Set up access to and from the Internet
You can configure access to and from the Internet for the cloud server, cloud load balancer, and cloud database cluster:
- over a public IP address. To filter incoming traffic you will be able to use cloud firewall and security teams;
- over a public subnet. To filter incoming traffic you will be able to use security teams.
If the device only requires Internet access without access from the Internet, you can configure the device to cloud router.
Configure access to and from the Internet via a public IP address
To configure Internet access to and from the Internet for devices on the private subnet, you must connect the subnet to a cloud router with access to the external network and connect a public IP address to the device. The cloud router acts as a 1:1 NAT via the external IP address that is allocated when the router is connected to the external network: it organizes access to the Internet from the private subnet and processes incoming traffic packets for the public IP addresses.
You can connect a public IP address by cloud server creation, creating a cloud-based load balancer, Creating a cloud database cluster (PostgreSQL example) as well as after creation.
The device must be on a private subnet or a global router subnet that meets the requirements. Use the instructions to prepare the subnet Prepare a private subnet to connect a public IP address.
- Create a public IP address.
- Create a cloud router with external network connectivity.
- Connect a private subnet to the cloud router.
- Connect a public IP address to a device port on the private subnet.
Create a public IP address
Control panel
OpenStack CLI
- In control panels go to Cloud platform → Network.
- Open the tab Public IP addresses.
- Click Create an IP address.
- Select pool This will create a public IP address.
- Specify the number of public IP addresses — 1.
- Click Create.
-
Create a public IP address:
openstack floating ip create external-network
Create a cloud router with connection to an external network
Control panel
OpenStack CLI
- In control panel go to Cloud platform → Network.
- Open the tab Cloud routers.
- Click Create a router.
- Select pool in which a cloud router will be created.
- Enter the name of the router.
- Check the box Connect the router to an external network — an external IP address will be assigned to the router.
- Click Create.
-
Create a cloud router:
openstack router create <router_name>
Specify
<router_name>
— the name of the cloud router. -
Connect the cloud router to an external network — an external IP address will be assigned to the router:
openstack router set --external-gateway external-network <router>
Specify
<router>
— The ID or name of the cloud router, can be viewed using the commandopenstack router list
Connect a subnet to the cloud router
Control panel
OpenStack CLI
-
In control panel go to Cloud platform → Network.
-
Open the tab Cloud routers.
-
Open the router card.
-
Click Add a subnet.
-
Select a private subnet or a global router subnet.
-
Enter the IP address of the router. The IP address of the cloud router must match the default gateway of the private subnet. To view the default gateway on the private subnet, click the tab Private networks → network page → tab Subnetworks → subnet card → block Automatic network settings → field Subnet Gateway.
If you are connecting a global router subnet, the IP address of the cloud router must match the default gateway of the global router subnet and be different from the global router's IP address, the IP addresses of devices on the network, and service addresses
.253
and.254
. -
Click Add a subnet.
-
Connect the subnet to the cloud router:
openstack router add subnet <router> <subnet>
Specify:
<router>
— The ID or name of the cloud router, can be viewed using the commandopenstack router list
;<subnet>