Skip to main content

Public floating IP addresses

Public floating IP addresses are static IP addresses that can be connected to devices in private networks to configure access to them from the Internet: a cloud server, load balancer, Managed Database cluster.

The address is floating (labeled Floating IP in the API) as it can be quickly switched between devices in private subnets. When switched, the address neither changes nor is deleted.

To connect a public floating IP address, the device must reside in a private subnet connected to a cloud router with Internet access — more details are in the Prepare a private subnet to connect a public floating IP address instruction. A public floating IP address is associated with the device's private IP address. Incoming traffic is processed by the cloud router — the router performs 1:1 NAT via the external IP address allocated when connecting the router to the Internet. Incoming traffic can be filtered using a cloud firewall or a security group.

When created, a public floating IP address is automatically allocated from the address pool; it cannot be selected manually.

A public floating IP address can only be used within the same project and the same pool.

For public floating IP addresses, there are traffic volume limitations, i.e., bandwidth. You can view them in the Bandwidth table.

You can work with public floating IP addresses in the Control panel, using OpenStack CLI or Terraform.

Create a public floating IP address

If you are creating the first public floating IP address in a project and pool, a private network named nat and a cloud router named router-nat.

  1. In the Control panel, click Products on the top menu and select Cloud Servers.
  2. Go to NetworkPublic IP addresses tab.
  3. Click Create IP address.
  4. Select the location where the public floating IP address will be created.
  5. Specify the number of public floating IP addresses.
  6. Click Create.

Prepare a private subnet to connect a public floating IP address

To configure access to and from the Internet via a public floating IP address, you need to connect it to a device.

The device must be located in a private subnet or a global router subnet that meets the following requirements:

  • the subnet must be connected to a cloud router that is connected to the Internet. If the cloud router is connected to the Internet, it performs 1:1 NAT for access from the private network to the Internet via the router's external address, and for access to the device in the private subnet from the Internet via the public floating IP address;
  • the cloud router's private IP address must match the default gateway in the subnet.

If the subnet does not meet the requirements, prepare it for connecting a public floating IP address:

  1. Create a cloud router with Internet connection.
  2. Connect the private subnet to the cloud router.

1. Create a cloud router with Internet connection

  1. In the Control panel, on the top menu, click Products and select Cloud Servers.
  2. Go to the Network section → Cloud Routers tab.
  3. Click Create Router.
  4. Select the location where the cloud router will be created.
  5. Enter the router name.
  6. Select the Connect router to the internet checkbox — an external IP address will be assigned to the router.
  7. Click Create.

2. Connect the subnet to the cloud router

  1. In the Control panel, on the top menu, click Products and select Cloud Servers.

  2. Go to the Network section → Cloud Routers tab.

  3. Open the router page.

  4. Click Connect subnet.

  5. Select a private subnet or a global router subnet.

  6. Optional: enter the router IP address—any available IP address from the subnet. If you do not specify an IP address, one will be automatically selected from the available addresses in the subnet.

    For devices in the subnet to access the internet without additional routes, the cloud router IP address must match the private subnet gateway. If the subnet gateway is already in use, you will need to configure a static route to the internet in the subnet via the cloud router.

    You can view the subnet gateway in the control panel: in the top menu, click ProductsCloud ServersNetwork → tab Private networks → network page → tab Subnets → subnet card → block Automatic network settings → field Subnet gateway.

  7. Click Connect.

Connect a public floating IP to a cloud server

A public floating IP address can be connected when creating a cloud server or to an existing server.

  1. Make sure the cloud server is in a subnet that meets the requirements; for more information, see the Prepare a private subnet to connect a public floating IP address subsection. You can view server subnets in the Control panel: in the top menu, click ProductsCloud Servers → server page → Ports tab.
  2. In the Control panel, click Products on the top menu and select Cloud Servers.
  3. Go to the Network section.
  4. Open the Public IP addresses tab.
  5. In the public floating IP address card, click .
  6. Select the private IP address of the cloud server.
  7. Click Save.

Disconnect a public floating IP from a cloud server

  1. In the Control panel, on the top menu, click Products and select Cloud Servers.
  2. Go to the Network section.
  3. Open the Public IP addresses tab.
  4. In the public IP address card, click .
  5. In the New private IP for NAT field, select Disconnect current.
  6. Click Save.

Connect a public floating IP to a load balancer

A public floating IP address can be connected when creating a load balancer or to an existing load balancer.

  1. Make sure the load balancer is in a subnet that meets the requirements; for more information, see the Prepare a private subnet to connect a public floating IP address subsection. You can view load balancer subnets in the Control panel: in the top menu, click ProductsCloud ServersLoad BalancersLoad Balancers tab → load balancer page → SettingsNetwork field.
  2. In the Control panel, click Products on the top menu and select Cloud Servers.
  3. Go to the Network section.
  4. Open the Public IP addresses tab.
  5. In the public floating IP address card, click .
  6. Select the private IP address of the load balancer.
  7. Click Save.

Disconnect a public floating IP from a load balancer

  1. In the Control panel, on the top menu, click Products and select Cloud Servers.
  2. Go to the Network section.
  3. Open the Public IP addresses tab.
  4. In the public IP address card, click .
  5. In the New private IP for NAT field, select Disconnect current.
  6. Click Save.

Connect a public floating IP to a Managed Database cluster

A public floating IP address can be connected when creating a database cluster (example for PostgreSQL) or to an existing cluster.

  1. Make sure the Managed Database cluster is in a subnet that meets the requirements; for more information, see the Prepare a private subnet to connect a public floating IP address subsection. You can view cluster subnets in the Control panel: in the top menu, click ProductsManaged Databases → cluster page → SettingsCluster Network field.
  2. In the Control panel, click Products on the top menu and select Managed Databases.
  3. Go to the Network section.
  4. Open the Public IP addresses tab.
  5. In the public floating IP address card, click .
  6. Select the node's private IP address.
  7. Click Save.

Disconnect a public floating IP from a Managed Database cluster

  1. In the Control panel, click Products on the top menu and select Managed Databases.
  2. Go to the Network section.
  3. Open the Public IP addresses tab.
  4. In the public floating IP address card, click .
  5. In the New private address for traffic natting field, select Disconnect from current.
  6. Click Save.

Switch a public floating IP between devices

  1. In the Control panel, click Products on the top menu and select Cloud Servers.
  2. Go to the Network section.
  3. Open the Public IP addresses tab.
  4. In the public floating IP address card, click .
  5. Select a new private IP address for traffic natting.
  6. Click Save.

Configure NAT

To configure NAT, you need to perform port forwarding — configuring traffic redirection from one port to another. For example, you can configure port forwarding on a public floating IP address to any port in a private subnet — in this case, access to the private port will be organized without creating an additional public floating IP address.

Before you start configuring port forwarding, the public floating IP address must not be associated with a cloud server, load balancer, or other devices.

In Servercore, by default, some TCP/UDP ports are blocked; traffic through them is blocked.

  1. Open OpenStack CLI.

  2. Configure port forwarding:

    openstack floating ip port forwarding create \
    --internal-ip-address <internal_ip_address> \
    --port <port> \
    --internal-protocol-port <internal_protocol> \
    --external-protocol-port <external_protocol> \
    --protocol <protocol> \
    <floating_ip_address>

    Specify:

    • <internal_ip_address> — the IP address of the port in the private subnet to which you want to forward; ;
    • <port> — ID or name of the port in the private network to which you want to forward; you can view it using the openstack port list command;
    • <internal_protocol> — protocol of the port in the private subnet; ;
    • <external_protocol> — protocol of the public floating IP address port being forwarded; ;
    • <protocol> — protocol: tcp or udp;
    • <floating_ip_address> — ID or public floating IP address whose port is being forwarded. You can view it using the openstack floating ip list command.

    Command example:

    openstack floating ip port forwarding create \
    --internal-ip-address 192.168.0.2 \
    --port ed010217-9f78-4002-8703-2112da3fef1f \
    --internal-protocol-port 80 \
    --external-protocol-port 80 \
    --protocol tcp \
    192.0.2.7

Delete a public floating IP address

After deletion, the public floating IP address will return to the pool of floating public addresses.

  1. In the Control panel, click Products on the top menu and select Cloud Servers.
  2. Go to NetworkPublic IP addresses tab.
  3. In the public floating IP address card, click .
  4. Enter the IP address to confirm the deletion.
  5. Click Delete.