Internet gateways#

General information#

An internet gateway provides connectivity between a VPC and the Internet that allows cloud resources to access the Internet and vice versa. For example, you can connect to an instance in the cloud from a local computer.

All VPCs (except for the default one) are created without an internet gateway. To allow a VPC to access the Internet, you must create a gateway, attach it to the VPC, and configure routing. The route table should specify a route (0.0.0.0/0) to the Internet through the gateway, or you can limit access to a specific range of public IP addresses, such as of your enterprise network.

If a subnet is associated with a route table that specifies a route through the internet gateway, then the subnet is called public. If the associated route table does not contain a route through the internet gateway, then the network is considered internal. Any instance on a public network can access the Internet regardless of whether it has a public IP address.

When instances with public IP addresses access the Internet, Network Address Translation (NAT) is applied. For outbound traffic, the instance’s internal IP address is replaced with its public IP address, and vice versa for inbound traffic.

To enable Internet access for instances without an Elastic IP address, source NAT is used (Masquerade). Public IP addresses used for this purpose are allocated dynamically by the cloud, so they are subject to change. Please do not include them in rules for ACLs, security groups, and other services, including third-party ones. NAT only applies when packets are sent from VPCs to the Internet.

Managing internet gateways#

Create an internet gateway#

  1. Go to Virtual machines Networking Internet gateways.

  2. Click Create.

  3. (Optional) In the window that opens, specify the gateway name (Name tag). If it’s necessary to specify other tags, click Add tags to go to the next step. Tags can also be assigned after creating the gateway.

  4. (Optional) To add a tag, click Add tag and enter tag key and value.

    Note

    If the Name tag was not specified in the previous step and you want to add it, click Add Name tag and set the tag value.

  5. After completing the configuration, click Create.

Attach an internet gateway#

An internet gateway can be attached only to a VPC without an attached gateway.

Important

If you attach an internet gateway to a VPC, from which it was detached earlier, then all routes through this gateway will become active again.

  1. Go to Virtual machines Networking Internet gateways.

  2. Select the gateway to be attached in the resource table.

  3. Click Attach.

  4. In the window that opens, select a VPC to which you want to attach the gateway.

  5. Click Attach to complete the operation.

Specifying tags#

To add, modify or delete tags for an internet gateway:

  1. Go to Virtual machines Networking Internet gateways.

  2. In the resource table, find the internet gateway for which tags should be edited and click on the gateway name to go to its page.

  3. Open the Tags tab.

  4. To add a tag, click Add tag and specify the Key and Value fields.

    To modify a tag, edit the required fields (Value and/or Key) of the respective tag.

    To delete a tag, click the icon next to the tag you no longer need.

    Note

    If no tags have been set earlier, you can add the Name tag by clicking Add Name tag and specifying its value.

  5. Click Apply to save the changes.

Detach an internet gateway#

An internet gateway can only be detached if a VPC has no resources with public or Elastic IP addresses.

Important

After the gateway is detached, all routes through this internet gateway in the route tables of this VPC will become blackholed.

  1. Go to Virtual machines Networking Internet gateways.

  2. Select the gateway to be detached in the resource table.

  3. Click Detach.

  4. In the window that opens, click Detach to confirm the action.

Delete an internet gateway#

To delete an internet gateway, detach it first.

  1. Go to Virtual machines Networking Internet gateways.

  2. Select the gateway to be deleted in the resource table.

  3. Click Delete.

  4. In the window that opens, click Delete to confirm the action.

Configuring Internet access#

If a VPC has no attached internet gateway, then to configure Internet access, do the following:

  1. Create an internet gateway.

  2. Attach an internet gateway.

  3. Configure Internet routing for a subnet.

    Important

    If a route table is associated with other subnets as well, then Internet access will be granted to them too. If you want to grant Internet access only from this particular subnet, then create a separate route table and associate it with the subnet.

    1. Go to Virtual machines Networking Route tables.

    2. In the resource table, find the route table associated with this subnet and click its ID.

    3. Open the Routes tab.

    4. Click Add.

    5. In the window that opens, enter 0.0.0.0/0 in the Network field to grant access to all Internet addresses (or specify a particular subnet to restrict access) and select Standard Internet gateway in the Gateway type field.

    6. Click Add to complete configuration.

After the routing is configured, verify that the subnet resources can access the Internet. For example, make sure that instances have Elastic IP addresses and their assigned security groups allow traffic to and from the Internet.

Alarm setup#

You can use alarms to receive notifications when the traffic through an Internet gateway goes beyond the specified threshold.

Create alarm#

Note

Alarm can also be created in the section Monitoring Alarms.

  1. Go to Virtual machines Networking Internet gateways.

  2. Find the required internet gateway in the resource table and click the resource name to go to its page.

  3. Open the Alarms tab and click Create.

  4. In the window that opens, select the metrics to be monitored:

    • InternetTrafficIn — The amount of incoming Internet traffic over a predefined interval.

    • InternetTrafficOut — The amount of outgoing Internet traffic over a predefined interval.

    • BilledInternetTrafficIn — The amount of billable incoming Internet traffic over a predefined interval.

    • BilledInternetTrafficOut — The amount of billable outgoing Internet traffic over a predefined interval.

    Click Next.

  5. Set alarm metrics (for details, see Alarms section):

    • The alarm name and, optionally, its description.

    • Statistics.

    • The condition of triggering an alarm for the selected metric. It includes a comparison operator and a threshold value.

    • The number and duration of time periods, over which metric values are collected.

      If necessary, you can also change the metric selected in the previous step.

  6. Optionally, you can also specify the emails to which notifications will be sent when the alarm state changes (for details, see the Alarms page). To do this, go to the next step by clicking Set actions.

  7. Once you have made all the required adjustments, click Create.

Change the alarm#

To change the alarm:

  1. Go to Virtual machines Networking Internet gateways.

  2. Find the required internet gateway in the resource table and click the resource name to go to its page.

  3. Open the Alarms tab, select the desired alarm in the table and click Modify.

  4. The dialog window will open at the Parameters step. Modify the required alarm parameters:

    • Statistics.

    • The condition of triggering an alarm for the selected metric. It includes a comparison operator and a threshold value.

    • Monitored metrics.

    • The number and duration of time periods, over which metric values are collected.

  5. If you need to modify or cancel previously configured notifications or add more addresses for notifications, click Set actions to proceed to the next step.

  6. Once you have made the required changes, click Modify to save them.

Delete the alarm#

  1. Go to Virtual machines Networking Internet gateways.

  2. Find the required internet gateway in the resource table and click the resource name to go to its page.

  3. Open the Alarms tab and select the alarm to be deleted in the alarm table. You can select multiple alarms at once.

  4. Click Delete and confirm the action in the dialog window.

Internet gateway information#

General information about available internet gateways can be viewed in the resource table in Virtual machines Networking Internet gateways. To open a page of a particular internet gateway, click its ID in the resource table.

The Information tab displays the main parameters of the internet gateway:

  • internet gateway name (Name tag);

  • internet gateway state;

  • VPC, which the gateway is attached to.

Here you can attach, detach or delete the gateway.

In the Metrics tab, you can view the graphs of the monitored metrics. You can set the period the metric graph covers, statistics, and metric calculation interval. To automatically refresh the graph, enable Auto-refresh; to refresh it manually, click Refresh.

Important

Automatic refresh is not possible when a custom period and/or interval is selected.

The Alarms tab displays details of alarms configured for the resource:

  • state;

  • alarm name;

  • triggering condition.

Alarms can be filtered by a state and/or metrics.

Here you can create, modify or delete an alarm.

The Tags tab displays all tags assigned to the internet gateway. You can add new, modify existing, and delete no-longer-needed tags.