Internet gateways#

General information#

An internet gateway provides connectivity between a VPC and the Internet that allows cloud resources to access the Internet and vice versa. For example, you can connect to an instance in the cloud from a local computer.

All VPCs (except for the default one) are created without an internet gateway. To allow a VPC to access the Internet, you must create a gateway, attach it to the VPC, and configure routing. The route table should specify a route (0.0.0.0/0) to the Internet through the gateway, or you can limit access to a specific range of public IP addresses, such as of your enterprise network.

If a subnet is associated with a route table that specifies a route through the internet gateway, then the subnet is called public. If the associated route table does not contain a route through the internet gateway, then the network is considered internal. Any instance on a public network can access the Internet regardless of whether it has a public IP address.

When instances with public IP addresses access the Internet, Network Address Translation (NAT) is applied. For outbound traffic, the instance’s internal IP address is replaced with its public IP address, and vice versa for inbound traffic.

To enable Internet access for instances without an Elastic IP address, source NAT is used (Masquerade). Public IP addresses used for this purpose are allocated dynamically by the cloud, so they are subject to change. Please do not include them in rules for ACLs, security groups, and other services, including third-party ones. NAT only applies when packets are sent from VPCs to the Internet.

Managing internet gateways#

Create an internet gateway#

  1. Go to Virtual machines Networking Internet gateways.

  2. Click Create.

  3. (Optional) In the window that opens, specify the gateway name (Name tag). If it’s necessary to specify other tags, click Add tags to go to the next step. Tags can also be assigned after creating the gateway.

  4. (Optional) To add a tag, click Add tag and enter tag key and value.

    Note

    If the Name tag was not specified in the previous step and you want to add it, click Add Name tag and set the tag value.

  5. After completing the configuration, click Create.

Attach an internet gateway#

An internet gateway can be attached only to a VPC without an attached gateway.

Important

If you attach an internet gateway to a VPC, from which it was detached earlier, then all routes through this gateway will become active again.

  1. Go to Virtual machines Networking Internet gateways.

  2. Select the gateway to be attached in the resource table.

  3. Click Attach.

  4. In the window that opens, select a VPC to which you want to attach the gateway.

  5. Click Attach to complete the operation.

Specifying tags#

To add, modify or delete tags for an internet gateway:

  1. Go to Virtual machines Networking Internet gateways.

  2. In the resource table, find the internet gateway for which tags should be edited and click on the gateway name to go to its page.

  3. Open the Tags tab.

  4. To add a tag, click Add tag and specify the Key and Value fields.

    To modify a tag, edit the required fields (Value and/or Key) of the respective tag.

    To delete a tag, click the icon next to the tag you no longer need.

    Note

    If no tags have been set earlier, you can add the Name tag by clicking Add Name tag and specifying its value.

  5. Click Apply to save the changes.

Detach an internet gateway#

An internet gateway can only be detached if a VPC has no resources with public or Elastic IP addresses.

Important

After the gateway is detached, all routes through this internet gateway in the route tables of this VPC will become blackholed.

  1. Go to Virtual machines Networking Internet gateways.

  2. Select the gateway to be detached in the resource table.

  3. Click Detach.

  4. In the window that opens, click Detach to confirm the action.

Delete an internet gateway#

To delete an internet gateway, detach it first.

  1. Go to Virtual machines Networking Internet gateways.

  2. Select the gateway to be deleted in the resource table.

  3. Click Delete.

  4. In the window that opens, click Delete to confirm the action.

Configuring Internet access#

If a VPC has no attached internet gateway, then to configure Internet access, do the following:

  1. Create an internet gateway;

  2. Attach an internet gateway;

  3. Configure Internet routing for a subnet.

    Important

    If a route table is associated with other subnets as well, then Internet access will be granted to them too. If you want to grant Internet access only from this particular subnet, then create a separate route table and associate it with the subnet.

    1. Go to Virtual machines Networking Route tables.

    2. In the resource table, find the route table associated with this subnet and click its ID.

    3. Open the Routes tab.

    4. Click Add.

    5. In the window that opens, enter 0.0.0.0/0 in the Network field to grant access to all Internet addresses (or specify a particular subnet to restrict access) and select Standard Internet gateway in the Gateway type field.

    6. Click Add to complete configuration.

After the routing is configured, verify that the subnet resources can access the Internet. For example, make sure that instances have Elastic IP addresses and their assigned security groups allow traffic to and from the Internet.

Internet gateway information#

General information about available internet gateways can be viewed in the resource table in Virtual machines Networking Internet gateways. To open a page of a particular internet gateway, click its ID in the resource table.

The Information tab displays the main parameters of the internet gateway:

  • internet gateway name (Name tag);

  • internet gateway state;

  • VPC, which the gateway is attached to.

Here, you can attach, detach or delete the gateway.

The Tags tab displays all tags assigned to the internet gateway. You can add new, modify existing, and delete no-longer-needed tags.