Virtual Private Clouds (VPC)

General information

Virtual Private Cloud (VPC) provides an isolated network environment for running K2 Cloud services. VPC is analogous to Virtual Routing and Forwarding (VRF) on classic hardware routers. By default, subnets in different VPCs do not have IP connectivity, while subnets in one VPC are interconnected, thus forming a “routing domain”. IP connectivity between subnets inside a region is ensured regardless of which availability zone they are created in.

Users get complete control over the virtual network environment and can configure the VPC as they want: set their own address space, create subnets, and configure route tables. In addition, two-level traffic filtering using network access control lists (ACL) and security groups allows you to control access to resources deployed in the VPC.

In each project, a default VPC is created along with an attached internet gateway. A route through the gateway to the Internet (to 0.0.0.0./0) is automatically added to the main route table of this VPC. Other VPCs are created without an internet gateway. If Internet access is required for instances in these VPCs, you can, for example, connect them to the default VPC using a transit gateway, or create and attach an internet gateway to them. Either way, you will also need to configure routing.

In the VPC, you can create and/or configure the following services:

• Subnets to perform additional resource segmentation within a VPC;

• Instances to run servers and applications;

• Network Interfaces to flexibly connect instances to subnets;

• Route tables to define traffic forwarding rules;

• ACL (or network access control lists) to filter traffic between networks;

• Security groups to filter traffic on network interfaces;

• DHCP options to fine-tune DHCP server;

• VPN connections to establish a secure connection between the VPC and user infrastructure;

• internet gateway to establish Internet access.

Note

Built-in VPC components such as a VPN gateway are not explicitly defined and cannot be configured by a user.

Note

Elastic IP addresses are created within the project and are bound to a specific VPC only when they are assigned to a network interface.

Public IP addresses

Important

To announce public IP addresses, K2 Cloud uses ASN 51219.

Resources within VPC can be assigned public IP addresses from the following ranges:

• 5.8.180.0/23

• 5.35.72.0/21

• 81.23.10.0/23

• 91.184.232.0/22

• 91.184.236.0/23

• 93.183.64.0/22

• 178.216.96.0/21

• 185.12.28.0/23

• 185.12.30.0/24

• 185.102.122.0/24

• 194.242.120.0/22

• 217.73.57.0/24

• 217.73.58.0/23

• 217.73.60.0/24

• 217.73.62.0/23

These IP addresses are used for Internet access via NAT, as Elastic IP addresses, for assigning to VPN tunnels, and in other K2 Cloud services.

Create and delete VPC

When creating a project, a default VPC is automatically created, where you can run instances right away. Along with the VPC, one subnet is created in each availability zone. You can use the default VPC, or you can create your own. If you don’t need a default VPC, you can delete it.

Creating a default VPC

If there is no default VPC in the project, then you can create it:

Note

An Internet gateway is created along with the default VPC and attached to it. A route through the gateway to the Internet (to 0.0.0.0./0) is automatically added to the main route table of this VPC.

1. Go to Virtual machines Networking VPC.

2. In the VPC creation menu, select Create default VPC.

You can view the VPC settings and modify them in the Information tab on the VPC page.

Creating a VPC

To create a new VPC:

1. Go to Virtual machines Networking VPC and click Create.

   Alternatively, click the arrow next to Create and select Create VPC.

2. In the window that opens, set the following parameters:

   • (Optional) Name tag.

   • CIDR block – a subnet IP address in CIDR notation (<network address>/<network prefix>).

     Important

     From now on, all subnets in this VPC can only be created within the selected address range.

     Note

     CIDR prefix may have values from /16 to /28.

     The CIDR block of an existing VPC cannot be changed. Therefore, the address range should be selected with further scaling and connectivity to other networks in mind. On the one hand, the VPC must accommodate the required number of subnets, and, on the other hand, the selected range must not overlap with the address spaces of the networks in the connected infrastructure.

   • Internet access option. If it is selected, an Internet gateway will be created and attached to the VPC. A route through the gateway to the Internet (to 0.0.0.0./0) will also automatically be added to the main route table of this VPC.

3. If you need to set additional tags, go to the next step by clicking Add tags. Specify the tag key and value.

4. After setting all the required parameters, click Create.

The created VPC will be displayed in the resource table in the VPC subsection. You can view the VPC settings and change them in the Information tab on the VPC page.

Deleting VPC

Important

To delete a VPC, first delete the instances, network interfaces, and VPN connections that were created in this VPC, and detach an Internet gateway and external networks if any.

1. Go to Virtual machines Networking VPC.

2. In the resource table, select the virtual private cloud and click Delete.

3. In the window that opens, confirm the deletion.

Alternatively, you can delete a VPC on its page. To do this, in the Information tab, click Delete and confirm the action.

Additional VPC settings

Associate DHCP options

Along with a VPC, a distributed DHCP server is created with a set of default DHCP options. If you need, for example, to specify your own DNS or NTP server, you can specify extra DHCP options in addition to the service ones. How to do this is described in detail in DHCP documentation.

To apply a pre-created DHCP option set:

1. Go to Virtual machines Networking VPC.

2. Select the VPC from the resource table and click Associate DHCP options.

3. In the window that opens, select the desired DHCP options set from the list and press :bdg-primary`Associate`.

Alternatively, you can go to the VPC page and edit DHCP Options in the Information tab. To do this, select the required option set from the drop-down list.

Reset DHCP options

To reset DHCP options to default:

1. Go to Virtual machines Networking VPC.

2. In the resource table, select the VPC and click Reset DHCP options.

3. In the window that opens, confirm the action by clicking Reset.

Alternatively, you can go to the VPC page and edit DHCP Options in the Information tab. To do this, select the default set from the drop-down list.

Enabling/disabling DNS support

In K2 Cloud, each VPC has a DNS server enabled by default. It allows you to find the internal IP addresses of instances and IP addresses of external resources by their DNS names.

VPC’s DNS server is accessible at the first used IP address of each subnet. For example, if a subnet address is 172.31.0.0/24, then the DNS server will handle requests at the IP address 172.31.0.1.

1. Go to Virtual machines Networking VPC.

2. Find the desired VPC in the resource table and click the VPC ID to go to its page.

3. Move the DNS Support switch to the desired position in the Information tab.

Enable route propagation

For dynamic routing over VPN connections, BGP is used. To allow instances in a VPC to use BGP-advertised routes, they must be added to a route table. This is done with the Route propagation feature.

To enable route propagation:

1. Go to Virtual machines Networking VPC.

2. Find the desired VPC in the resource table and click the VPC ID to go to its page.

3. In the Information tab, select the target route table where the routes will be installed from the drop-down list for the Route propagation parameter.

Disable route propagation

To disable route propagation:

1. Go to Virtual machines Networking VPC.

2. Find the desired VPC in the resource table and click the VPC ID to go to its page.

3. In the Information tab, enable the Route propagation parameter editing mode, click the field reset button , and confirm the action.

Customize tags

To set, modify or delete tags for a VPC:

1. Go to Virtual machines Networking VPC.

2. In the resource table, find the VPC for which the tags should be edited and click on the VPC ID to go to its page.

3. Open the Tags tab.

4. To add a tag, click Add tag and specify the Key and Value fields.

   To modify a tag, edit the required fields (Value and/or Key) of the respective tag.

   To delete a tag, click the icon next to the tag you no longer need.

   Note

   If no tags have been set earlier, you can add the Name tag by clicking Add Name tag and specifying its value.

   Note

   You can also modify the Name tag in the Information tab by editing the corresponding field.

5. Click Apply to save the changes.

Information about a VPC

General information about VPCs can be viewed in the resource table in Virtual machines Networking VPC. To open a page with a particular VPC, click its ID in the resource table in the VPC subsection.

The Information tab displays the main VPC parameters:

• VPC name (Name tag);

• whether it is a default VPC (Yes/No);

• state;

• selected DHCP parameter set;

• target route table, if route propagation is enabled;

• CIDR — IP address of the subnet;

• attached internet gateway;

• DNS support option (toggle switch).

Here you can:

• modify VPC name (Name tag);

• assign/reset DHCP options;

• enable/disable DNS support (toggle);

• enable/disable route propagation;

• delete VPC.

The Tags tab displays all tags assigned to the VPC. You can add new, modify existing, and delete no-longer-needed tags.