Virtual Private Clouds (VPC)#

General information#

Virtual Private Cloud (VPC) provides an isolated network environment for running NGN Cloud services. VPC is analogous to Virtual Routing and Forwarding (VRF) on classic hardware routers. By default, subnets in different VPCs do not have IP connectivity, while subnets in one VPC are interconnected, thus forming a “routing domain”. IP connectivity between subnets is ensured regardless of which availability zone they are created in.

Users get complete control over the virtual network environment and can configure the VPC as they want: set their own address space, create subnets, and configure route tables. In addition, two-level traffic filtering using network access control lists (ACL) and security groups allows you to control access to resources deployed in the VPC.

In the VPC, you can create and/or configure the following services:

  • Subnets to perform additional resource segmentation within a VPC;

  • Instances to run servers and applications;

  • Network Interfaces to flexibly connect instances to subnets;

  • Route tables to define traffic forwarding rules;

  • ACL (or network access control lists) to filter traffic between networks;

  • Security groups to filter traffic on network interfaces;

  • DHCP options to fine-tune DHCP server;

  • VPN connections to establish a secure connection between the VPC and user infrastructure.

Note

Built-in VPC components such as a VPN gateway are not explicitly defined and cannot be configured by a user.

Note

Elastic IP addresses are created within the project and are bound to a specific VPC only when they are assigned to a network interface.

Create and delete VPC#

When creating a project, a default VPC is automatically created, where you can run instances right away. Along with the VPC, one subnet is created in each availability zone. You can use the default VPC, or you can create your own. If you don’t need a default VPC, you can delete it.

Creating a default VPC#

If there is no default VPC in a project, you can create it. To do this, go to the VPC section, click the arrow next to the Create button and select Create default VPC. The default VPC has the 172.31.0.0/16 address space. Default subnets have /20 prefix and use consecutive address blocks.

Creating a VPC#

To create a VPC, go to the VPC section and click Create. Alternatively, click the arrow next to the Create button and select Create a new VPC.

In the dialog window, specify the CIDR block, i.e. the subnet IP address in CIDR notation (<network address>/<network prefix>). In the future, all subnets in this VPC can only be created within the selected address range.

Note

CIDR prefix may have values from /16 to /28.

The CIDR block of an existing VPC cannot be changed. Therefore, the address range should be selected with further scaling and connectivity to other networks in mind. On the one hand, the VPC must accommodate the required number of subnets, and, on the other hand, the selected range must not overlap with the address spaces of the networks in the connected infrastructure.

To facilitate further VPC identification, you can specify the Name tag. You can also specify additional tags if necessary. To do this, click Add Tags and specify the desired key and value in the next step.

The created VPC will be displayed in the table in the VPC section. You can view the VPC settings and change them in the Information tab on the respective VPC page.

Note

To enable Internet access for instances without an Elastic IP address, source NAT is used (Masquerade). Public IP addresses used for this purpose are allocated dynamically by the cloud, so they are subject to change. Please do not include them in rules for ACLs, security groups, and other services, including third-party ones. NAT only applies when packets are sent from VPCs to the Internet.

Deleting VPC#

To delete a VPC, including the default VPC, go to the VPC section, select the desired VPC from the list, and click Delete. Alternatively, you can go to a specific VPC page and click Delete on the Information tab.

Attention

To delete a VPC, first delete the instances, network interfaces and VPN connections that were created in this VPC, and disconnect external networks.

Additional VPC settings#

Assigning/resetting DHCP options#

When a VPC is created, a distributed DHCP server is created with a set of default DHCP options as well. If you need, for example, to specify your DNS or NTP server, you can specify extra DHCP options in addition to mandatory options. How to do this is described in detail in DHCP documentation.

To install the pre-defined DHCP options set, go to the VPC section, click Set DHCP Options, and select the desired DHCP option set from the list in the dialog window. Alternatively, you can go to the VPC page and edit DHCP Options in the Information tab. To do this, select the desired option set from the drop-down list.

To return to the default DHCP options, go to the VPC section and click Reset DHCP Options. Alternatively, you can go to the VPC page and edit DHCP Options in the Information tab. To do this, select the default set from the drop-down list.

Enabling/disabling DNS support#

In NGN Cloud, each VPC has a DNS server enabled by default. It allows you to find the internal IP addresses of instances and IP addresses of external resources by their DNS names.

VPC’s DNS server is accessible at the first used IP address of each subnet. For example, if a subnet address is 172.31.0.0/24, then the DNS server will handle requests at the IP address 172.31.0.1.

VPC’s DNS server can be enabled or disabled using the DNS Support switch on the Information tab on the VPC page.

Enabling/disabling Route Propagation#

For dynamic routing over VPN connections, BGP is used. To allow instances in a VPC to use BGP-advertised routes, they must be added to a route table. This is done with the Route propagation feature.

To enable route propagation, on the Information tab in the VPC page, select the target route table where the routes will be installed from the drop-down list for the Route propagation parameter.

To disable route propagation, switch to the Route propagation parameter editing mode, click the button to reset the field, and confirm the action.

Specifying tags#

VPC tags can be set, changed, and deleted at any time. To do this, go to the VPC page and open the Tags tab.

Click Add Tag and specify the Key and Value fields to add a tag. To change a tag, edit the required fields (Value and/or Key) of the tag you want to change. To delete a tag, click the icon next to the tag you no longer need.

When you are finished editing, confirm the changes by clicking Apply.

Note

The value of the Name tag can be changed right on the Information tab.