API gateway unreachable from RFC1918 networks

When accessing the new API Gateway, hosts that use RFC1918 IP addresses on the campus network–and do not have Internet connectivity–will receive connection errors (e.g., "Could not resolve host", "Host[name]|Server not found", "ConnectionError", "SocketError: Failed to open TCP connection", "UnknownHostException", "ENOTFOUND").


Explanation:

The new API Gateway is no longer hosted on campus and API calls require connectivity to the global Internet. Some networks on campus use RFC1918 IP Addresses, which are reserved for internal use on private networks and are not routable on the global Internet.

If your host IP address is in one of these ranges, it's on an RFC1918 network:

  • 10.0.0.0/8  (10.0.0.0 through 10.255.255.255)
  • 172.16.0.0/12  (172.16.0.0 through 172.31.255.255)
  • 192.168.0.0/16  (192.168.0.0 through 192.168.255.255)

Solution:

If the API Gateway is the only Internet resource you need to reach, EIS provides an API proxy on campus1 so you can just direct your API calls to it instead of https://gateway.api.berkeley.edu. Using the proxy will result in a minuscule increase in API call latency.

If your RFC1918 hosts need additional Internet connectivity, a router or firewall that performs Network Address Translation (NAT) can translate private RFC1918 IPs to public IPs to enable hosts on the private network to access the Internet.


1) Contact us via email at eis-support@berkeley.edu or on bIT Slack at # api-transition-help to get the proxy's hostname.