Performing Initial Network Setup in LS Cloud
This lesson describes a typical network configuration needed to connect to the Internet and expose compute resources to the public. After logging in for the first time, follow the instructions in this section is to set up your cloud environment.
Each customer's resources are grouped and isolated in a cloud tenant called a project. Each project has routed access to a public network (PublicNetwork by default). Virtual instances are not allowed to connect to the Internet by default. To enable that, use a virtual private network with NAT and floating IPs.
You can create multiple virtual private networks in a project. A private network is a private subnet with a prefix of /24 or smaller. For example:
- 10.0.0.0/8, IP addresses 10.0.0.0 to 10.255.255.255
- 172.16.0.0/12, IP addresses 172.16.0.0 to 172.31.255.255
- 192.168.0.0/16, IP addresses 192.168.0.0 to 192.168.255.255
Private networks connect to a public network via a virtual router. It can route traffic between private networks and translate source private IP addresses into public ones to let private networks access the Internet. A virtual router can also translate destination network addresses to expose private IP addresses as public.
A floating IP address is a feature of the virtual router that exposes a private IP address as a public one. It binds a virtual machine's private network port to a public network IP address.
It is also possible to expose multiple private ports via a single floating IP via a load balancer. It is a special virtual instance with HAproxy that redirects network traffic to multiple members according to a balancing policy.
A typical project's network must consist of a virtual private network and a virtual router connecting it to a public network.
Create a virtual private network as follows:
- Click Create Network on the Network tab.
- Enable IP Management and provide a name for the new network.
- Create an IPv4 subnet.
- Specify a range in the CIDR notation, e.g., 10.100.0.0/24.
- Choose a Gateway, a placeholder IP address for the virtual router. It must be within the specified range, e.g., 10.100.0.1.
- Enable the built-in DHCP server to deliver IP addresses to virtual instances. The DHCP server will take up the first two IP addresses from the allocation pool.
- Optionally, specify allocation pools to select IP subranges within the CIDR range. If not specified, the default allocation pool is the same as the CIDR range. Typically, you may need allocation pools to exclude certain IP addresses from being issued to virtual instances.
- Specify valid DNS server IP addresses
- Click Next to confirm the subnet parameters and move on.
- On the Summary check that the entered parameters are correct and click Create a virtual network to complete the process.
Now create a virtual router as follows:
- Click Add on the Routers tab.
- Provide a name for the router.
- Select a public network through which to connect to the Internet.
- Enable SNAT to allow virtual instances on the private network to access the Internet.
- Select the previously created private network as the internal interface for the router.
You are now ready to create virtual instances and connect them to the Internet.