Skip to main content
Ports
Last update:

Ports

A port is a virtual network card to which a mapping of MAC address and IP address is assigned. An IP address is assigned to a port within the subnet in which the port is located.

Ports are used to connect devices to private subnets, global router subnets, and public subnets. If a port is disconnected from a device, it will also be disconnected from a subnet. A private subnet cannot be deleted if it has at least one port.

If port security is enabled on the port network, you can assign a security group to the port and add authorized IP/MAC addresses.

You can work with ports in the control panel, using the OpenStack CLI or Terraform.

In cloud networks, service ports are automatically created and management is not available:

Add a port to a subnet

  1. In the Control panel, on the top menu, click Products and select Cloud Servers.

  2. Go to NetworkPrivate Networks tab.

  3. Open the Network page → Ports tab.

  4. Click Add Port.

  5. Select a subnet.

  6. Enter the IP address of the port.

  7. Optional: select the server or Managed Kubernetes cluster node to which you want to add this port.

  8. Click Add Port.

Add a cloud server or Managed Kubernetes cluster node to the subnet via port

A cloud server can be added to a private subnet, a global router subnet, or a public subnet after server creation. The Managed Kubernetes cluster node can be added to a private subnet or a global router subnet.

To do this, you need to add a port to the server or node.

  1. In the Control Panel, go to Cloud PlatformServers.
  2. Open the server page → Ports tab.
  3. Click Add Port.
  4. Select private subnet, global router subnet, or public subnet.
  5. Enter the IP address of the port.
  6. Click Add.

Connect a public IP address to a port on a private subnet

If a cloud server or load balancer is connected to a port on the private subnet, you can connect a public IP address to the port.

To connect a public IP address in the device sections of the Control Panel, use the Public IP Addresses instructions.

  1. Make sure the device is on a subnet that meets the requirements. To prepare the subnet, use the instructions Prepare a private subnet to connect a public IP address.
  2. In the dashboard, on the top menu, click Products and select Cloud Servers.
  3. Go to NetworkPrivate Networks tab.
  4. Open the Network page → Ports tab.
  5. In the port card of the cloud server or load balancer, click Connect Public IP.
  6. Select a public IP address.
  7. Click Connect.

Disconnect a public IP address from a port on a private subnet

To disable the public IP address in the device sections in the Control Panel, use the Public IP Addresses instructions.

  1. In the dashboard, on the top menu, click Products and select Cloud Servers.
  2. Go to NetworkPrivate Networks tab.
  3. Open the Network page → Ports tab.
  4. In the port card of the cloud server or load balancer, next to the public IP address, click .
  5. Select Disable public IP address.
  6. Optional: If you no longer need the public IP address, check the Delete Address checkbox.
  7. Click Save.

Assign a security group to a port

To assign a security group to device partitions in the Control Panel, use the Assign Security Group instructions.

  1. In the Control panel, on the top menu, click Products and select Cloud Servers.

  2. Go to NetworkPrivate Networks tab.

  3. Open the Network page → Ports tab.

  4. In the port card, in the Security Groups field, click .

  5. In the Security Groups field, check the groups you want to assign to the port, or click New Security Group and create a group.

  6. Click Save.

Disconnect the security group from the port

  1. In the Control panel, on the top menu, click Products and select Cloud Servers.

  2. Go to NetworkPrivate Networks tab.

  3. Open the Network page → Ports tab.

  4. In the port card, in the Security Groups field, click .

  5. In the Security Groups field, uncheck the checkboxes of the groups that you want to disconnect from the port.

  6. Click Save.

Add authorized IP/MAC addresses per port

If port security is enabled on the network, port traffic can only be sent from one IP/MAC address pair, which is assigned when the port is added to the subnet. If traffic is sent through the port from addresses that are not specified on the port, such traffic will be blocked. To allow traffic from addresses that are not listed on the port, you must add the allowed IP/MAC addresses to the port settings.

For example, if you have self-deployed on a cloud server:

  • VPN server — you must allow all IP addresses (subnet 0.0.0.0.0/0);
  • Kubernetes cluster with CNI Calico in Direct routing mode — you need to allow the subnet that is used in the cluster. No configuration is required for CNI Flannel.

If the additional addresses are not needed, you can remove them from the port.

You do not need to configure authorized addresses in Managed Kubernetes clusters, cloud databases, ready-made 1C cloud, as well as on cloud servers created from images with applications. All necessary settings for them have already been made.

A maximum of 10 additional IP/MAC address pairs can be added per port.

  1. In the dashboard, on the top menu, click Products and select Cloud Servers.

  2. Go to NetworkPrivate Networks tab.

  3. Open the Network page → Ports tab.

  4. In the port card, in the Security Groups field, click .

  5. If you want to allow all IP addresses, click Allow All IP Addresses for VPN. Traffic from the 0.0.0.0.0/0 subnet with the default port MAC address will be allowed.

  6. If you want to allow traffic from specific addresses:

    6.1.Click Add IP/MAC Pair.

    6.2.Enter the IP address or subnet in CIDR format.

    6.3.Optional: Enter a MAC address that matches the IP address, or leave the MAC address of the default port.

    6.4.To add another address pair, repeat steps 6.1 through 6.3.

  7. Click Save.

Remove authorized IP/MAC addresses from the port

  1. In the Control panel, on the top menu, click Products and select Cloud Servers.

  2. Go to NetworkPrivate Networks tab.

  3. Open the Network page → Ports tab.

  4. In the port card, in the Security Groups field, click .

  5. In the address pair row, click .

  6. Click Save.

Enable port

  1. In the dashboard, on the top menu, click Products and select Cloud Servers.

  2. Go to NetworkPrivate Networks tab.

  3. Open the Network page → Ports tab.

  4. In the port card, enable the port.

Disable the port

  1. In the dashboard, on the top menu, click Products and select Cloud Servers.

  2. Go to NetworkPrivate Networks tab.

  3. Open the Network page → Ports tab.

  4. In the port card, disable the port.

Delete port

  1. In the dashboard, on the top menu, click Products and select Cloud Servers.

  2. Go to NetworkPrivate Networks tab.

  3. Open the Network page → Ports tab.

  4. In the port card, click .

    If the button is inactive , a device that prohibits removal is connected to the port . Remove this device and return to step 1.

    Use the instructions to remove the device:

  5. Click Delete.