Virtual Private Clouds (VPC)

General information

Virtual Private Cloud (VPC) provides an isolated network environment for running K2 Cloud services. VPC is analogous to Virtual Routing and Forwarding (VRF) on classic hardware routers. By default, subnets in different VPCs do not have IP connectivity, while subnets in one VPC are interconnected, thus forming a “routing domain”. IP connectivity between subnets is ensured regardless of which availability zone they are created in.

Users get complete control over the virtual network environment and can configure the VPC as they want: set their own address space, create subnets, and configure route tables. In addition, two-level traffic filtering using network access control lists (ACL) and security groups allows you to control access to resources deployed in the VPC.

In each project, a default VPC is created along with an attached internet gateway. A route through the gateway to the Internet (to 0.0.0.0./0) is automatically added to the main route table of this VPC. Other VPCs are created without an internet gateway. If Internet access is required for instances in these VPCs, you can, for example, connect them to the default VPC using a transit gateway, or create and attach an internet gateway to them. Either way, you will also need to configure routing.

In the VPC, you can create and/or configure the following services:

• Subnets to perform additional resource segmentation within a VPC;

• Instances to run servers and applications;

• Network Interfaces to flexibly connect instances to subnets;

• Route tables to define traffic forwarding rules;

• ACL (or network access control lists) to filter traffic between networks;

• Security groups to filter traffic on network interfaces;

• DHCP options to fine-tune DHCP server;

• VPN connections to establish a secure connection between the VPC and user infrastructure;

• internet gateway to establish Internet access.

Note

Built-in VPC components such as a VPN gateway are not explicitly defined and cannot be configured by a user.

Note

Elastic IP addresses are created within the project and are bound to a specific VPC only when they are assigned to a network interface.

Create and delete VPC

When creating a project, a default VPC is automatically created, where you can run instances right away. Along with the VPC, one subnet is created in each availability zone. You can use the default VPC, or you can create your own. If you don’t need a default VPC, you can delete it.

Creating a default VPC

If there is no default VPC in a project, you can create it. To do this, go to Virtual machines Networking VPC, click the arrow next to the Create button and select Create default VPC. The default VPC has the 172.31.0.0/16 address space. Default subnets have /20 prefix and use consecutive address blocks.

Creating a VPC

To create a VPC, go to Virtual machines Networking VPC and click Create. Alternatively, click the arrow next to the Create button and select Create a new VPC.

In the dialog window, specify the CIDR block, i.e. the subnet IP address in CIDR notation (<network address>/<network prefix>). In the future, all subnets in this VPC can only be created within the selected address range.

Note

CIDR prefix may have values from /16 to /28.

The CIDR block of an existing VPC cannot be changed. Therefore, the address range should be selected with further scaling and connectivity to other networks in mind. On the one hand, the VPC must accommodate the required number of subnets, and, on the other hand, the selected range must not overlap with the address spaces of the networks in the connected infrastructure.

To facilitate further VPC identification, you can specify the Name tag. You can also specify additional tags if necessary. To do this, click Add Tags and specify the desired key and value in the next step.

The created VPC will be displayed in the table in the VPC subsection. You can view the VPC settings and change them in the Information tab on the respective VPC page.

Deleting VPC

To delete a VPC, including the default VPC, go to Virtual machines Networking VPC, select the desired VPC from the list, and click Delete. Alternatively, you can go to a specific VPC page and click Delete on the Information tab.

Attention

To delete a VPC, first delete the instances, network interfaces and VPN connections that were created in this VPC, and disconnect external networks.

Additional VPC settings

Assigning/resetting DHCP options

When a VPC is created, a distributed DHCP server is created with a set of default DHCP options as well. If you need, for example, to specify your DNS or NTP server, you can specify extra DHCP options in addition to mandatory options. How to do this is described in detail in DHCP documentation.

To install the pre-defined DHCP options set, go to Virtual machines Networking VPC, click Set DHCP Options, and select the desired DHCP option set from the list in the dialog window. Alternatively, you can go to the VPC page and edit DHCP Options in the Information tab. To do this, select the desired option set from the drop-down list.

To return to the default DHCP options, go to Virtual machines Networking VPC and click Reset DHCP Options. Alternatively, you can go to the VPC page and edit DHCP Options in the Information tab. To do this, select the default set from the drop-down list.

Enabling/disabling DNS support

In K2 Cloud, each VPC has a DNS server enabled by default. It allows you to find the internal IP addresses of instances and IP addresses of external resources by their DNS names.

VPC’s DNS server is accessible at the first used IP address of each subnet. For example, if a subnet address is 172.31.0.0/24, then the DNS server will handle requests at the IP address 172.31.0.1.

VPC’s DNS server can be enabled or disabled using the DNS Support switch on the Information tab on the VPC page.

Enabling/disabling Route Propagation

For dynamic routing over VPN connections, BGP is used. To allow instances in a VPC to use BGP-advertised routes, they must be added to a route table. This is done with the Route propagation feature.

To enable route propagation, on the Information tab in the VPC page, select the target route table where the routes will be installed from the drop-down list for the Route propagation parameter.

To disable route propagation, switch to the Route propagation parameter editing mode, click the button to reset the field, and confirm the action.

Specifying tags

VPC tags can be set, changed, and deleted at any time. To do this, go to the VPC page and open the Tags tab.

Click Add Tag and specify the Key and Value fields to add a tag. To change a tag, edit the required fields (Value and/or Key) of the tag you want to change. To delete a tag, click the icon next to the tag you no longer need.

When you are finished editing, confirm the changes by clicking Apply.

Note

The value of the Name tag can be changed right on the Information tab.

Information about a VPC

General information about VPCs can be viewed in the resource table in Virtual machines Networking VPC. To open a page with a particular VPC, click its ID in the resource table in the VPC subsection.

The Information tab displays the main VPC parameters:

• VPC name (Name tag);

• whether it is a default VPC (Yes/No);

• state;

• selected DHCP parameter set;

• target route table, if route propagation is enabled;

• CIDR — IP address of the subnet;

• attached internet gateway;

• DNS support option (toggle switch).

Here you can:

• modify VPC name (Name tag);

• assign/reset DHCP options;

• enable/disable DNS support (toggle);

• enable/disable route propagation;

• delete VPC.

The Tags tab displays all tags assigned to the VPC. You can add new, modify existing, and delete no-longer-needed tags.