Example of configuring Internet access for a dedicated server via a cloud router

Last update: April 10 2024

Example of configuring Internet access for a dedicated server via a cloud router

Purpose of customization⁠

Unite the dedicated server, cloud server and cloud router by private L3 network and organize Internet access for the dedicated server through the cloud router, which will allow to limit direct Internet access for the dedicated server.

To do this, you need to connect the dedicated server, cloud server, and cloud router with a private network using global-router. After that, set up routing on the network so that all devices see each other and internet traffic from the dedicated server goes through the cloud router.

What you need to customize⁠

Device	Device settings in the example
Dedicated server on private subnet	Server has Ubuntu 22.04 installed on it; server added to private network VLAN 2044, subnet 192.168.0.0.0/29; on local interface configured address 192.168.0.2
Cloud server on private subnet	Server added to private subnet 172.16.0.0/29; address 172.16.0.2 is configured on local port
Cloud router in private subnet with public IP address	Router is created in the same project with cloud server; private subnet of cloud server 172.16.0.0.0/29 with the address 172.16.0.3; router is connected to the external network with the public address 203.0.113.10

Result of customization⁠

The dedicated server, cloud server and cloud router will be interconnected by a private L3 network, and internet access will be organized for the dedicated server through the cloud router:

Steps to customize⁠

1. Create global router.
2. Connect dedicated server subnet to global router.
3. Connect cloud platform project subnet to global router.
4. Write-route-in-cloud-platform-project-subnet.
5. Write-route-on-cloud-router.
6. Write-route-on-dedicated-server.
7. Write-route-on-global-router.

1. Create a global router⁠

1. In Control Panel, go to Network Services → Selectel Global Router.
2. Click Create Router. Each account has a limit of five global routers.
3. Enter the name of the router.
4. Press Create.
5. If the router was created with status ERROR or hung in one of the statuses, create a ticket.

2. Connect the dedicated server subnet to the global router⁠

1. In Control Panel, go to Network Services → Selectel Global Router.
2. Open the router page.
3. Click Create Network.
4. Enter a network name, this will only be used in the control panel.
5. Select the Dedicated Servers service.
6. Select pool.
7. Select the VLAN, in the example, VLAN 2044.
8. Enter the subnet name — this will only be used in the control panel.
9. Enter the CIDR — IP address and private subnet mask, in the example — 192.168.0.0.0/29.
10. Enter the gateway IP address or leave the first address from the subnet assigned by default, in the example, 192.168.0.1. Do not assign this address to your devices to avoid disrupting your network.
11. Enter service IP addresses or leave the last addresses from the subnet assigned by default, in the example, 192.168.0.5 and 192.168.0.6. Do not assign these addresses to your devices to avoid disrupting your network.
12. Click Create Network.
13. Optional: check the network topology on the global router. In Control Panel, go to Network Services → Selectel Global Router. Open the page of the desired router and click Network Map.

3. Connect the cloud platform project subnet to the global router⁠

1. In Control Panel, go to Cloud Platform → Network.

2. Open the Private Networks tab.

3. Check that the network to which the cloud platform project subnet belongs is not yet connected to any of the account's global routers — it does not have the Global Router tag.

4. From the menu ( ) of the network, select Connect to Global Router.

5. Select the global router.

6. For each of the network subnets, enter the IP address to be assigned to the router, or leave the first available address from the subnet assigned by default, in the example, 172.16.0.1. Do not assign this address to your devices to avoid disrupting your network. The last two free subnet addresses will be reserved as service addresses.

7. Press Connect. Do not close the window until you see the message that the network is connected. After that, in the control panel:

   • The network will appear in section Network Services → Selectel Global Router on the page of the router you connected it to;
   • in section Cloud Platform → Network → on the Private Networks tab, the network will have the Global Router tag.

4. Route in the subnet of the cloud platform project⁠

Write a static route for the subnet of the cloud platform project that connected to the global router.

When setting up, specify:

• destination subnet — the subnet of the dedicated server on the global router, in the example — 192.168.0.0.0/29;
• gateway — the subnet gateway of the cloud platform project on the global router, in the example — 172.16.0.1;
• The source subnet is the subnet of the cloud platform project on the global router, in the example it is 172.16.0.0.0/29.

5. write a route on the cloud router⁠

Static routes on a cloud router can only be configured through the Openstack API.

1. Open OpenStack CLI.

2. Create a static route:

   openstack router set --route destination=192.168.0.0.0/29,gateway=172.16.0.1 13b6da27-4409-456c-b9aa-5dcf84690aaf

   Here:

   • 192.168.0.0.0/29 — subnet of the dedicated server on the global router with mask;
   • 172.16.0.1 is the subnet gateway of the cloud platform project on the global router;
   • 13b6da27-4409-456c-b9aa-5dcf84690aaf is the UUID of the cloud router, it can be viewed in control panel under Cloud Platform → Network → Routers tab → alphanumeric value under the router name.

6. Write a route on a dedicated server⁠

The configuration process for Ubuntu 22.04 is described. If you need to write routes on a Debian, CentOS or Windows server, use the Write routes on servers instructions.

1. Connect to server.

2. Open the CLI.

3. Open the network configuration file, in Ubuntu OS 22.04 this is the netplan utility configuration file:

   vi /etc/netplan/01-netcfg.yaml

4. At the end of the data block of the desired network interface, add a route:

   routes:
     - to: 0.0.0.0.0/0
       via: 192.168.0.1

   Here:

   • 0.0.0.0.0/0 is the default subnet for sending Internet traffic;
   • 192.168.0.1 is the subnet gateway of the dedicated server on the global router.

5. Save the file.

6. Check the settings:

   sudo netplan try

7. Apply the changes:

   netplan apply

7. write a route on the global router⁠

1. In Control Panel, go to Network Services → Selectel Global Router.
2. Open the router page → Static Routes tab.
3. Press Create Route.
4. Enter a route name — any name, it will only appear in the control panel.
5. Enter the CIDR of the destination subnet 0.0.0.0.0/0.
6. Enter the Next hop IP address — the private IP address of the cloud router, in the example it is 172.16.0.3.
7. Press Create.