diff --git a/src/langgraph-platform/hybrid.mdx b/src/langgraph-platform/hybrid.mdx
index c12e7b4f0..2995ea6ed 100644
--- a/src/langgraph-platform/hybrid.mdx
+++ b/src/langgraph-platform/hybrid.mdx
@@ -36,6 +36,16 @@ For information on how to deploy a [LangGraph Server](/langgraph-platform/langgr
 If you would like to deploy to Kubernetes, you can follow the [Hybrid deployment guide](/langgraph-platform/deploy-hybrid).
 </Tip>
 
+### Egress to LangSmith and the control plane
+
+In the hybrid deployment model, your self-hosted data plane will send network requests to the control plane to poll for changes that need to be implemented in the data plane. Traces from data plane deployments also get sent to the LangSmith instance integrated with the control plane. This traffic to the control plane is encrypted, over HTTPS. The data plane authenticates with the control plane with a LangSmith API key.
+
+In order to enable this egress, you may need to update internal firewall rules or cloud resources (such as Security Groups) to [allow certain IP addresses](/langsmith/cloud-architecture-and-scalability#ingress-into-langchain-saas).
+
+<Warning>
+AWS/Azure PrivateLink or GCP Private Service Connect is currently not supported. This traffic will go over the internet.
+</Warning>
+
 ## Listeners
 
 In a hybrid deployment, one or more ["listener" applications](/langgraph-platform/data-plane#”listener”-application) can be deployed depending on the organization of LangSmith workspaces and Kubernetes clusters.