Public subnets

Last update: May 27 2025

Public subnets

A public subnet is a range of public static IP addresses limited by a prefix (mask) size. All devices on the public subnet have a public IP address and access to and from the Internet. You can configure access through a public subnet for a cloud server, cloud load balancer, and cloud database cluster — see Configuring Access to and from the Internet for more information.

IP addresses from the public subnet are not processed by the cloud router using 1:1 NAT, but are connected directly to the devices: cloud server, cloud load balancer, cloud database cluster. Due to the lack of NAT, this type of device connection to the Internet is more fault-tolerant and faster, but less secure than connecting through a public IP address.

Devices on a public subnet communicate with each other through public interfaces.

A public subnet can only be used within a single project and a single pool.

Within public subnets, there are limits on the amount of traffic — bandwidth. This can be viewed in the Bandwidth table.

You can work with public subnets in the Control Panel or Terraform.

Size of public subnets⁠

Public subnets ranging in size from /29 (five free IPv4 addresses) to /24 (253 free IPv4 addresses) are available. Three service IP addresses are reserved in each public subnet:

• The first IP address is the network address;
• the second IP address is the gateway address;
• the last IP address is a broadcast address.

The remaining IP addresses can be assigned to devices.

Example for subnet 192.0.2.0.0/29 — five addresses are available:

• 192.0.2.0 is the network address;
• 192.0.2.1 is the gateway address;
• 192.0.2.2 is usable;
• 192.0.2.3 is usable;
• 192.0.2.4 is usable;
• 192.0.2.5 is usable;
• 192.0.2.6 is usable;
• 192.0.2.7 is the broadcast address.

If you run out of free IP addresses in a public subnet, you can create a new public subnet.

Automatic public subnet settings⁠

Public subnets specify default settings: default gateway and DNS servers. The settings are automatically applied to the devices on the subnet.

Default gateway⁠

When you create a public subnet, a second IP address is reserved for the default gateway. The default gateway on a public subnet cannot be changed.

DNS servers⁠

When you create a public subnet, Selectel DNS servers are automatically assigned to the devices in the subnet. DNS servers can be changed when creating a subnet or  can be changed after the subnet is created.

Static routes⁠

By default, subnets do not have static routes specified. Static routes can be configured for public subnets.

Create a public subnet⁠

Control panel

1. In the dashboard, on the top menu, click Products and select Cloud Servers.
2. Go to Network → Public Networks tab.
3. Click Create Subnet.
4. Select the pool where the public subnet will be created.
5. Select the subnet size — the range of IP addresses available on the subnet.
6. Optional: To change the DNS servers, click . Enter one to three values. Click .
7. Click Create.

Configure public subnet access in different projects⁠

By default, a public subnet can only be used within one project and one pool. You can configure public subnet sharing in different projects within the same account. The subnet will also be available only within the same pool.

A public subnet will have the CrossProject tag. The subnet can only be managed in the project in which the subnet is located.

Control panel

1. In the dashboard, on the top menu, click Products and select Cloud Servers.
2. Go to Network → Public Networks tab.
3. Copy the ID of the destination project with which you want to share the subnetwork. Open the projects menu (name of the current project) and in the line of the desired project click .
4. Make sure you are in the project in which the subnet is located.
5. Open the network card → Projects tab.
6. Click Add Project.
7. Paste the destination project ID you copied in step 3.
8. Click .

Change DNS servers on the public subnet⁠

When you create a public subnet, Selectel recursive DNS servers are automatically assigned to the devices on the subnet. DNS servers can be changed when creating a public subnet or for an existing public subnet.

Control panel

1. In the dashboard, on the top menu, click Products and select Cloud Servers.
2. Go to Network → Public Networks tab.
3. Open the public subnet card → Subnets tab.
4. In the subnet row in the DNS Servers column, click .
5. Enter one to three values.
6. Click .

OpenStack CLI

1. Open the OpenStack CLI.

2. If you need to completely replace the list of DNS servers, delete the IP addresses of the specified DNS servers and add new ones:

   openstack subnet set \
     --no-dns-nameservers \
     --dns-nameserver <dns_server> \
     <subnet>

   Specify:

   • <dns_server> — IP address of the DNS server. It is possible to add several DNS servers — each is added using the option --dns-nameserver <dns_server>;
   • <subnet> — The ID or name of the public subnet can be viewed with the command openstack subnet list.

   Example of changing the default DNS servers to 192.0.2.3 and 192.0.2.4:

   openstack subnet set \
     --no-dns-nameservers \
     --dns-nameserver 192.0.2.3 \
     --dns-nameserver 192.0.2.4 \
     <subnet>

3. If you need to complete the list of DNS servers, add the IP addresses of the new DNS servers:

   openstack subnet set \
     --dns-nameserver <dns_server> \
     <subnet>

   Specify:

   • <dns_server> — IP address of the DNS server. It is possible to add several DNS servers — each is added using the option --dns-nameserver <dns_server>;
   • <subnet> — The ID or name of the public subnet can be viewed with the command openstack subnet list.

Delete a public subnet⁠

Control panel

1. In the dashboard, on the top menu, click Products and select Cloud Servers.
2. Go to Network → Public Networks tab.
3. From the menu of the public subnet, select Delete Subnet.
4. Enter the subnet address to confirm the deletion.
5. Click Delete.