security configuration, your IT or network administrator may need to add these IP addresses to an allow list so Alation can communicate with your network or data sources. You will need to allow the listed IP addresses for the geographic region that your Alation Cloud Service instance is in.

These IP addresses may change over time without notice. This document will be updated when IP addresses are changed or added.

IP Addresses

Important

For PrivateLink connections, add [TENANT_NAME]. to the beginning of the Agent connectivity endpoint and :8443 to the end.

For example: [TENANT_NAME].ocf.use1.alationcloud.com:8443

Geography

Location

CIDR

Range

Agent Connectivity Endpoint

Africa, Europe, & Middle East

Frankfurt

3.77.79.216/29

3.77.79.216 - 3.77.79.223

ocf.euc1.eu.alationcloud.com

Dublin

3.253.238.240/29

3.253.238.240 - 3.253.238.247

ocf.euw1.eu.alationcloud.com

Americas

Montreal

15.156.224.56/29

15.156.224.56 - 15.156.224.63

ocf.cac1.ca.alationcloud.com

Virginia

44.211.178.224/29

44.211.178.224 - 44.211.178.231

ocf.use1.alationcloud.com

Oregon

18.246.160.64/29

18.246.160.64 - 18.246.160.71

ocf.usw2.alationcloud.com

Asia Pacific

Mumbai

18.96.224.48/29

18.96.224.48 - 18.96.224.51

ocf.aps1.ap.alationcloud.com

Singapore

18.143.252.64/29

18.143.252.64 - 18.143.252.71

ocf.apse1.ap.alationcloud.com

Sydney

3.27.127.216/29

3.27.127.216 - 3.27.127.223

ocf.apse2.ap.alationcloud.com

Tokyo

52.195.197.8/29

52.195.197.8 - 52.195.197.15

ocf.apne1.ap.alationcloud.com

Zero Data Ingress Requirements

If you are using the Query Service Add-on for the Zero Data feature, there is an additional network requirement: the user’s browser must be able to reach the Agent’s Zero Data ingress endpoint directly.

This is different from the standard Agent-to-Alation Cloud Service connection:

  • The standard Agent connection is outbound only – the Agent initiates the connection to Alation Cloud Service, and no inbound access to the Agent is required.

  • The Zero Data ingress connection requires inbound browser access – the user’s browser connects directly to the Agent’s ingress gateway to retrieve query results from your object store.

Network Configuration

To enable Zero Data, ensure the following:

  • The Agent’s Zero Data ingress endpoint DNS name must be resolvable from the end user’s network.

  • Inbound HTTPS (port 443) traffic to the Agent’s ingress endpoint must be allowed through any firewalls, security groups, or network access control lists between the user’s browser and the Agent machine.

  • If your organization uses a web proxy, the Agent’s ingress endpoint must be added to the proxy’s allow list for end-user browsers.

Note

The Zero Data ingress endpoint uses a DNS hostname that you configure on the Agent (for example, zerodata.yourcompany.com). This hostname must resolve to the Agent machine from the end user’s network. See Configure Zero Data Ingress for details on configuring the ingress hostname.