Cloud routers
With a cloud router, you can:
- route traffic between private subnets. All private subnets connected to the same router can communicate with each other and use the router's IP address as the default route;
- configure Internet access for devices in the private subnet (outgoing traffic) and from the Internet (incoming traffic), more details in the instructions Configure Internet access and from the Internet. The cloud router performs 1:1 NAT function via an external IP address, which is allocated when the router is connected to an external network: it organizes Internet access from the private subnet and processes incoming traffic packets for public IP addresses.
You can configure static routes on the cloud router.
A cloud router can only be used within one project and one pool.
Cloud routers have a limit on the amount of traffic — bandwidth. You can see it in the Bandwidth table.
You can work with cloud routers in the control panel, using the OpenStack CLI or Terraform.
Create a cloud router
Control panel
OpenStack CLI
- In the dashboard, on the top menu, click Products and select Cloud Servers.
- Go to Network → Cloud routers tab.
- Click Create router.
- Select the pool where the cloud router will be created.
- Enter the name of the router.
- Optional: check the Connect router to external network checkbox — an external IP address will be assigned to the router.
- Click Create.
-
Create a cloud router:
openstack router create <router_name>
Specify
<router_name>
— the name of the cloud router.. -
Optional: connect the cloud router to an external network — an external IP address will be assigned to the router:
openstack router set --external-gateway external-network <router>
Specify
<router>
— The ID or name of the cloud router, can be viewed using theopenstack router list
command.
Connect a subnet to the cloud router
For private subnets to communicate with each other, they must be connected to the same cloud router. The subnets must have different CIDRs.
To configure access to and from the Internet for devices on private subnets using a cloud router, use the instructions to Configure Access to and from the Internet.
Control panel
OpenStack CLI
-
In the dashboard, on the top menu, click Products and select Cloud Servers.
-
Go to Network → Cloud routers tab.
-
Open the router card.
-
Click Add Subnet.
-
Select a private subnet or a global router subnet.
-
Enter the IP address of the router. The IP address of the cloud router must match the default gateway of the private subnet. You can view the gateway in the control panel: in the top menu, click Products → Cloud Servers → Network → Private Networks tab → Network page → Subnets tab → Subnet card → Automatic Network Settings block → Subnet Gateway field.
If you are connecting a global router subnet, the IP address of the cloud router must match the default gateway of the global router subnet and must be different from the global router IP address, the IP addresses of the devices on the network, and the
.253
and.254
service addresses. -
Click Add Subnet.
-
Connect the subnet to the cloud router:
openstack router add subnet <router> <subnet>
Specify:
<router>
— The ID or name of the cloud router can be viewed with the commandopenstack router list
;<subnet>
— The ID or name of a private subnet can be viewed with the commandopenstack subnet list
.
Disconnect the subnet from the cloud router
Control panel
OpenStack CLI
- In the dashboard, on the top menu, click Products and select Cloud Servers.
- Go to Network → Cloud routers tab.
- Open the router card.
- From the menu of the private subnet, select Delete Port.
- Click Delete.
-
Disconnect the subnet from the cloud router:
openstack router remove subnet <router> <subnet>
Specify:
<router>
— The ID or name of the cloud router can be viewed with the commandopenstack router list
;<subnet>
— The ID or subnet name can be viewed with the commandopenstack subnet list
Connect the cloud router to an external network
To configure Internet access for devices on a private subnet, the subnet must be connected to a cloud router with external-network
access. When the router is connected to the external-network, an external IP address will be assigned to the router, through which the router will perform a 1:1 NAT function.
If the router connects multiple private subnets, devices on all subnets will be able to access the Internet.
To configure access from the Internet for devices on private subnets using a cloud router, use the instructions Configure Access to and from the Internet.
Control panel
OpenStack CLI
- In the Control panel, on the top menu, click Products and select Cloud Servers.
- Go to Network → Cloud routers tab.
- From the menu of the cloud router, select Connect to external network.
-
Connect the cloud router to an external network:
openstack router set --external-gateway external-network <router>
Specify
<router>
— The ID or name of the cloud router, can be viewed using theopenstack router list
command.
Disconnect the cloud router from the external network
If you disconnect the Cloud Router from the external network, its external IP address will return to the address pool. When you reconnect, the IP address will change.
Control panel
OpenStack CLI
- In the Control panel, on the top menu, click Products and select Cloud Servers.
- Go to Network → Cloud routers tab.
- From the menu of the cloud router, select Disconnect from external network.
-
Disconnect the cloud router from the external network:
openstack router unset --external-gateway <router>
Specify
<router>
— The ID or name of the cloud router, can be viewed using theopenstack router list
command.
Assign a firewall to a cloud router port
Inbound and outbound traffic that is not allowed in the cloud firewall rules will be denied on the cloud router port. Active sessions on the router will be interrupted, which cannot be set by the new rules.
You cannot assign more than one firewall to a single router port.
Control panel
OpenStack CLI
- In the dashboard, on the top menu, click Products and select Cloud Servers.
- Go to Network → Cloud routers tab.
- Open the cloud router card.
- In the row of the private subnet for which you want to configure traffic filtering, in the Firewall column, click Connect.
- Select a firewall.
- Click Assign.
-
Assign a firewall to the cloud router port:
openstack firewall group set --port <router_port> <firewall>
Specify:
<router_port>
— The ID or port name of the router to which the firewall will be assigned can be viewed with the commandopenstack port list
. To assign a firewall to multiple router ports, list their IDs or names with a space;<firewall>
— The ID or name of the firewall can be viewed with the commandopenstack firewall group list
.
Disconnect the firewall from the cloud router port
Cloud firewall rules will no longer apply — all inbound and outbound traffic that passes through the cloud router port will be allowed.
Control panel
OpenStack CLI
- In the dashboard, on the top menu, click Products and select Cloud Servers.
- Go to Network → Cloud routers tab.
- Open the router card.
- From the menu of the private subnet for which traffic filtering has been configured, select Disconnect Port from Port.
- Click Disable.
-
Disconnect the firewall from the router port:
openstack firewall group unset --port <router_port> <firewall>
Specify:
<router_port>
— The ID or port name of the router from which the firewall will be disconnected can be viewed with the commandopenstack port list
;<firewall>
— The ID or name of the firewall can be viewed with the commandopenstack firewall group list
.
Turn on the cloud router
Control panel
OpenStack CLI
- In the dashboard, on the top menu, click Products and select Cloud Servers.
- Go to Network → Cloud routers tab.
- In the cloud router card, turn on the router.
-
Turn on the cloud router:
openstack router set --enable <router>
Specify
<router>
— The ID or name of the router, can be viewed using theopenstack router list
command.
Turn off the cloud router
Control panel
OpenStack CLI
- In the dashboard, on the top menu, click Products and select Cloud Servers.
- Go to Network → Cloud routers tab.
- In the cloud router card, disable the router.
-
Disconnect the cloud router:
openstack router set --disable <router>
Specify
<router>
— The ID or name of the cloud router, can be viewed using theopenstack router list
command.
Remove the cloud router
Control panel
OpenStack CLI
- In the dashboard, on the top menu, click Products and select Cloud Servers.
- Go to Network → Cloud routers tab.
- If subnets are connected to the router, delete the router ports in the subnets. To do this, open the router card and select Delete Port from the subnet menu.
- From the router '
menu, select Remove Router. - Click Delete.
-
If subnets are connected to the router, delete the router ports:
openstack router remove port <router> <port_id>
Specify:
<router>
— The ID or name of the cloud router can be viewed with the commandopenstack router list
;<port_id>
— The ID of the port connected to the router can be viewed with the commandopenstack port list --router <router>
.
-
Remove the router:
openstack router delete <router>