Skip to main content

General information about cloud platform networks

The cloud platform networks are powered by OpenStack Neutron. For more information, see the Neutron section of the OpenStack documentation.

You can work with cloud platform networks in the control panel, using the OpenStack CLI or Terraform.

Tasks to be solved

In a cloud platform using network objects, you can:

  • configure connectivity between devices in the same pool and aggregate devices into private subnets using ports: cloud servers, load balancers, file storage, Managed Kubernetes clusters and cloud database clusters;
  • Route traffic between private subnets and configure Internet access for devices on a private subnet using cloud routers;
  • Connect static public IP addresses to devices on private subnets to configure access to them from the Internet;
  • Connect devices to public subnets for access to and from the Internet. Cloud servers, load balancers, and cloud database clusters can be ported to public subnets;
  • Distribute incoming network traffic between cloud servers using load balancers;
  • To organize network connectivity between devices in different pools (including different projects and accounts) or between different services, private subnets can be connected to a global router;
  • configure static routes for subnets.

To limit traffic, you can use:

  • cloud firewalls — Cloud firewalls are assigned to a cloud router port and allow you to filter traffic for private subnets and public IP addresses;
  • security groups — are assigned to a cloud server port, allow you to filter all port traffic;
  • allowed IP/MAC addresses — are configured on a cloud server port, allow outgoing port traffic only from specific IP/MAC address pairs.

To use security groups and authorized IP/MAC addresses , port security must be enabled on the network.

Examples of networks

Internet access

Cloud servers can be connected to a private network without Internet access and can be configured to access the Internet via routers and public IP addresses.

Private network and bastion host

A Bastion host is a host on a network that is a gateway or proxy for all other servers. This host is accessible by a public IP address and communicates with other servers over a private network.

Public subnet

All servers on the public subnet have access to the Internet. Servers communicate with each other through public interfaces.

Load balancer and bastion host

A load balancer can be added to the bastion host scheme. The bastion host is used for private network access and infrastructure management, while the load balancer performs proxying of requests.

Throughput

Cloud platform network objects have outbound and inbound bandwidth restrictions.

Outgoing trafficIncoming traffic
Cloud servers in private subnets, traffic within the private network3 Gbps — in all pools except ru-1

1 Gbit/s — in pool ru-1		Not limited (depends on cloud server configuration and network conditions)
Cloud servers in private subnets, Internet traffic (public IP addresses)3 Gbps — in all pools except ru-1

1 Gbit/s — in pool ru-1		5 Gbps
Cloud servers on public subnets3 Gbps — in all pools except ru-1

1 Gbit/s — in pool ru-1		Not limited (depends on cloud server configuration and network conditions)
Internet traffic through cloud routers5 Gbps5 Gbps

For a list of regions, availability zones and pools, see the Servercore Infrastructure table.

Bandwidth for devices on private networks can be increased to 10 Gbps — create a ticket.

The speed on a port may drop dramatically, for example to 0.1 Gbps, if the associated IP address is blocked by Servercore security.To increase the speed, create a ticket.

Traffic filtering (port security)

Traffic filtering (port security) is a network function to protect against unauthorized access and attacks. Filtering allows you to:

You can view the filtering status of the network in the Control Panel: from the top menu, click ProductsCloud ServersNetworkPrivate Networks or Public Networks tab .A network with filtering enabled is marked with a .

Traffic filtering is enabled by default on all new private networks and public subnets and cannot be turned off. If filtering is enabled on a network, it is enabled for each new port on that network:

  • The default security group that allows all traffic through the port is assigned.You can assign a different security group;
  • A single allowed IP/MAC address pair is assigned to the port for outgoing traffic.This blocks MAC/IP spoofing, overlay networks, VPNs, and VRRP.If you are using solutions based on these, you must add allowed IP/MAC addresses on the port that can be used to send traffic.

Filtering is turned off on private networks and public subnets that have been created:

  • in the ru-1 pool until June 2, 2025;
  • in the ru-2 pool until June 3, 2025;
  • in the ru-3 pool until June 4, 2025;
  • in the ru-7 pool until June 5, 2025;
  • in the ru-8 pool until May 15, 2025;
  • in the ru-9 pool until May 26, 2025;
  • in the pool through May 29, 2025;
  • in the kz-1 pool until May 28, 2025;
  • in the uz-1 pool through May 27, 2025;
  • in the uz-2 pool through May 22, 2025;
  • in the ke-1 pool until May 26, 2025.

You cannot enable filtering on these networks. If you need to use security groups, add allowed IP\MAC addresses, or restrict access to a load balancer, create a new private network or public subnet and configure addresses from it on your devices.

Blocked ports

Servercore has some TCP/UDP ports blocked by default, traffic through them is blocked.

Cost

Public IP addresses and public subnets are paid for using the cloud platform payment model.

The cost can be viewed at servercore.com.

The rest of the network resources are free of charge.