Public IP addresses
Public static IP addresses can be connected to devices to configure access to them from the Internet: cloud server, load balancer, cloud database cluster.
To access, the device must be on a private subnet connected to the cloud router with access to the external network — see Prepare a private subnet to connect a public IP address for details. The public IP address is associated with the private IP address of the device, and incoming traffic is handled by the cloud router — it acts as a 1:1 NAT through the external IP address that is allocated when the router is connected to the external network. Incoming traffic can be filtered using a cloud firewall or security group.
When created, the public IP address is automatically allocated from the address pool and cannot be selected. The address is floating (in API — Floating IP), as it can be quickly switched between devices in private subnets. When switching, the address is not changed or deleted.
A public IP address can only be used within one project and one pool.
For public IP addresses there is a limit on the amount of traffic — bandwidth. You can see it in the Bandwidth table.
You can work with public IP addresses in the control panel, using the OpenStack CLI or Terraform.
Create a public IP address
If you create the first public IP address within the project and pool, a private nat
network and router-nat
cloud router
will automatically be created.
Control panel
OpenStack CLI
-
Create a public IP address:
openstack floating ip create external-network
Prepare a private subnet to connect a public IP address
To set up access to and from the Internet via a public IP address, you need to connect it to your device.
The device must be on a private subnet or global router subnet that meets the requirements:
- subnet must be connected to a cloud router connected to an external network. If the cloud router is connected to an external network, it acts as a 1:1 NAT for access from the private network to the Internet via the external address of the router and for access to the device in the private subnet from the Internet via the public IP address;
- The private IP address of the cloud router must match the default gateway on the subnet.
If the subnet does not meet the requirements, prepare it to connect a public IP address:
- Create a cloud router with a connection to an external network.
- Connect the private subnet to the cloud router.
1. Create a cloud router with a connection to an external network
Control panel
OpenStack CLI
- In the dashboard, on the top menu, click Products and select Cloud Servers.
- Go to Network → Cloud routers tab.
- Click Create router.
- Select the pool where the cloud router will be created.
- Enter the name of the router.
- Check the box Connect router to external network — an external IP address will be assigned to the router.
- Click Create.
-
Create a cloud router:
openstack router create <router_name>
Specify
<router_name>
— the name of the cloud router.. -
Connect the cloud router to an external network — an external IP address will be assigned to the router:
openstack router set --external-gateway external-network <router>
Specify
<router>
— Cloud router ID or name, can be viewed using theopenstack rou
terlist
command
2. Connect the subnet to the cloud router
Control panel
OpenStack CLI
-
In the dashboard, on the top menu, click Products and select Cloud Servers.
-
Go to Network → Cloud routers tab.
-
Open the router card.
-
Click Add Subnet.
-
Select a private subnet or a global router subnet.
-
Enter the IP address of the router. The IP address of the cloud router must match the default gateway of the private subnet. You can view the gateway in the control panel: in the top menu, click Products → Cloud Servers → Network → Private Networks tab → Network page → Subnets tab → Subnet card → Automatic Network Settings block → Subnet Gateway field.
If you are connecting a global router subnet, the IP address of the cloud router must match the default gateway of the global router subnet and must be different from the global router IP address, the IP addresses of the devices on the network, and the
.253
and.254
service addresses. -
Click Add Subnet.
-
Connect the subnet to the cloud router:
openstack router add subnet <router> <subnet>
Specify:
<router>
— The ID or name of the cloud router can be viewed with the commandopenstack router list
;<subnet>
— The ID or name of a private subnet can be viewed with the commandopenstack subnet list
.
Connect a public IP address to a cloud server
You can connect a public IP address when you create a cloud server or to an already created server.
Control panel
OpenStack CLI
- Make sure that the cloud server is on a subnet that meets the requirements, see Prepare a private subnet to connect a public IP address for details. You can view the server subnets in the Control Panel: from the top menu, click Products → Cloud Servers → Server page → Ports tab.
- In the Dashboard, on the top menu, click Products and select Cloud Servers.
- Go to the Network section.
- Open the Public IP Addresses tab.
- In the public IP address card, click .
- Select the private IP address of the cloud server.
- Click Save.
-
Look for the port ID of the cloud server:
openstack port list --server <server>
Specify
<server>
— The ID or name of the cloud server. -
Connect the public IP address to the cloud server port:
openstack floating ip set --port <port> <public_ip_address>
Specify:
<port>
— The port ID of the cloud server;<public_ip_address>
— ID, or public IP address, can be viewed with the commandopenstack floating ip list
.
Disconnect the public IP address from the cloud server
Control panel
OpenStack CLI
- In the dashboard, on the top menu, click Products and select Cloud Servers.
- Go to the Network section.
- Open the Public IP Addresses tab.
- In the public IP address card, click .
- In the New private address for nattying traffic field, select Disconnect from current one.
- Click Save.
-
Disconnect the public IP address from the cloud server port:
openstack floating ip unset --port <public_ip_address>
Specify
<public_ip_address>
— The ID or public IP address, can be viewed using theopenstack floating ip list
command.
Connect a public IP address to the load balancer
A static public IP address can be connected when creating a balancer or to an already created balancer.
Control panel
OpenStack CLI
- Make sure that the load balancer is on a subnet that meets the requirements, see Prepare a private subnet to connect a public IP address for details. You can view the subnets of the load balancer in the Control Panel: in the top menu, click Products → Cloud Servers → Balancers → Balancers tab → Balancers page → Balancer page → Settings block → Network field.
- In the Dashboard, on the top menu, click Products and select Cloud Servers.
- Go to the Network section.
- Open the Public IP Addresses tab.
- In the public IP address card, click .
- Select the private IP address of the load balancer.
- Click Save.
-
Copy the port ID of the balancer, to do this output the balancer information:
openstack loadbalancer show <loadbalancer>
Specify
<loadbalancer>
— balancer ID or name. The list can be viewed using theopenstack loadbalancer list
command.In the command output, copy the value from the
vip_port_id
field. -
Connect the public IP address to the load balancer port:
openstack floating ip set --port <port> <public_ip_address>
Specify:
<port>
— The port ID of the load balancer port that you copied in step 2;<public_ip_address>
— ID, or public IP address, can be viewed with the commandopenstack floating ip list
.
Disconnect the public IP address from the load balancer
Control panel
OpenStack CLI
- In the dashboard, on the top menu, click Products and select Cloud Servers.
- Go to the Network section.
- Open the Public IP Addresses