From 4ae77e5d6b2d9d89af44b48bca8a06509e6f0d10 Mon Sep 17 00:00:00 2001 From: Joaquin Borggio Date: Thu, 2 Oct 2025 13:14:22 -0400 Subject: [PATCH 1/2] docs: add more information about egress in LGP hybrid --- src/langgraph-platform/hybrid.mdx | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/langgraph-platform/hybrid.mdx b/src/langgraph-platform/hybrid.mdx index c12e7b4f0..5a41da699 100644 --- a/src/langgraph-platform/hybrid.mdx +++ b/src/langgraph-platform/hybrid.mdx @@ -36,6 +36,15 @@ For information on how to deploy a [LangGraph Server](/langgraph-platform/langgr If you would like to deploy to Kubernetes, you can follow the [Hybrid deployment guide](/langgraph-platform/deploy-hybrid). +### Egress to LangSmith and the control plane +In the hybrid deployment model, your self-hosted data plane will send network requests to the control plane to poll for changes that need to be implemented in the data plane. Traces from data plane deployments also get sent to the LangSmith instance integrated with the control plane. This traffic to the control plane is encrypted, over HTTPS. The data plane authenticates with the control plane with a LangSmith API key. + +In order to enable this egress, you may need to update internal Firewall rules or cloud resources such as Security Groups. You can find a list of IP addresses to allow [here](/langsmith/cloud-architecture-and-scalability#ingress-into-langchain-saas). + + +We do not currently support traffic over Private Link or Private Service Connect. This traffic will go over the internet. + + ## Listeners In a hybrid deployment, one or more ["listener" applications](/langgraph-platform/data-plane#”listener”-application) can be deployed depending on the organization of LangSmith workspaces and Kubernetes clusters. From 3735b09bc3413d2b04ac3c64a0e5468782a188f1 Mon Sep 17 00:00:00 2001 From: Joaquin Borggio Date: Thu, 2 Oct 2025 18:51:23 -0400 Subject: [PATCH 2/2] addressed comments --- src/langgraph-platform/hybrid.mdx | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/langgraph-platform/hybrid.mdx b/src/langgraph-platform/hybrid.mdx index 5a41da699..2995ea6ed 100644 --- a/src/langgraph-platform/hybrid.mdx +++ b/src/langgraph-platform/hybrid.mdx @@ -37,12 +37,13 @@ If you would like to deploy to Kubernetes, you can follow the [Hybrid deployment ### Egress to LangSmith and the control plane + In the hybrid deployment model, your self-hosted data plane will send network requests to the control plane to poll for changes that need to be implemented in the data plane. Traces from data plane deployments also get sent to the LangSmith instance integrated with the control plane. This traffic to the control plane is encrypted, over HTTPS. The data plane authenticates with the control plane with a LangSmith API key. -In order to enable this egress, you may need to update internal Firewall rules or cloud resources such as Security Groups. You can find a list of IP addresses to allow [here](/langsmith/cloud-architecture-and-scalability#ingress-into-langchain-saas). +In order to enable this egress, you may need to update internal firewall rules or cloud resources (such as Security Groups) to [allow certain IP addresses](/langsmith/cloud-architecture-and-scalability#ingress-into-langchain-saas). -We do not currently support traffic over Private Link or Private Service Connect. This traffic will go over the internet. +AWS/Azure PrivateLink or GCP Private Service Connect is currently not supported. This traffic will go over the internet. ## Listeners