Background
The transition to MongoDB IP blocks is not related to the upcoming Atlas Control Plane IP address changes. For more information, see the Upcoming Atlas Control Plane IP address changes Knowledge Base article.
For upcoming changes regarding TLS Certificate Authority with the addition of Google Trust Services, see the Upcoming change to TLS certificates: Addition of Google Trust Services with Let's Encrypt Knowledge Base article.
This article explains the upcoming changes to IPv4 address changes for MongoDB Atlas.
βIPv4 address changes for AWS clusters
MongoDB Atlas will be replacing the public IPv4 addresses of dedicated clusters deployed in AWS.
Note: This update will not incur any additional charges and will occur during a scheduled maintenance window, if you have one configured.
SRV-based connection strings (mongodb+srv://):
No action required. SRV resolves automatically, so you do not need to update anything in your application or network settings.
Standard connection strings (mongodb://):
If using DNS names: No action is required. DNS will update automatically.
If using hardcoded IPs: You must update your connection string with the new IPs and allow them through your firewall.
If you are already using an SRV-based connection string, there should be no disruption. The SRV records will dynamically update to point to the new IP addresses. When the transition occurs, clients using SRV-based connection strings should automatically start connecting to the new IPs without manual intervention.
It is always a good practice to use the SRV connection string format (mongodb+srv://) as it provides automatic service discovery and failover handling.
Note: If your connection is over a private connection, such as VPC peering or Private Endpoint, it will not be impacted, as it uses private IP addresses which are not being changed. You will not need to make any adjustments in this case.
Common scenarios where action is required:
This action may be required for situations where your Customer Managed KMS configuration requires an allowlist, and/or if you have configured your own firewalls, access control lists, or security groups dependent on the cluster IP addresses (only AWS hosted dedicated clusters).
This one-time change will ensure service continuity when the IP addresses for your clusters are updated.
FAQs
What changes is Atlas making with respect to the public IPv4 addresses?
MongoDB Atlas will be moving to a new block of IPv4 addresses as part of efforts to mitigate IPv4 scarcity.
What is the expected timeline for the IPv4 address change?
We will begin replacing the public IP addresses for customers starting January 21, 2025. This change will apply to all AWS dedicated clusters.
When will the changes roll out?
While we don't have any control over the order in which clusters will receive the update, it is possible to push back the change by deferring scheduled maintenance as long as the project has a maintenance window configured.
I am using the standard connection string and am unable to connect to my cluster nodes after the IPv4 maintenance. How do I resolve this?
There will be no changes to your connection strings because of the IP address changes. Both the SRV and standard connection string will automatically resolve to the new IP addresses. If you experience any issues, the first step is to flush the DNS to remove any cached IP addresses on the client machine.
We are currently using AWS Private Endpoints or AWS VPC peering for connectivity to Atlas. With the upcoming changes, do we need to reconfigure these endpoints?
Since VPC peering and Private Endpoints use private IP addresses, no additional modifications are required for connections using these methods.
Should I expect downtime during these changes?
There will be no downtime during these changes. They will occur in a rolling fashion (one node at a time), starting with the secondary nodes first and then the primary.
Can the clusters be opted out of the IPv4 replacement or can an extension for the IPv4 replacement be requested?
Clusters cannot be opted out of this change and we will not be accepting any extension requests.
Will this change be applied on NVME clusters?
At this moment, NVME clusters are not impacted with these changes. Any future updates would be provided here.
Will I know when the migration is complete for a cluster?
To keep customers informed throughout the process, new events will be introduced in the Activity Feed, providing updates at each phase of the migration. The phases and their corresponding events are as follows:
33 percent of the nodes in the cluster have had their IPs migrated.
67 percent of the nodes in the cluster have had their IPs migrated.
All nodes in the cluster have had their IPs migrated.
Here is an example of the events in the Project Activity Feed:
When will my AWS dedicated cluster be migrated to the new IP address?
Since we are implementing these changes in phases, please be aware that if you haven't noticed any changes yet, it means that your clusters have not yet entered their designated change window.
Each cluster will be migrated following a carefully planned schedule to ensure optimal performance. The changes may occur during the upcoming scheduled maintenance window, provided you have configured one for your project. We plan to finish the majority of the IPv4 changes by the end of March. Please note that the timelines are subject to change.
Important information
Until your cluster nodes are migrated to the new IP addresses, you can view the future IP addresses of the nodes using the Atlas Admin API.
This will help you prepare for the upcoming changes by allowing you to update any necessary configurations ahead of time.
services.clusters.futureInboundandservices.clusters.futureOutboundfields are added to thereturnAllIPAddressesendpoint, and these fields provides a list of the new IP addresses for your cluster.
Example API request output:
"futureInbound": [ "string" ], "futureOutbound": [ "string" ]
Note: After the nodes in a cluster have successfully migrated to the new IP addresses, the services.clusters.futureInbound and services.clusters.futureOutbound fields will no longer appear in the returnAllIPAddresses endpoint. This change indicates that the migration process has been completed for your cluster, or that it has already been assigned the new IP addresses and does not need a migration.
Reach out to MongoDB Support if you have further questions or need assistance.