Skip to main content

Ports

Last update:

A port is a virtual network card to which a mapping of MAC address and IP address is assigned. An IP address is assigned to a port within the subnet in which the port is located.

Ports are used to connect devices to private subnets, global router subnets, and public subnets. If a port is disconnected from a device, it will also be disconnected from a subnet. A private subnet cannot be deleted if it has at least one port.

Port traffic can only be sent from one IP/MAC address pair that is assigned when the port is added to the subnet, traffic from other addresses is discarded. To allow traffic from addresses that are not listed on the port, you must add the allowed IP/MAC addresses to the port.

You can work with ports in the control panel, using the OpenStack CLI or Terraform.

In cloud networks, service ports are automatically created and management is not available:

Add a port to a subnet

  1. In the dashboard, on the top menu, click Products and select Cloud Servers.

  2. Go to NetworkPrivate Networks tab.

  3. Open the Network page → Ports tab.

  4. Click Add Port.

  5. Select a subnet.

  6. Enter the IP address of the port.

  7. Optional: select the server or Managed Kubernetes cluster node to which you want to add this port.

  8. Click Add Port.

Add a cloud server or Managed Kubernetes cluster node to the subnet via port

A cloud server can be added to a private subnet, a global router subnet, or a public subnet after server creation. The Managed Kubernetes cluster node can be added to a private subnet or a global router subnet.

To do this, you need to add a port to the server or node.

  1. In the dashboard, on the top menu, click Products and select Cloud Servers.
  2. Go to the Servers section.
  3. Open the server page → Ports tab.
  4. Click Add Port.
  5. Select private subnet, global router subnet, or public subnet.
  6. Enter the IP address of the port.
  7. Click Add.

Connect a public IP address to a port on a private subnet

If a cloud server or load balancer is connected to a port on the private subnet, you can connect a public IP address to the port.

To connect a public IP address in the device sections of the Control Panel, use the Public IP Addresses instructions.

  1. Make sure that the device is on a subnet that meets the requirements, see the Prepare a private subnet to connect a public IP address in the Public IP Addresses tutorial for details.
  2. In the dashboard, on the top menu, click Products and select Cloud Servers.
  3. Go to NetworkPrivate Networks tab.
  4. Open the Network page → Ports tab.
  5. In the port card of the cloud server or load balancer, click Connect Public IP.
  6. Select a public IP address.
  7. Click Connect.

Disconnect a public IP address from a port on a private subnet

To disable the public IP address in the device sections in the Control Panel, use the Public IP Addresses instructions.

  1. In the dashboard, on the top menu, click Products and select Cloud Servers.
  2. Go to NetworkPrivate Networks tab.
  3. Open the Network page → Ports tab.
  4. In the port card of the cloud server or load balancer, next to the public IP address, click .
  5. Select Disable public IP address.
  6. Optional: If you no longer need the public IP address, check the Delete Address checkbox.
  7. Click Save.

Assign a security group to a port

To assign a security group on the Cloud Server page in the Control Panel, use the Assign Security Group instructions.

To be able to assign a security group to a port, port security must be enabled on the port network. You can view the filtering status of the network in the Control Panel: from the top menu, click ProductsCloud ServersNetworkPrivate Networks or Public Networks tab . A network with filtering enabled is marked with a .

  1. In the Dashboard, on the top menu, click Products and select Cloud Servers.

  2. Go to NetworkPrivate Networks tab.

  3. Open the Network page → Ports tab.

  4. In the port card, in the Security Groups field, click . If security group selection is not available, port security is disabled on the network . To use security groups , create a new private network.

  5. In the Security Groups field, check the groups you want to assign to the port, or click New Security Group and create a group.

  6. Click Save.

Disconnect the security group from the port

  1. In the Dashboard, on the top menu, click Products and select Cloud Servers.

  2. Go to NetworkPrivate Networks tab.

  3. Open the Network page → Ports tab.

  4. In the port card, in the Security Groups field, click .

  5. In the Security Groups field, uncheck the checkboxes of the groups that you want to disconnect from the port.

  6. Click Save.

Add authorized IP/MAC addresses per port

If port security is enabled on the network, port traffic can only be sent from one IP/MAC address pair, which is assigned when the port is added to the subnet. If traffic is sent through the port from addresses that are not specified on the port, such traffic will be blocked. To allow traffic from addresses that are not listed on the port, you must add the allowed IP/MAC addresses to the port settings.

For example, if you deployed on your own:

  • Routing software on the cloud server - you need to allow all routed networks;
  • VPN server on the cloud server - you need to resolve the IP addresses of all VPN clients;
  • Kubernetes cluster with CNI Calico in Direct routing mode on the cloud server - you need to allow the entire subnet that is used in the cluster. No configuration is required for CNI Flannel;
  • VRRP group of several cloud servers - on each of the servers, depending on the VRRP settings, you must allow a VIP address or a VIP/MAC server address mapping.

A maximum of 10 additional IP/MAC address pairs can be added per port. If the allowed addresses are not needed, you can remove them from the port.

You do not need to configure authorized addresses in Managed Kubernetes clusters, cloud databases, ready-made 1C cloud, as well as on cloud servers created from images with applications. All necessary settings for them have already been made.

  1. In the Dashboard, on the top menu, click Products and select Cloud Servers.

  2. Go to NetworkPrivate Networks tab.

  3. Open the Network page → Ports tab.

  4. In the port card, in the Security Groups field, click .

  5. If you want to allow all IP addresses, click Allow All IP Addresses for VPN. Traffic from the 0.0.0.0/0 subnet with the default port MAC address will be allowed.

  6. If you want to allow traffic from specific addresses:

    6.1.Click Add IP/MAC Pair.

    6.2.Enter the IP address or subnet in CIDR format.

    6.3.Optional: Enter a MAC address that matches the IP address, or leave the MAC address of the default port.

    6.4.To add another address pair, repeat steps 6.1 through 6.3.

  7. Click Save.

Remove authorized IP/MAC addresses from the port

  1. In the dashboard, on the top menu, click Products and select Cloud Servers.

  2. Go to NetworkPrivate Networks tab.

  3. Open the Network page → Ports tab.

  4. In the port card, in the Security Groups field, click .

  5. In the address pair row, click .

  6. Click Save.

Enable port

  1. In the Dashboard, on the top menu, click Products and select Cloud Servers.

  2. Go to NetworkPrivate Networks tab.

  3. Open the Network page → Ports tab.

  4. In the port card, enable the port.

Disable the port

  1. In the dashboard, on the top menu, click Products and select Cloud Servers.

  2. Go to NetworkPrivate Networks tab.

  3. Open the Network page → Ports tab.

  4. In the port card, disable the port.

Delete port

  1. In the dashboard, on the top menu, click Products and select Cloud Servers.

  2. Go to NetworkPrivate Networks tab.

  3. Open the Network page → Ports tab.

  4. In the port card, click .

    If the button is inactive , a device that prohibits removal is connected to the port . Remove this device and return to step 1.

    Use the instructions to remove the device:

  5. Click Delete.