Example of configuring Internet access for a dedicated server via a cloud router

Configuration goal

Unite a dedicated server and a cloud router with an L3 private network and organize Internet access for the dedicated server through the cloud router, which will allow you to limit direct Internet access for the dedicated server.

To do this, you need to unite the dedicated server and the cloud router with a private network using a global router. Then, configure routing in the network so that the devices can see each other and Internet traffic from the dedicated server passes through the cloud router.

What you need for configuration

Device	Device settings in the example
Dedicated server in a private subnet without direct Internet access	The server has Ubuntu 22.04 OS installed; the server is added to the private network VLAN 2044, subnet `192.168.0.0/24`; on the server network interfaces are configured — the private network interface is configured with the address `192.168.0.2`
Cloud router in a private subnet with an external IP address	The cloud router is connected to the Internet with the external address `203.0.113.10`; to the router a private subnet is connected with the address `172.16.0.3`

Configuration result

The dedicated server and cloud router will be interconnected by an L3 private network, and Internet access will be organized for the dedicated server through the cloud router:

Configuration steps

Create a global router.
Connect the dedicated server subnet to the global router.
Connect the cloud platform project subnet to the global router.
Add a route in the cloud platform project subnet.
Add a route on the cloud router.
Add a route on the dedicated server.
Add a route on the global router.

1. Create a global router

In the Control panel, in the top menu, click Products and select Global Router.
Click Create router. A limit of five global routers is set for each account.
Enter the router name.
Click Create.
If the router was created with the status ERROR or is stuck in one of the statuses, create a ticket.

2. Connect the dedicated server subnet to the global router

In the control panel, in the top menu, click Products and select Global Router.
Open the router page.
Click Create network.
Enter a network name. It will only be used in the control panel.
Select the Servers and Hardware service.
Select a network location.
Select or enter a VLAN; in the example, it is VLAN 2044.
Enter a subnet name. It will only be used in the control panel.
Enter the CIDR—the IP address and mask of the private subnet; in the example, it is 192.168.0.0/24.
Enter the gateway IP address or leave the first address of the subnet that is assigned by default; in the example, it is 192.168.0.1. Do not assign this address to your devices so as not to disrupt network operation.
Enter service IP addresses or leave the last addresses of the subnet that are assigned by default; in the example, they are 192.168.0.5 and 192.168.0.6. Do not assign these addresses to your devices so as not to disrupt network operation.
Click Create network.
Optional: check the network topology on the global router. In the control panel, in the top menu, click Products → Global Router → page of the required router → Network map.

3. Connect the cloud platform project subnet to the global router

In the control panel, in the top menu, click Products and select Cloud Servers.
Go to the Network section → Private networks tab.
Make sure that the network to which the cloud platform project subnet belongs is not yet connected to any of the account's global routers—it does not have the Global Router tag.
In the network menu, select Connect to Global Router.
Select the global router.
For each of the network subnets, enter the IP address that will be assigned to the router, or leave the first available address of the subnet that is assigned by default; in the example, it is 172.16.0.1. Do not assign this address to your devices so as not to disrupt network operation. The two last available subnet addresses will be reserved as service addresses.
Click Connect. Do not close the window until a message appears confirming that the network is connected. After that, in the control panel:
- the network will appear in the section Servercore Global Router on the page of the router to which you connected it;
- in the section Cloud Servers → Network → Private networks tab, a Global Router tag will appear for the network.

4. Add a route in the cloud platform project subnet

Add a static route for the subnet of the cloud platform project that you connected to the global router; in the example, it is 172.16.0.0/29.

During configuration, specify:

destination subnet — dedicated server subnet on the global router; in the example, it is 192.168.0.0/24;
gateway — cloud platform project subnet gateway on the global router; in the example, it is 172.16.0.1.

5. Add a route on the cloud router

Static routes on a cloud router can only be configured via OpenStack API.

Open OpenStack CLI.
Create a static route:
```
openstack router set --route destination=192.168.0.0/24,gateway=172.16.0.1 13b6da27-4409-456c-b9aa-5dcf84690aaf
```
Where:
- 192.168.0.0/24 — dedicated server subnet on the global router with the mask specified;
- 172.16.0.1 — cloud platform project subnet gateway on the global router;
- 13b6da27-4409-456c-b9aa-5dcf84690aaf — cloud router UUID, you can find it in the control panel: in the top menu, click Products → Cloud Servers → Network → Cloud routers tab → the alphanumeric value below the router name.

6. Add a route on the dedicated server

The configuration process is described for Ubuntu 22.04 OS. If you need to add routes on a server with Debian, CentOS, or Windows OS, use the Add static routes on a server instruction.

Connect to the server.
Open the CLI.
Open the network configuration file; in Ubuntu 22.04 OS, it is the netplan utility configuration file:
```
vi /etc/netplan/50-cloud-init.yaml
```
At the end of the block with private network interface data, add the route:
```
routes:
  - to: 0.0.0.0/0
    via: 192.168.0.1
```
Where:
- 0.0.0.0/0 — default subnet for sending Internet traffic;
- 192.168.0.1 — dedicated server subnet gateway on the global router.
Save the file.
Check the settings:
```
sudo netplan try
```
Apply the changes:
```
netplan apply
```

7. Add a route on the global router

In the control panel, in the top menu, click Products and select Global Router.
Open the router page → Static routes tab.
Click Create route.
Enter a route name — you can use any name, it will only be displayed in the control panel.
Enter destination subnet CIDR 0.0.0.0/0.
Enter the Next hop IP address—the private IP address of the cloud router; in the example, it is 172.16.0.3.
Click Create.