Public IP addresses
Public static IP addresses can be attached to devices to configure access to them from the Internet: to cloud server, load balancer, cloud database cluster.
To access, the device must be on a private subnet connected to a cloud router with access to an external network — see instructions for details Prepare a private subnet to connect a public IP address. The public IP address is associated with the private IP address of the device, and incoming traffic is handled by the cloud router — it acts as a 1:1 NAT via an external IP address that is allocated when the router is connected to an external network. Incoming traffic can be filtered using cloud firewall.
When created, the public IP address is automatically allocated from the address pool and cannot be selected. The address is floating (in API — Floating IP), as it can be quickly switched between devices in private subnets. When switching, the address is not changed or deleted.
A public IP address can only be used within a single projects and one pool.
For public IP addresses there is a limit on the amount of traffic — bandwidth. It can be viewed in the table Throughput.
You can work with public IP addresses in the control panels with the help of OpenStack CLI or Terraform.
Create a public IP address
If you create the first public IP address inside the projects и pool and a private network will be automatically created nat
and a cloud router router-nat
.
Control panel
OpenStack CLI
- В control panels go to Cloud platform → Network.
- Open the tab Public IP addresses.
- Click Create an IP address.
- Select pool This will create a public IP address.
- Specify the number of public IP addresses.
- Click Create.
-
Create a public IP address:
openstack floating ip create external-network
Prepare a private subnet to connect a public IP address
To set up access to and from the Internet via a public IP address, you need to connect it to your device.
The device must be on a private subnet or global router subnet that meets the requirements:
- subnet must be connected to a cloud router connected to an external network. If the cloud router is connected to an external network, it acts as a 1:1 NAT for access from the private network to the Internet via the external address of the router and for access to the device in the private subnet from the Internet via the public IP address;
- The private IP address of the cloud router must match the default gateway on the subnet.
If the subnet does not meet the requirements, prepare it to connect a public IP address:
- Create a cloud router that connects to an external network.
- Connect a private subnet to the cloud router.
Create a cloud router with connection to an external network
Control panel
OpenStack CLI
- В control panels go to Cloud platform → Network.
- Open the tab Cloud routers.
- Click Create a router.
- Select pool in which a cloud router will be created.
- Enter the name of the router.
- Check the box Connect the router to an external network — an external IP address will be assigned to the router.
- Click Create.
-
Create a cloud router:
openstack router create <router_name>
Specify
<router_name>
— the name of the cloud router. -
Connect the cloud router to an external network — an external IP address will be assigned to the router:
openstack router set --external-gateway external-network <router>
Specify
<router>
— The ID or name of the cloud router, can be viewed using the commandopenstack router list
Connect the subnet to the cloud router
Control panel
OpenStack CLI
-
В control panels go to Cloud platform → Network.
-
Open the tab Cloud routers.
-
Open the router card.
-
Click Add a subnet.
-
Select a private subnet or a global router subnet.
-
Enter the IP address of the router. The IP address of the cloud router must match the default gateway of the private subnet. To view the default gateway on the private subnet, click the tab Private networks → network page → tab Subnetworks → subnet card → block Automatic network settings → field Subnet Gateway.
If you are connecting a global router subnet, the IP address of the cloud router must match the default gateway of the global router subnet and be different from the global router's IP address, the IP addresses of devices on the network, and service addresses
.253
и.254
. -
Click Add a subnet.
-
Connect the subnet to the cloud router:
openstack router add subnet <router> <subnet>
Specify:
<router>
— The ID or name of the cloud router, can be viewed using the commandopenstack router list
;<subnet>
— ID or private subnet name, can be viewed with the commandopenstack subnet list
Connect a public IP address to a cloud server
A public IP address can be connected when cloud server creation or to an already created server.
Control panel
OpenStack CLI
- Ensure that the cloud server is on a subnet that meets the requirements. Use the following instructions to prepare the subnet Prepare a private subnet to connect a public IP address. Server subnets can be viewed in control panels under Cloud platform → Servers → server page → tab Ports.
- В control panels go to Cloud platform → Servers.
- Open the tab Servers → server page.
- Open the tab Ports.
- In the column Public IP click Connect.
- Select a public IP address.
-
Look for the port ID of the cloud server:
openstack port list --server <server>
Specify
<server>
— The ID or name of the cloud server. -
Connect the public IP address to the cloud server port:
openstack floating ip set --port <port> <public_ip_address>
Specify:
<port>
— The port ID of the cloud server;<public_ip_address>
— ID or public IP address, can be viewed with the commandopenstack floating ip list
Disconnect the public IP address from the cloud server
Control panel
OpenStack CLI
- В control panels go to Cloud platform → Servers.
- Open the tab Servers → server page.
- Open the tab Ports.
- In the column Public IP on the menu select Disable public IP.
- Click Disconnect.
-
Disconnect the public IP address from the cloud server port:
openstack floating ip unset --port <public_ip_address>
Specify
<public_ip_address>
— ID or public IP address, can be viewed with the commandopenstack floating ip list
Connect a public IP address to the load balancer
A static public IP address can be connected when creating a balancer or to an already created balancer.
Control panel
OpenStack CLI
- Ensure that the load balancer is on a subnet that meets the requirements. Use the following instructions to prepare the subnet Prepare a private subnet to connect a public IP address. The balancer sub-networks can be viewed in control panels under Cloud platform → Balancers → tab Balancers → balancer page → field Network.
- В control panels go to Cloud platform → Balancers.
- Open the tab Balancers.
- In the balancer card, click Connect public IP.
- Select a public IP address.
- Click Connect.
-
Look at the load balancer port ID — value
vip_port_id
from the output of the command:openstack loadbalancer show <loadbalancer>
Specify
<loadbalancer>
— ID or name of the balancer. The list can be viewed using the commandopenstack loadbalancer list
-
Connect the public IP address to the load balancer port:
openstack floating ip set --port <port> <public_ip_address>
Specify:
<port>
— Load balancer port ID;<public_ip_address>
— ID or public IP address, can be viewed with the commandopenstack floating ip list
Disconnect the public IP address from the load balancer
Control panel
OpenStack CLI
- В control panels go to Cloud platform → Balancers.
- Open the tab Balancers.
- In the balancer card of the public IP address, click .
- Select Disable public IP address.
- Click Save.
-
Disconnect the public IP address from the load balancer port:
openstack floating ip unset --port <public_ip_address>
Specify
<public_ip_address>
— ID or public IP address, can be viewed with the commandopenstack floating ip list
Connect a public IP address to a cloud database cluster
A public IP address can be connected when Creating a database cluster (PostgreSQL example) or to an already established cluster.
Control panel
- Ensure that the cloud database cluster is on a subnet that meets the requirements. Use the following instructions to prepare the subnet Prepare a private subnet to connect a public IP address. The subnetworks of the cluster can be viewed in control panels under Cloud platform → Databases → cluster page → tab Settings → field Cluster network.
- В control panels go to Cloud platform → Databases.
- Open the Database Cluster page → tab Settings.
- In the block Node addresses and statuses tab Public IP addresses.
- In the line with the desired node, click .
- Select New public IP address.
- Click .
Disconnect the public IP address from the cloud database cluster
Control panel
- В control panels go to Cloud platform → Databases.
- Open the Database Cluster page → tab Settings.
- In the block Node addresses and statuses tab Public IP addresses.
- In the line with the desired node, click .
- Select No public IP address.
- Click .
Configure NAT
To configure NAT, you need port forwarding, which is a way to redirect traffic from one port to another port. For example, you can configure port forwarding on a public IP address to any port on a private subnet — in this case, access to the private port will be organized without creating an additional public IP address.
The public IP address must not be associated with the cloud server, load balancer, or other devices before configuring port forwarding.
In Selectel, the default some TCP/UDP ports are blocked traffic through them is blocked.
OpenStack CLI
-
Configure port forwarding:
openstack floating ip port forwarding create \
--internal-ip-address <internal_ip_address> \
--port <port> \
--internal-protocol-port <internal_protocol> \
--external-protocol-port <external_protocol> \
--protocol <protocol> \
<public_ip_address>Specify:
<internal_ip_address>
— The IP address of the port on the private subnet to which the forwarding will be performed;<port>
— The ID or name of the port on the private network to which the forwarding will be performed can be viewed with the commandopenstack port list
;<internal_protocol>
— port protocol on a private subnet;<external_protocol>
— The port protocol of the public IP address whose port is being forwarded;<protocol>
— Protocol:tcp
orudp
;<public_ip_address>
— ID or public IP address whose port is being forwarded. You can view it with the commandopenstack floating ip list
Example of a command:
openstack floating ip port forwarding create \
--internal-ip-address 192.168.0.2 \
--port ed010217-9f78-4002-8703-2112da3fef1f \
--internal-protocol-port 80 \
--external-protocol-port 80 \
--protocol tcp \
192.0.2.7
Delete public IP address
After deletion, the public IP address will return to the public address pool.
Control panel
OpenStack CLI
- В control panels go to Cloud platform → Network.
- Open the tab Public IP addresses.
- In the public IP address card, click .
- Enter the IP address to confirm the deletion.
- Click Delete.
-
Remove the public IP address:
openstack floating ip delete <public_ip_address>
Specify
<public_ip_address>
— ID or public IP address, can be viewed with the commandopenstack floating ip list