General information about cloud platform networks
The cloud platform networks are powered by OpenStack Neutron. For more information, see the Neutron section of the OpenStack documentation.
You can work with cloud platform networks in the control panel, using the OpenStack CLI or Terraform.
Tasks to be solved
In a cloud platform using network objects, you can:
- configure connectivity between devices in the same pool and aggregate devices into private subnets using ports: cloud servers, load balancers, file storage, Managed Kubernetes clusters and cloud database clusters;
- Route traffic between private subnets and configure Internet access for devices on a private subnet using cloud routers;
- Connect static public IP addresses to devices on private subnets to configure access to them from the Internet;
- Connect devices to public subnets for access to and from the Internet. Cloud servers, load balancers, and cloud database clusters can be ported to public subnets;
- Distribute incoming network traffic between cloud servers using load balancers;
- To organize network connectivity between devices in different pools (including different projects and accounts) or between different services, private subnets can be connected to a global router;
- configure static routes for subnets.
To limit traffic, you can use:
- cloud firewalls — Cloud firewalls are assigned to a cloud router port and allow you to filter traffic for private subnets and public IP addresses;
- security groups — are assigned to a cloud server port, allow you to filter all port traffic;
- allowed IP/MAC addresses — are configured on a cloud server port, allow outgoing port traffic only from specific IP/MAC address pairs.
To use security groups and authorized IP/MAC addresses , port security must be enabled on the network.
Throughput
Cloud platform network objects have outbound and inbound bandwidth restrictions.
St. Petersburg
Moscow
Novosibirsk
Tashkent
Almaty
Nairobi
For a list of regions, availability zones and pools, see the Selectel Infrastructure table.
Bandwidth for devices on private networks can be increased to 10 Gbps — create a ticket.
The speed on a port may drop dramatically, for example, to 0.1 Gbps if the associated IP address is blocked by Selectel security.To increase the speed, create a ticket.
Traffic filtering (port security)
Traffic filtering (port security) is a network function to protect against unauthorized access and attacks. Filtering allows you to:
- Use security groups on cloud server ports;
- add authorized IP\MAC addresses for outgoing traffic from cloud server ports;
- Restrict access to the load balancer.
Traffic filtering is enabled by default on private networks and public subnets that are created:
- in the ru-8 pool after May 15, 2025;
- in the uz-2 pool after May 22, 2025;
- in the ru-9 pool after May 26, 2025;
- in the ke-1 pool after May 26, 2025;
- in the uz-1 pool after May 27, 2025;
- in the kz-1 pool after May 28, 2025;
- in the gis-1 pool after May 29, 2025.
In these pools, you cannot manually control filtering — turn it on or off.
In pools ru-1, ru-2, ru-3, ru-7, filtering is turned off by default in existing and new networks, you can control filtering in them.
If traffic filtering is enabled on the network, for each new port on the network:
- The default security group that allows all traffic through the port is assigned.You can assign a different security group;
- This blocks MAC/IP spoofing, VPNs, VRRP, and overlay networks.If you are using a solution based on these, you must add allowed IP/MAC addresses on the port that can be used to send traffic.
You can view the filtering status of the network in the Control Panel: from the top menu, click Products → Cloud Servers → Network → Private Networks or Public Networks tab .A network with filtering enabled is marked with a .
Blocked ports
Selectel has some TCP/UDP ports blocked by default, traffic through them is blocked.
Cost
Public IP addresses and public subnets are paid for using the cloud platform payment model.
The cost can be viewed at selectel.ru.
The rest of the network resources are free of charge.