Example of configuring Internet access for a dedicated server via a cloud router
Purpose of customization
Unite the dedicated server, cloud server and cloud router by private L3 network and organize Internet access for the dedicated server through the cloud router, which will allow to limit direct Internet access for the dedicated server.
To do this, you need to connect the dedicated server, the cloud server and the cloud router with a private network using global router. Then configure network routing so that all devices see each other and Internet traffic from the dedicated server goes through the cloud router.
What you need to customize
Customization result
The dedicated server, cloud server and cloud router will be interconnected by a private L3 network, and internet access will be organized for the dedicated server through the cloud router:
Customization steps
- Create a global router.
- Connect the dedicated server subnet to a global router.
- Connect the cloud platform project subnet to a global router.
- Prescribe a route in the subnet of the cloud platform project.
- Prescribe a route on the cloud router.
- Specify a route on a dedicated server.
- Prescribe a route on the global router.
Create a global router
- В control panels go to Network services → Selectel Global Router.
- Click Create a router. Each account is set limit to five global routers.
- Enter the name of the router.
- Click Create.
- If the router was created with status ERROR or hovering in one of the statuses, file a ticket.
Connect the dedicated server subnet to a global router
- В control panels go to Network services → Selectel Global Router.
- Open the router page.
- Click Create a network.
- Enter a network name, this will only be used in the control panel.
- Select a service Dedicated servers.
- Select pool.
- Select the VLAN, in the example, VLAN 2044.
- Enter the subnet name — this will only be used in the control panel.
- Enter the CIDR — IP address and private subnet mask, in the example —
192.168.0.0/29
. - Enter the IP address of the gateway or leave the first address from the subnet assigned by default, in the example —
192.168.0.1
. Do not assign this address to your devices to avoid disrupting your network. - Enter service IP addresses or leave the last addresses from the subnet assigned by default, in the example —
192.168.0.5
and192.168.0.6
. Do not assign these addresses to your devices to avoid disrupting your network. - Click Create a network.
- Optional: check the network topology on the global router. В control panels go to Network services → Selectel Global Router. Open the page of the desired router and click Network map.
Connect the cloud platform project subnet to a global router
-
В control panels go to Cloud platform → Network.
-
Open the tab Private networks.
-
Check that the network to which the cloud platform project subnet belongs is not already connected to any of the account's global routers — it does not have a tag Global router.
-
On the menu. networks select Connect to a global router.
-
Select the global router.
-
For each of the network subnets, enter the IP address to be assigned to the router, or leave the first available address from the subnet assigned by default, in the example —
172.16.0.1
. Do not assign this address to your devices to avoid disrupting the network. The last two free subnet addresses will be reserved as service addresses. -
Click Connect. Do not close the window until you see the message that the network is connected. After that, in the control panel:
Prescribe a route in the subnet of the cloud platform project
Write a static route for the subnet of the cloud platform project that plugged into a global router.
When setting up, specify:
- destination subnet — the subnet of the dedicated server on the global router, in the example —
192.168.0.0/29
; - gateway — the subnet gateway of the cloud platform project on the global router, in the example —
172.16.0.1
; - source subnet — the subnet of the cloud platform project on the global router, in the example —
172.16.0.0/29
.
Prescribe a route on the cloud router
Static routes on a cloud router can only be configured through the Openstack API.
-
Create a static route:
openstack router set --route destination=192.168.0.0/29,gateway=172.16.0.1 13b6da27-4409-456c-b9aa-5dcf84690aaf
Here:
192.168.0.0/29
— subnet of the dedicated server on the global router, specifying the mask;172.16.0.1
— The subnet gateway of the cloud platform project on the global router;13b6da27-4409-456c-b9aa-5dcf84690aaf
— The UUID of the cloud router, you can view it in the control panels under Cloud platform → Network → tab Cloud routers → alphanumeric value under the router name.
Specify a route on a dedicated server
The configuration process is described for Ubuntu 22.04. If you need to specify routes on a Debian, CentOS, or Windows server, use the following instructions Specify routes on the servers.
-
Open the CLI.
-
Open the network configuration file, in Ubuntu OS 22.04 this is the utility configuration file
netplan
:vi /etc/netplan/01-netcfg.yaml
-
At the end of the data block of the desired network interface, add a route:
routes:
- to: 0.0.0.0/0
via: 192.168.0.1Here:
0.0.0.0/0
— The default subnet for sending Internet traffic;192.168.0.1
- subnet gateway of the dedicated server on the global router.
-
Save the file.
-
Check the settings:
sudo netplan try
-
Apply the changes:
netplan apply
Prescribe a route on the global router
- В control panels go to Network Services → Selectel Global Router.
- Open the router page → tab Static routes.
- Click Create a route.
- Enter a route name — any name, it will only appear in the control panel.
- Enter the CIDR of the destination subnet
0.0.0.0/0
. - Enter the IP address Next hop — the private IP address of the cloud router, in the example —
172.16.0.3
. - Click Create.