Public IP addresses

Public static IP addresses can be connected to devices to configure access to them from the Internet: cloud server, load balancer, cloud database cluster.

To access, the device must be on a private subnet connected to the cloud router with access to the external network — see Prepare a private subnet to connect a public IP address for details. The public IP address is associated with the private IP address of the device, and incoming traffic is handled by the cloud router — it acts as a 1:1 NAT through the external IP address that is allocated when the router is connected to the external network. Incoming traffic can be filtered using a cloud firewall or security group.

When created, the public IP address is automatically allocated from the address pool and cannot be selected. The address is floating (in API — Floating IP), as it can be quickly switched between devices in private subnets. When switching, the address is not changed or deleted.

A public IP address can only be used within one project and one pool.

For public IP addresses there is a limit on the amount of traffic — bandwidth. You can see it in the Bandwidth table.

You can work with public IP addresses in the control panel, using the OpenStack CLI or Terraform.

Create a public IP address

If you create the first public IP address within the project and pool, a private nat network and router-nat cloud router will automatically be created.

Control panel

1. In the Dashboard, on the top menu, click Products and select Cloud Servers.
2. Go to Network → Public IP Addresses tab.
3. Click Create IP Address.
4. Select the pool where the public IP address will be created.
5. Specify the number of public IP addresses.
6. Click Create.

OpenStack CLI

1. Open the OpenStack CLI.

2. Create a public IP address:

   openstack floating ip create external-network

Prepare a private subnet to connect a public IP address

To set up access to and from the Internet via a public IP address, you need to connect it to your device.

The device must be on a private subnet or global router subnet that meets the requirements:

• subnet must be connected to a cloud router connected to an external network. If the cloud router is connected to an external network, it acts as a 1:1 NAT for access from the private network to the Internet via the external address of the router and for access to the device in the private subnet from the Internet via the public IP address;
• The private IP address of the cloud router must match the default gateway on the subnet.

If the subnet does not meet the requirements, prepare it to connect a public IP address:

1. Create a cloud router with a connection to an external network.
2. Connect the private subnet to the cloud router.

1. Create a cloud router with a connection to an external network

Control panel

1. In the dashboard, on the top menu, click Products and select Cloud Servers.
2. Go to Network → Cloud routers tab.
3. Click Create router.
4. Select the pool where the cloud router will be created.
5. Enter the name of the router.
6. Check the box Connect router to external network — an external IP address will be assigned to the router.
7. Click Create.

OpenStack CLI

1. Open the OpenStack CLI.

2. Create a cloud router:

   openstack router create <router_name>

   Specify <router_name> — the name of the cloud router..

3. Connect the cloud router to an external network — an external IP address will be assigned to the router:

   openstack router set --external-gateway external-network <router>

   Specify <router> — Cloud router ID or name, can be viewed using the openstack rou ter list command

2. Connect the subnet to the cloud router

Control panel

1. In the dashboard, on the top menu, click Products and select Cloud Servers.

2. Go to Network → Cloud routers tab.

3. Open the router card.

4. Click Add Subnet.

5. Select a private subnet or a global router subnet.

6. Enter the IP address of the router. The IP address of the cloud router must match the default gateway of the private subnet. You can view the gateway in the control panel: in the top menu, click Products → Cloud Servers → Network → Private Networks tab → Network page → Subnets tab → Subnet card → Automatic Network Settings block → Subnet Gateway field.

   If you are connecting a global router subnet, the IP address of the cloud router must match the default gateway of the global router subnet and must be different from the global router IP address, the IP addresses of the devices on the network, and the .253 and .254 service addresses.

7. Click Add Subnet.

OpenStack CLI

1. Open the OpenStack CLI.

2. Connect the subnet to the cloud router:

   openstack router add subnet <router> <subnet>

   Specify:

   • <router> — The ID or name of the cloud router can be viewed with the command openstack router list;
   • <subnet> — The ID or name of a private subnet can be viewed with the command openstack subnet list.

Connect a public IP address to a cloud server

You can connect a public IP address when you create a cloud server or to an already created server.

Control panel

1. Make sure that the cloud server is on a subnet that meets the requirements, see Prepare a private subnet to connect a public IP address for details. You can view the server subnets in the Control Panel: from the top menu, click Products → Cloud Servers → Server page → Ports tab.
2. In the Dashboard, on the top menu, click Products and select Cloud Servers.
3. Go to the Network section.
4. Open the Public IP Addresses tab.
5. In the public IP address card, click .
6. Select the private IP address of the cloud server.
7. Click Save.

OpenStack CLI

1. Open the OpenStack CLI.

2. Look for the port ID of the cloud server:

   openstack port list --server <server>

   Specify <server> — The ID or name of the cloud server.

3. Connect the public IP address to the cloud server port:

   openstack floating ip set --port <port> <public_ip_address>

   Specify:

   • <port> — The port ID of the cloud server;
   • <public_ip_address> — ID, or public IP address, can be viewed with the command openstack floating ip list.

Disconnect the public IP address from the cloud server

Control panel

1. In the dashboard, on the top menu, click Products and select Cloud Servers.
2. Go to the Network section.
3. Open the Public IP Addresses tab.
4. In the public IP address card, click .
5. In the New private address for nattying traffic field, select Disconnect from current one.
6. Click Save.

OpenStack CLI

1. Open the OpenStack CLI.

2. Disconnect the public IP address from the cloud server port:

   openstack floating ip unset --port <public_ip_address>

   Specify <public_ip_address> — The ID or public IP address, can be viewed using the openstack floating ip list command.

Connect a public IP address to the load balancer

A static public IP address can be connected when creating a balancer or to an already created balancer.

Control panel

1. Make sure that the load balancer is on a subnet that meets the requirements, see Prepare a private subnet to connect a public IP address for details. You can view the subnets of the load balancer in the Control Panel: in the top menu, click Products → Cloud Servers → Balancers → Balancers tab → Balancers page → Balancer page → Settings block → Network field.
2. In the Dashboard, on the top menu, click Products and select Cloud Servers.
3. Go to the Network section.
4. Open the Public IP Addresses tab.
5. In the public IP address card, click .
6. Select the private IP address of the load balancer.
7. Click Save.

OpenStack CLI

1. Open the OpenStack CLI.

2. Copy the port ID of the balancer, to do this output the balancer information:

   openstack loadbalancer show <loadbalancer>

   Specify <loadbalancer> — balancer ID or name. The list can be viewed using the openstack loadbalancer list command.

   In the command output, copy the value from the vip_port_id field.

3. Connect the public IP address to the load balancer port:

   openstack floating ip set --port <port> <public_ip_address>

   Specify:

   • <port> — The port ID of the load balancer port that you copied in step 2;
   • <public_ip_address> — ID, or public IP address, can be viewed with the command openstack floating ip list.

Disconnect the public IP address from the load balancer

Control panel

1. In the dashboard, on the top menu, click Products and select Cloud Servers.
2. Go to the Network section.
3. Open the Public IP Addresses tab.
4. In the public IP address card, click .
5. In the New private address for nattying traffic field, select Disconnect from current one.
6. Click Save.

OpenStack CLI

1. Open the OpenStack CLI.

2. Disconnect the public IP address from the load balancer port:

   openstack floating ip unset --port <public_ip_address>

   Specify <public_ip_address> — ID or public IP address, can be viewed using the openstack floating ip list command.

Connect a public IP address to a cloud database cluster

A public IP address can be connected when creating a database cluster (example for PostgreSQL) or to an already created cluster.

Control panel

1. Make sure that the cloud database cluster is on a subnet that meets the requirements, see Prepare a private subnet to connect a public IP address for details. You can view the cluster subnets in the Control Panel: from the top menu, click Products → Cloud Databases → Cluster page → Settings tab → Cluster Network field.
2. In the Dashboard, on the top menu, click Products and select Cloud Databases.
3. Go to the Network section.
4. Open the Public IP Addresses tab.
5. In the public IP address card, click .
6. Select the private IP address of the node.
7. Click Save.

Disconnect the public IP address from the cloud database cluster

Control panel

1. In the Dashboard, on the top menu, click Products and select Cloud Databases.
2. Go to the Network section.
3. Open the Public IP Addresses tab.
4. In the public IP address card, click .
5. In the New private address for nattying traffic field, select Disconnect from current one.
6. Click Save.

Switch the public IP address between devices

Control panel

1. In the dashboard, on the top menu, click Products and select Cloud Servers.
2. Go to the Network section.
3. Open the Public IP Addresses tab.
4. In the public IP address card, click .
5. Select a new private IP address for traffic naming.
6. Click Save.

OpenStack CLI

1. Open the OpenStack CLI.

2. Disconnect the public IP address from the current private IP address:

   openstack floating ip unset --port <public_ip_address>

   Specify <public_ip_address> is the public IP address.

3. Copy the port ID of the port with the private IP address to which you want to connect the public IP address. To do this, display the list of ports:

   openstack port list

   In the port row, copy the value in the ID field.

4. Connect the public IP address to the private IP address:

   openstack floating ip set --port <port> <public_ip_address>

   Specify:

   • <port> — The port ID you copied in step 3;
   • <public_ip_address> — ID, or public IP address, can be viewed with the command openstack floating ip list.

Configure NAT

To configure NAT, you need port forwarding, which is a way to redirect traffic from one port to another port. For example, you can configure port forwarding on a public IP address to any port on a private subnet — in this case, access to the private port will be organized without creating an additional public IP address.

The public IP address must not be associated with the cloud server, load balancer, or other devices before you begin configuring port forwarding.

Servercore has some TCP/UDP ports blocked by default, traffic through them is blocked.

OpenStack CLI

1. Open the OpenStack CLI.

2. Configure port forwarding:

   openstack floating ip port forwarding create \
     --internal-ip-address <internal_ip_address> \
     --port <port> \
     --internal-protocol-port <internal_protocol> \
     --external-protocol-port <external_protocol> \
     --protocol <protocol> \
     <public_ip_address>

   Specify:

   • <internal_ip_address> — The IP address of the port on the private subnet to which the forwarding will be performed;
   • <port> -ID or the name of the port on the private network to which the forwarding will be performed can be viewed with the command openstack port list;
   • <internal_protocol> — protocol of a port on a private subnet;
   • <external_protocol> — the port protocol of the public IP address whose port is being forwarded;
   • <protocol> — Protocol: tcp or udp;
   • <public_ip_address> — The ID or public IP address whose port is being forwarded. You can view it with the command openstack floating ip list.

   Example of a command:

   openstack floating ip port forwarding create \
     --internal-ip-address 192.168.0.2 \
     --port ed010217-9f78-4002-8703-2112da3fef1f \
     --internal-protocol-port 80 \
     --external-protocol-port 80 \
     --protocol tcp \
     192.0.2.7

Delete public IP address

After deletion, the public IP address will return to the public address pool.

Control panel

1. In the dashboard, on the top menu, click Products and select Cloud Servers.
2. Go to Network → Public IP Addresses tab.
3. In the public IP address card, click .
4. Enter the IP address to confirm the deletion.
5. Click Delete.

OpenStack CLI

1. Open the OpenStack CLI.

2. Remove the public IP address:

   openstack floating ip delete <public_ip_address>

   Specify <public_ip_address> — ID or public IP address, can be viewed using the openstack floating ip list command.