Yandex.Cloud
  • Services
  • Why Yandex.Cloud
  • Pricing
  • Documentation
  • Contact us
Get started
Yandex Virtual Private Cloud
  • Getting started
  • Step-by-step instructions
    • All instructions
    • Cloud network
      • Creating a cloud network
      • Deleting a cloud network
      • Updating a cloud network
    • Subnet
      • Creating a subnet
      • Deleting a subnet
      • Updating a subnet
    • IP address
      • Reserving a static public IP address
      • Making a dynamic public IP address static
      • Making a static public IP address dynamic
      • Deleting a static public IP address
    • Static routes
      • Creating a static route
      • Enabling NAT to the internet
    • Security groups
      • Create a security group
      • Update a security group and rules
      • Delete a security group
    • DDoS Protection
      • Enable protection from DDoS attacks
  • Use cases
    • Architecture and protection of a basic internet service
  • Concepts
    • Relationship between service resources
    • Cloud networks and subnets
    • Cloud resource addresses
    • Static routes
    • Security groups
    • MTU and MSS
    • DHCP settings
    • Quotas and limits
  • DDoS Protection
  • Cloud Interconnect
  • Access management
  • Pricing policy
    • Current policy
    • Archive
      • Policy before January 1, 2019
  • API reference
    • Authentication in the API
    • gRPC
      • Overview
      • AddressService
      • NetworkService
      • RouteTableService
      • SecurityGroupService
      • SubnetService
      • OperationService
    • REST
      • Overview
      • Address
        • Overview
        • create
        • delete
        • get
        • getByValue
        • list
        • listOperations
        • update
      • Network
        • Overview
        • create
        • delete
        • get
        • list
        • listOperations
        • listSubnets
        • move
        • update
      • RouteTable
        • Overview
        • create
        • delete
        • get
        • list
        • listOperations
        • move
        • update
      • SecurityGroup
        • Overview
      • Subnet
        • Overview
        • create
        • delete
        • get
        • list
        • listOperations
        • move
        • update
      • Operation
        • Overview
        • get
  • Questions and answers
  1. Concepts
  2. Cloud networks and subnets

Cloud networks and subnets

  • Cloud networks
    • Filtering outgoing traffic
  • Subnets

Cloud networks

A cloud network is similar to a traditional LAN in a data center. Cloud networks are created in folders and used for transmitting information between cloud resources and connecting resources to the internet.

Public IP addresses are used for providing internet access to and from Yandex Compute Cloud VMs and database hosts.

Filtering outgoing traffic

Yandex.Cloud always blocks outgoing traffic to TCP port 25:

  • To any servers on the internet other than Yandex.Mail servers.
  • To Yandex Compute Cloud VMs when accessed via a public IP address.

Yandex.Cloud may open TCP port 25 by request via technical support if you comply with Acceptable Use Policy. Yandex.Cloud is entitled to block outgoing traffic on TCP port 25 if you violate the Use Policy.

Subnets

A subnet is a range of IP addresses in a cloud network. Addresses from this range can be assigned to cloud resources, such as VMs and DB clusters. Subnets can only be created in the folder the cloud network belongs to.

The size of a subnet is set using the Classless Inter-Domain Routing (CIDR) method. Subnets can only use private IPv4 addresses from the ranges defined by RFC 1918:

  • 10.0.0.0/8
  • 172.16.0.0/12
  • 192.168.0.0/16

The maximum CIDR size in these ranges is /16 and the minimum is /28.

Subnet IP address ranges cannot overlap within the same cloud network. The first two addresses from any range are allocated to the gateway (x.x.x.1) and DNS server (x.x.x.2).

Traffic can be transmitted between subnets of the same network, but not subnets of different networks. To transfer traffic between subnets of different networks, use public IP addresses.

To have a resource connected to a subnet, make sure it resides in the same availability zone as the subnet. You cannot move subnets to different availability zones.

В этой статье:
  • Cloud networks
  • Filtering outgoing traffic
  • Subnets
Language
Careers
Privacy policy
Terms of use
© 2021 Yandex.Cloud LLC