Public subnets

Last update: June 10 2026

A public subnet is a range of public static IP addresses limited by a prefix (mask) size. All devices in a public subnet have a public IP address and access to and from the Internet. You can configure access through a public subnet for a cloud server, cloud load balancer, and Managed Database cluster — more information is available in the instruction Configuring access to and from the Internet.

IP addresses from a public subnet are not processed by a cloud router via 1:1 NAT, but are connected directly to the devices: cloud server, cloud load balancer, Managed Database cluster. Because there is no NAT, this type of device connection to the Internet is more fault-tolerant and faster, but less secure than connecting via a public IP address.

Devices in a public subnet communicate with each other through public interfaces.

A public subnet can only be used within a single project and a single pool.

There are traffic volume limitations within public subnets — throughput. You can view these in the Throughput table.

You can work with public subnets in the control panel or via Terraform.

Public subnet sizes

Public subnets are available in sizes from /29 (five free IPv4 addresses) to /24 (253 free IPv4 addresses). Each public subnet reserves three service IP addresses:

• first IP address — network address;
• second IP address — gateway address;
• last IP address — broadcast address.

The remaining IP addresses can be assigned to devices.

Example for subnet 192.0.2.0/29 — five addresses are available:

• 192.0.2.0 — network address;
• 192.0.2.1 — gateway address;
• 192.0.2.2 — available for use;
• 192.0.2.3 — available for use;
• 192.0.2.4 — available for use;
• 192.0.2.5 — available for use;
• 192.0.2.6 — available for use;
• 192.0.2.7 — broadcast address.

If a public subnet has run out of free IP addresses, you can create a new public subnet.

Automatic public subnet settings

Default settings are specified for public subnets: default gateway and DNS servers. The settings are applied to devices in the subnet automatically.

Default gateway

When creating a public subnet, the second IP address is reserved for the default gateway. The default gateway in a public subnet cannot be changed.

DNS servers

When a public subnet is created, Selectel DNS servers are automatically assigned to the devices in the subnet. You can change the DNS servers when creating a subnet or change them after creation.

Static routes

By default, no static routes are specified for subnets. For public subnets, you can configure static routes.

Create a public subnet

Control panel

1. In the Control panel, on the top menu click Products and select Cloud Servers.
2. Go to the Network section → Public Networks tab.
3. Click Create subnet.
4. Select the location where the public subnet will be created.
5. Select the subnet size — the range of IP addresses available in the subnet.
6. Optional: to change DNS servers, click . Enter one to three values. Click .
7. Click Create.

Configure access to a public subnet in different projects

By default, a public subnet can only be used within one project and one pool. You can configure shared access to a public subnet across different projects within the same account. The subnet will still only be available within one pool.

The public subnet will have a Cross-project tag. You will only be able to manage the subnet in the project where it is located.

Control panel

1. In the Control panel, on the top menu, click Products and select Cloud Servers.
2. Go to the Network section → Public networks tab.
3. Copy the ID of the recipient project with which you want to share the subnet. Open the projects menu (the name of the current project) and click in the row of the required project.
4. Make sure you are in the project where the subnet is located.
5. Open the network card → Projects tab.
6. Click Add project.
7. Paste the ID of the destination project that you copied in step 3.
8. Click .

Change DNS servers in a public subnet

When a public subnet is created, Selectel recursive DNS servers are automatically assigned to the devices in the subnet. You can change the DNS servers when creating a public subnet or for an existing public subnet.

Control panel

1. In the Control panel, on the top menu, click Products and select Cloud Servers.
2. Go to the Network section → Public networks tab.
3. Open the public subnet card → Subnets tab.
4. In the subnet row, in the DNS servers column, click .
5. Enter from one to three values.
6. Click .

OpenStack CLI

1. Open OpenStack CLI.

2. If you need to completely replace the list of DNS servers, delete the IP addresses of the specified DNS servers and add new ones:

   openstack subnet set \
     --no-dns-nameservers \
     --dns-nameserver <dns_server> \
     <subnet>

   Specify:

   • <dns_server> — IP address of the DNS server. You can add multiple DNS servers—each is added using the --dns-nameserver <dns_server> option;;
   • <subnet> — public subnet ID or name, which you can find using the openstack subnet list command.

   Example of changing default DNS servers to 192.0.2.3 and 192.0.2.4:

   openstack subnet set \
     --no-dns-nameservers \
     --dns-nameserver 192.0.2.3 \
     --dns-nameserver 192.0.2.4 \
     <subnet>

3. If you need to add to the list of DNS servers, add the IP addresses of the new DNS servers:

   openstack subnet set \
     --dns-nameserver <dns_server> \
     <subnet>

   Specify:

   • <dns_server> — IP address of the DNS server. You can add multiple DNS servers—each is added using the --dns-nameserver <dns_server> option;;
   • <subnet> — public subnet ID or name, which you can find using the openstack subnet list command.

Delete a public subnet

Control panel

1. In the Control panel, on the top menu, click Products and select Cloud Servers.
2. Go to the Network section → Public networks tab.
3. In the menu for the public subnet, select Delete subnet.
4. Enter the subnet address to confirm deletion.
5. Click Delete.