Public IP addresses

Last update: September 12 2024

Public IP addresses

Public static IP addresses can be connected to devices to set up access to them from the Internet: to the cloud server, load balancer, cloud database cluster.

To access, the device must be on a private subnet connected to a cloud router with access to an external network — see instructions for details Prepare a private subnet to connect a public IP address. The public IP address is associated with the private IP address of the device, and incoming traffic is handled by the cloud router — it acts as a 1:1 NAT via an external IP address that is allocated when the router is connected to an external network. Incoming traffic can be filtered using cloud firewall.

When created, the public IP address is automatically allocated from the address pool and cannot be selected. The address is floating (in API — Floating IP), as it can be quickly switched between devices in private subnets. When switching, the address is not changed or deleted.

A public IP address can only be used within a single projects and one pool.

For public IP addresses there is a limit on the amount of traffic — bandwidth. It can be viewed in the table Throughput.

You can work with public IP addresses in the control panelswith the help of OpenStack CLI or Terraform.

Create a public IP address⁠

If you create the first public IP address inside the projects и pooland a private network will be automatically created nat and a cloud router router-nat.

Control panel

1. В control panels go to Cloud platform → Network.
2. Open the tab Public IP addresses.
3. Click Create an IP address.
4. Select poolThis will create a public IP address.
5. Specify the number of public IP addresses.
6. Click Create.

OpenStack CLI

1. Open the OpenStack CLI.

2. Create a public IP address:

   openstack floating ip create external-network

Prepare a private subnet to connect a public IP address⁠

To set up access to and from the Internet via a public IP address, you need to connect it to your device.

The device must be on a private subnet or global router subnet that meets the requirements:

• subnet must be connected to a cloud router connected to an external network. If the cloud router is connected to an external network, it acts as a 1:1 NAT for access from the private network to the Internet via the external address of the router and for access to the device in the private subnet from the Internet via the public IP address;
• The private IP address of the cloud router must match the default gateway on the subnet.

If the subnet does not meet the requirements, prepare it to connect a public IP address:

1. Create a cloud router that connects to an external network.
2. Connect a private subnet to the cloud router.

Create a cloud router with connection to an external network⁠

Control panel

1. В control panels go to Cloud platform → Network.
2. Open the tab Routers.
3. Click Create a router.
4. Select poolin which a cloud router will be created.
5. Enter the name of the router.
6. Check the box Connect the router to an external network — an external IP address will be assigned to the router.
7. Click Create.

OpenStack CLI

1. Open the OpenStack CLI.

2. Create a cloud router:

   openstack router create <router_name>

   Specify <router_name> — the name of the cloud router.

3. Connect the cloud router to an external network — an external IP address will be assigned to the router:

   openstack router set --external-gateway external-network <router>

   Specify <router> — The ID or name of the cloud router, can be viewed using the command openstack router list

Connect the subnet to the cloud router⁠

Control panel

1. В control panels go to Cloud platform → Network.

2. Open the tab Routers.

3. Open the router card.

4. Click Add a subnet.

5. Select a private subnet or a global router subnet.

6. Enter the IP address of the router. The IP address of the cloud router must match the default gateway of the private subnet. To view the default gateway on the private subnet, click the tab Private networks → network card → tab Subnetworks → subnet row → column Gateway.

   If you are connecting a global router subnet, the IP address of the cloud router must match the default gateway of the global router subnet and be different from the global router's IP address, the IP addresses of devices on the network, and service addresses .253 и .254.

7. Click Add a subnet.

OpenStack CLI

1. Open the OpenStack CLI.

2. Connect the subnet to the cloud router:

   openstack router add subnet <router> <subnet>

   Specify:

   • <router> — The ID or name of the cloud router, can be viewed using the command openstack router list;
   • <subnet> — ID or private subnet name, can be viewed with the command openstack subnet list

Connect a public IP address to a cloud server⁠

A public IP address can be connected when cloud server creation or to an already created server.

Control panel

1. Ensure that the cloud server is on a subnet that meets the requirements. Use the following instructions to prepare the subnet Prepare a private subnet to connect a public IP address. Server subnets can be viewed in control panels under Cloud platform → Servers → server page → tab Ports.
2. В control panels go to Cloud platform → Servers.
3. Open the tab Servers → server page.
4. Open the tab Ports.
5. In the column Public IP click Connect.
6. Select a public IP address.

OpenStack CLI

1. Open the OpenStack CLI.

2. Look for the port ID of the cloud server:

   openstack port list --server <server>

   Specify <server> — The ID or name of the cloud server.

3. Connect the public IP address to the cloud server port:

   openstack floating ip set --port <port> <public_ip_address>

   Specify:

   • <port> — The port ID of the cloud server;
   • <public_ip_address> — ID or public IP address, can be viewed with the command openstack floating ip list

Disconnect the public IP address from the cloud server⁠

Control panel

1. В control panels go to Cloud platform → Servers.
2. Open the tab Servers → server page.
3. Open the tab Ports.
4. In the column Public IP on the menu select Disable public IP.
5. Click Disconnect.

OpenStack CLI

1. Open the OpenStack CLI.

2. Disconnect the public IP address from the cloud server port:

   openstack floating ip unset --port <public_ip_address>

   Specify <public_ip_address> — ID or public IP address, can be viewed with the command openstack floating ip list

Connect a public IP address to the load balancer⁠

A public IP address can be connected when creating a load balancer or to an already created balancer.

Control panel

1. Ensure that the load balancer is on a subnet that meets the requirements. Use the following instructions to prepare the subnet Prepare a private subnet to connect a public IP address. The balancer sub-networks can be viewed in control panels under Cloud platform → Balancers → tab Balancers → balancer page → field Network.
2. В control panels go to Cloud platform → Balancers.
3. Open the tab Balancers.
4. In the balancer card, click Connect public IP.
5. Select a public IP address.
6. Click Connect.

OpenStack CLI

1. Open the OpenStack CLI.

2. Look at the load balancer port ID — value vip_port_id from the output of the command:

   openstack loadbalancer show <loadbalancer>

   Specify <loadbalancer> — ID or name of the balancer. The list can be viewed using the command openstack loadbalancer list

3. Connect the public IP address to the load balancer port:

   openstack floating ip set --port <port> <public_ip_address>

   Specify:

   • <port> — Load balancer port ID;
   • <public_ip_address> — ID or public IP address, can be viewed with the command openstack floating ip list

Disconnect the public IP address from the load balancer⁠

Control panel

1. В control panels go to Cloud platform → Balancers.
2. Open the tab Balancers.
3. In the balancer card at the public IP address, click .
4. Select Disable public IP address.
5. Click Save.

OpenStack CLI

1. Open the OpenStack CLI.

2. Disconnect the public IP address from the load balancer port:

   openstack floating ip unset --port <public_ip_address>

   Specify <public_ip_address> — ID or public IP address, can be viewed with the command openstack floating ip list

Connect a public IP address to a cloud database cluster⁠

A public IP address can be connected when Creating a database cluster (PostgreSQL example) or to an already established cluster.

Control panel

1. Ensure that the cloud database cluster is on a subnet that meets the requirements. Use the following instructions to prepare the subnet Prepare a private subnet to connect a public IP address. The subnetworks of the cluster can be viewed in control panels under Cloud platform → Databases → cluster page → tab Settings → field Cluster network.
2. В control panels go to Cloud platform → Databases.
3. Open the Database Cluster page → tab Settings.
4. In the block Node addresses and statuses tab Public IP addresses.
5. In the line with the desired node, click .
6. Select New public IP address.
7. Click .

Disconnect the public IP address from the cloud database cluster⁠

Control panel

1. В control panels go to Cloud platform → Databases.
2. Open the Database Cluster page → tab Settings.
3. In the block Node addresses and statuses tab Public IP addresses.
4. In the line with the desired node, click .
5. Select No public IP address.
6. Click .

Configure NAT⁠

To configure NAT, you need port forwarding, which is a way to redirect traffic from one port to another port. For example, you can configure port forwarding on a public IP address to any port on a private subnet — in this case, access to the private port will be organized without creating an additional public IP address.

The public IP address must not be associated with the cloud server, load balancer, or other devices before configuring port forwarding.

In Selectel, the default some TCP/UDP ports are blockedtraffic through them is blocked.

OpenStack CLI

1. Open the OpenStack CLI.

2. Configure port forwarding:

   openstack floating ip port forwarding create \
     --internal-ip-address <internal_ip_address> \
     --port <port> \
     --internal-protocol-port <internal_protocol> \
     --external-protocol-port <external_protocol> \
     --protocol <protocol> \
     <public_ip_address>

   Specify:

   • <internal_ip_address> — The IP address of the port on the private subnet to which the forwarding will be performed;
   • <port> — The ID or port name on a private network can be viewed with the command openstack port list;
   • <internal_protocol> — port protocol on a private subnet;
   • <external_protocol> — The port protocol of the public IP address whose port is being forwarded;
   • <protocol> — Protocol: tcp or udp;
   • <public_ip_address> — ID or public IP address whose port is being forwarded. You can view it with the command openstack floating ip list

   Example of a command:

   openstack floating ip port forwarding create \
     --internal-ip-address 192.168.0.2 \
     --port ed010217-9f78-4002-8703-2112da3fef1f \
     --internal-protocol-port 80 \
     --external-protocol-port 80 \
     --protocol tcp \
     192.0.2.7

Delete public IP address⁠

After deletion, the public IP address will return to the public address pool.

Control panel

1. В control panels go to Cloud platform → Network.
2. Open the tab Public IP addresses.
3. In the public IP address card, click .
4. Enter the IP address to confirm the deletion.
5. Click Delete.

OpenStack CLI

1. Open the OpenStack CLI.

2. Remove the public IP address:

   openstack floating ip delete <public_ip_address>

   Specify <public_ip_address> — ID or public IP address, can be viewed with the command openstack floating ip list