Skip to main content
Cloud routers
Last update:

Cloud routers

With a cloud router, you can:

  • route traffic between private subnets. All private subnets connected to the same router can communicate with each other and use the router's IP address as the default route;
  • configure Internet access for devices in the private subnet (outgoing traffic) and from the Internet (incoming traffic), more details in the instructions Configure Internet access and from the Internet. The cloud router performs 1:1 NAT function via an external IP address, which is allocated when the router is connected to an external network: it organizes Internet access from the private subnet and processes incoming traffic packets for public IP addresses.

You can configure static routes on the cloud router.

A cloud router can only be used within one project and one pool.

Cloud routers have a limit on the amount of traffic — bandwidth. You can see it in the Bandwidth table.

You can work with cloud routers in the control panel, using the OpenStack CLI or Terraform.

Create a cloud router

  1. In the dashboard, on the top menu, click Products and select Cloud Servers.
  2. Go to NetworkCloud routers tab.
  3. Click Create router.
  4. Select the pool where the cloud router will be created.
  5. Enter the name of the router.
  6. Optional: check the Connect router to external network checkbox — an external IP address will be assigned to the router.
  7. Click Create.

Connect a subnet to the cloud router

For private subnets to communicate with each other, they must be connected to the same cloud router. The subnets must have different CIDRs.

To configure access to and from the Internet for devices on private subnets using a cloud router, use the instructions to Configure Access to and from the Internet.

  1. In the dashboard, on the top menu, click Products and select Cloud Servers.

  2. Go to NetworkCloud routers tab.

  3. Open the router card.

  4. Click Add Subnet.

  5. Select a private subnet or a global router subnet.

  6. Enter the IP address of the router. The IP address of the cloud router must match the default gateway of the private subnet. You can view the gateway in the control panel: in the top menu, click ProductsCloud ServersNetworkPrivate Networks tab → Network page → Subnets tab → Subnet card → Automatic Network Settings block → Subnet Gateway field.

    If you are connecting a global router subnet, the IP address of the cloud router must match the default gateway of the global router subnet and must be different from the global router IP address, the IP addresses of the devices on the network, and the .253 and .254 service addresses.

  7. Click Add Subnet.

Disconnect the subnet from the cloud router

  1. In the dashboard, on the top menu, click Products and select Cloud Servers.
  2. Go to NetworkCloud routers tab.
  3. Open the router card.
  4. From the menu of the private subnet, select Delete Port.
  5. Click Delete.

Connect the cloud router to an external network

To configure Internet access for devices on a private subnet, the subnet must be connected to a cloud router with external-network access. When the router is connected to the external-network, an external IP address will be assigned to the router, through which the router will perform a 1:1 NAT function.

If the router connects multiple private subnets, devices on all subnets will be able to access the Internet.

To configure access from the Internet for devices on private subnets using a cloud router, use the instructions Configure Access to and from the Internet.

  1. In the Control panel, on the top menu, click Products and select Cloud Servers.
  2. Go to NetworkCloud routers tab.
  3. From the menu of the cloud router, select Connect to external network.

Disconnect the cloud router from the external network

If you disconnect the Cloud Router from the external network, its external IP address will return to the address pool. When you reconnect, the IP address will change.

  1. In the Control panel, on the top menu, click Products and select Cloud Servers.
  2. Go to NetworkCloud routers tab.
  3. From the menu of the cloud router, select Disconnect from external network.

Assign a firewall to a cloud router port

carefully

Inbound and outbound traffic that is not allowed in the cloud firewall rules will be denied on the cloud router port. Active sessions on the router will be interrupted, which cannot be set by the new rules.

You cannot assign more than one firewall to a single router port.

  1. In the dashboard, on the top menu, click Products and select Cloud Servers.
  2. Go to NetworkCloud routers tab.
  3. Open the cloud router card.
  4. In the row of the private subnet for which you want to configure traffic filtering, in the Firewall column, click Connect.
  5. Select a firewall.
  6. Click Assign.

Disconnect the firewall from the cloud router port

carefully

Cloud firewall rules will no longer apply — all inbound and outbound traffic that passes through the cloud router port will be allowed.

  1. In the dashboard, on the top menu, click Products and select Cloud Servers.
  2. Go to NetworkCloud routers tab.
  3. Open the router card.
  4. From the menu of the private subnet for which traffic filtering has been configured, select Disconnect Port from Port.
  5. Click Disable.

Turn on the cloud router

  1. In the dashboard, on the top menu, click Products and select Cloud Servers.
  2. Go to NetworkCloud routers tab.
  3. In the cloud router card, turn on the router.

Turn off the cloud router

  1. In the dashboard, on the top menu, click Products and select Cloud Servers.
  2. Go to NetworkCloud routers tab.
  3. In the cloud router card, disable the router.

Remove the cloud router

  1. In the dashboard, on the top menu, click Products and select Cloud Servers.
  2. Go to NetworkCloud routers tab.
  3. If subnets are connected to the router, delete the router ports in the subnets. To do this, open the router card and select Delete Port from the subnet menu.
  4. From the router ' menu, select Remove Router.
  5. Click Delete.