Skip to main content
Manage networks
Last update:

Manage networks

Create a private network

Within a private network, there is no limit on the amount of traffic — this allows you to transfer any amount of data between your services.

There is no limit to the number of private networks used. Look at the bandwidth values.

The private network works only within one project and one pool, it is not available for other projects of the user account and other accounts.

  1. In Control Panel, go to Cloud PlatformNetwork.
  2. Open the Private Networks tab.
  3. Click Create Network.
  4. Select the pool where the private network will be created.
  5. Enter the name of the network.
  6. Enter the subnet's CIDR, which is the range of IP addresses available on the subnet.
  7. Optional: To enable DHCP, check the Enable DHCP checkbox.
  8. Optional: to change the default gateway IP address, click . Enter a value. Click .
  9. Optional: to change DNS servers, click . Enter one to three values. The subnet must have access to DNS servers. Click .
  10. Optional: to add additional subnets, click Add Subnet.
  11. Press Create.

Add a subnet to the private network

  1. In Control Panel, go to Cloud PlatformNetwork.
  2. Open the Private Networks tab.
  3. Open the network card → Subnets tab.
  4. Click Add Subnet.
  5. Enter the subnet's CIDR, which is the range of IP addresses available on the subnet.
  6. Optional: Change the IP address of the default gateway.
  7. Optional: To enable DHCP, check the Enable DHCP checkbox.
  8. Optional: Change the DNS servers. Enter one to three values. The subnet must have access to DNS servers. Click .
  9. Click Add Subnet.

Add a cloud server to the subnet

  1. In Control Panel, go to Cloud PlatformServers.
  2. Open the server page → Ports tab.
  3. Click Add Port.
  4. Select a subnet.
  5. Specify the IP address.
  6. Click Add Port.

Create a cross-project network

A private or public network of one project can be made available to another project (only within the same pool) — create a cross-project network.

  1. In Control Panel, click the name of the current project and open the list of all projects.
  2. Copy the ID of the target project.
  3. Go to Cloud PlatformNetwork in the current project.
  4. Open the Private Networks or Public Subnets tab.
  5. Open the private network card that you want to make available in another project → Projects tab.
  6. Click Add Project and enter the copied target project ID.

If you need to pool cloud servers from different pools (including different projects and accounts), use Selectel global router (formerly L3 VPNs).

Enable DHCP

The DHCP protocol can be used to automatically configure the network on cloud servers. It allows you to automatically obtain IP addresses and other parameters (subnet mask, gateway, DNS server addresses) for devices in a private subnet.

DHCP can be enabled when creating a private network, adding a subnet to an existing network, or for an existing private network.

When DHCP is enabled, two ports are created on the subnet for the primary and backup DHCP servers, and two IP addresses are reserved for them. The cloud server will automatically request settings from the DHCP server: when the network interface is turned on or when the address lease expires (24 hours by default). The DHCP server will issue the IP address reserved for the server port.

  1. In Control Panel, go to Cloud PlatformNetwork.
  2. Open the Private Networks tab.
  3. Open the network card.
  4. In the row of the desired subnet, enable the DHCP toggle switch.
  5. Go to Servers.
  6. Open the server page → Ports tab.
  7. In the Port Configuration block, select Manually in the network configuration file on the server.
  8. Configure DHCP in the cloud server configuration file.

Change DNS servers

You can change DNS servers when creating a private subnet and public subnet, adding a private subnet to a network, or for an existing private and public subnet.

  1. In Control Panel, go to Cloud PlatformNetwork.

  2. Open the tab depending on which subnet you want to change the DNS servers on:

    • for private — Private Networks;
    • for public — Public subnets.

  3. Open the private network or public subnet card → Subnets tab.

  4. In the subnet row, in the DNS Servers column, click .

  5. Enter one to three values. The subnet must have access to DNS servers.

  6. Click .

Create a cloud router

A cloud router allows you to route traffic between private networks.

You can use the router to configure access to the Internet from a private network or to access a device on a private subnet from the Internet using a public IP address.

  1. In Control Panel, go to Cloud PlatformNetwork.
  2. Open the Routers tab → click Create Router.
  3. Select pool of the router.
  4. Enter a name.
  5. Optional: check the box Connect router to external network — an external IP address will be assigned to the router.
  6. Press Create.

Connect the cloud router to an external network

If the cloud router is connected to an external network, it acts as a 1:1 NAT to access from the private network to the Internet via the router's external address or to access a device on the private subnet from the Internet via a public IP address.

Look at the bandwidth values.

  1. In Control Panel, go to Cloud PlatformNetwork.
  2. Open the Routers tab.
  3. From the router menu (⋮), select Connect to external network — an external IP address will be assigned to the router.

Create a public IP address

A public IP address is a static public IP address that can be quickly switched between cloud servers on private subnets.

If you create the first public IP address in a pool within a project, a private nat network and a router-nat cloud router will automatically be created.

  1. In Control Panel, go to Cloud PlatformNetwork.
  2. Open the Public IP Addresses tab → click Create IP Address.
  3. Select pool IP addresses.
  4. Specify the number of addresses.
  5. Press Create.

Create a public subnet

  1. In Control Panel, go to Cloud PlatformNetwork.
  2. Open the Public Subnets tab.
  3. Click Create Subnet.
  4. Select pool in which to create the public subnet.
  5. Select the size of the subnet.
  6. Optional: to change DNS servers, click . Enter one to three values. The subnet must have access to DNS servers. Click .
  7. Press Create.

Connect a private network to a cloud router

  1. Create router.
  2. Open the router card → click Add Subnet.
  3. Select a private subnet.
  4. Specify the IP address of the router. If you are connecting a global router network, specify a router IP address other than the global router IP address, the IP addresses of the cloud servers on the network, and the .253 and .254 service addresses
  5. Click Add Subnet.

Connect a private network to a global router

Once the network is connected to the global router, you will only be able to manage it on the global router page.

  1. Check that the network has not yet been added to any of the account's global routers — in dashboard under Cloud PlatformNetworkPrivate Networks tab it does not have the Global Router tag.

  2. Verify that the subnet meets the conditions:

    • belongs to the RFC 1918 private address range of 10.0.0.0.0/8, 172.16.0.0.0/12, or 192.168.0.0.0/16;
    • is at least /29, as three addresses will be occupied by Selectel network equipment;
    • does not overlap with other subnets added to this router: the IP addresses of each subnet on the router must not overlap with the IP addresses of other subnets on the router;
    • if Managed Kubernetes nodes are included in the global router network, the subnet does not overlap with the 10.250.0.0.0/16, 10.10.0.0.0/16, and 10.96.0.0.0/12 ranges. These subnets participate in the internal addressing of Managed Kubernetes, their use can cause conflicts in the global router network.

  3. In Control Panel, go to Cloud PlatformNetwork.

  4. Open the Private Networks tab.

  5. From the menu ( ) of the network, select Connect to Global Router.

  6. Select a global router or create a new one.

  7. For each of the subnets, enter the gateway IP or leave the first available address from the subnet assigned by default. Do not assign this address to your devices to avoid disrupting your network. The last two free subnet addresses will be reserved as service addresses.

  8. Press Connect. Do not close the window until you see the message that the network is connected. After that, in the control panel:

    • The network will appear in section Network ServicesSelectel Global Router on the page of the router you connected it to;
    • in section Cloud PlatformNetwork → on the Private Networks tab, the network will have the Global Router tag.

Connect the cloud server to the Internet

You can configure the cloud server to access the Internet via public subnet or via public IP address. If the cloud server is on the global router network, you can configure access via cloud router.

Look at the bandwidth values.

Via the public subnet

  1. In Control Panel, go to Cloud PlatformNetwork.
  2. Open the Public Subnets tab → click Create Subnet.
  3. Select pool subnets.
  4. Select the size of the subnet.
  5. Press Create.
  6. Go to Cloud PlatformServers.
  7. Open the server page → Ports tab.
  8. Click Add Port.
  9. Select a public subnet.
  10. Specify the IP address.
  11. Click Add Port.

Via the public IP address

  1. Create a public IP address.
  2. Create a cloud router with a connection to an external network.
  3. In Control Panel, go to Cloud PlatformServers.
  4. Open the server page → Ports tab.
  5. Click Add Port.
  6. Select a private subnet.
  7. Specify the IP address.
  8. Click Add Port.
  9. Connect a public IP address to the port — in the Public IP Address column, click Connect and select the public IP address.

Cloud server on the global router subnet

If you have a cloud server that is on the global-router network (formerly the L3 VPN network), you can configure Internet access through the cloud router. The cloud server will be connected to other devices in the private network of the global router.

  1. Create cloud router. When creating, check the box Connect router to external network.
  2. Connect the subnet of the global router to the cloud router. To do this, in Control Panel, open the router card → click Add Subnet → select the global router subnet you created earlier → specify a router IP address other than the global router IP address, the IP addresses of the cloud servers on the network, and the .253 and .254 service addresses → click Add Subnet.
  3. Connect a public IP address to the cloud server. Go to Cloud PlatformServers → open the server page → Ports tab → in the row with the global router subnet in the Public IP address column, click Connect.
  4. Specify the router port as the default gateway. In the Global Router subnet line of the menu (⋮), select Make Default Gateway.
  5. Write routes on the cloud server to all subnets of the global router.

Forward port

Port forwarding can be used to redirect traffic from one port to another port. For example, you can configure port forwarding on a public IP address to any port on a private subnet — in this case, access to the private port will be organized without creating an additional public IP address.

The public IP address must not be associated with the server, load balancer, or other devices before configuring port forwarding.

  1. Open OpenStack CLI.

  2. Configure port forwarding:

    openstack floating ip port forwarding create \
      --internal-ip-address <internal_ip_address> \
      --port <port> \
      --internal-protocol-port <internal_protocol> \
      --external-protocol-port <external_protocol> \
      --protocol <protocol> \
      <public_ip_address>

    Specify:

    • <internal_ip_address> — IP address of the port on the private subnet to which the forwarding will be performed;
    • <port> — Port ID or name, can be viewed with openstack port list;
    • <internal_protocol> is the protocol number of the port on the private subnet;
    • <external_protocol> is the port protocol number of the public IP address whose port is being forwarded;
    • <protocol> — protocol: tcp or udp;
    • <public_ip_address> is the public IP address whose port is being forwarded.

    Example of a command:

    openstack floating ip port forwarding create \
      --internal-ip-address 192.168.0.2 \
      --port ed010217-9f78-4002-8703-2112da3fef1f \
      --internal-protocol-port 80 \
      --external-protocol-port 80 \
      --protocol tcp \
      192.0.2.7