Networks

Glossary

Term Definition
Region Data center locations
Location A technical site within one region logically united by a single policy for passing local and Internet traffic with a unique set of racks, servers, and network devices using one logical router to access the Internet.
L2 connectivity is established within a location to provide a local network service. This service uses separate network devices located in the same set of racks
Network devices Network devices include switches, routers, and firewalls located within each location that are used for connecting the servers.
Within one location, the Internet and the local area network are completely isolated from each other. Network devices of a local network do not have logical or physical connection with the network devices on the Internet
Host A dedicated server on the network that has one or several IP addresses and is connected to the network devices of the location
VLAN (network, private network) Unique networks, isolated from each other at the second (L2) level, created on the network devices of the location for delimitation of client network segments.
VLANs (networks, private networks) are created in the location separately for both the Internet network and the local network, which is created on network devices that do not have an Internet connection
Public IP address IP address that can be assigned to the host for providing Internet access
Subnets (IP addresses) The range of public IP addresses limited by the size of a prefix (mask) provided to the client.
Subnets (IP addresses) can be assigned to a single VLAN (network).
You cannot move Subnets (IP addresses) to another location, but you can move IP addresses (subnets) between different VLANs located in the same location and belonging to the same client.
Several subnets belonging to the same client can be assigned to a single VLAN (network)
Termination Assigning the public IP address of one or more client subnets to the specified VLAN (network) on the router interface.
Once assigned, this IP address can be used as the default gateway of the subnet to which it belongs.
Termination allows you to get routed L3 connectivity with other subnets and provides Internet access
Static routing A form of routing in which routes are defined explicitly in the router settings.
When setting a static route, the following parameters are specified:
- network address (to which traffic is routed);
- network mask;
- gateway address (node, next-hop) that facilitates further routing
VRRP (Virtual Router Redundancy Protocol) is a networking protocol that increases the availability of routers serving as the default gateways.
It can be achieved by combining a group of routers into a single virtual router and assigning them a common IP address, which will be used as the default gateway for computers on the network.
Two access routers are installed in each location to support the protocol.
VRRP can be provided both within the same location or between the locations
VRRP address The virtual address on routers that is used as the default gateway or next-hop for client hosts
MC-LAG MC-LAG can be used when connecting a host for both local and Internet networks, depending on the dedicated server type (host, learn more)
Learn more about the MC-LAG
Global private network
(L3 private network, L3VPN)
Merging private networks in several locations based on L2 point-to-point connection or routed private network (L3VPN)

VLAN (network, private network)

VLANs are used in the Internet and in local area networks to ensure isolation of client’s network activity at the second L2 level from each other.

Each client in the location is provided with a VLAN (network) for the Internet and a separate VLAN (network) for the local network, which includes all the network interfaces of the dedicated servers, depending on their purpose, ordered by the client in the location. All dedicated servers of the client in one location have connectivity within the same VLAN (network) for both the Internet and the local network.

Upon client’s request and depending on the technical needs, several VLANs (networks) can be provided for use for both the Internet and the local network.

A dedicated server (host) can be simultaneously connected to the Internet and the local network only through different network interfaces of the server. One interface can be connected in only one VLAN local or Internet network.

Information about VLAN (network) is available in the Control panel.

If you did not specify that you need to connect the server to a local network when ordering the server, the local network interface is disabled by default. The local network service is not provided on this server.

IP Addresses (Subnet)

By specifying the public IP address on the host, it becomes accessible from anywhere on the Internet. All subnets are divided into public and private ones based on the server’s IP visibility from the Internet.

The Subnets of dedicated servers are divided into Public (that use public IP addresses) and Private ones. Public subnets are divided into Shared and Dedicated ones.

Public Shared (1) Public Dedicated (2) Private (3)
Have a fixed /24 prefix (255.255.255.0 mask) and are used within the same VLAN (network) for several clients* Have any prefix (mask) and can be assigned to any client’s VLAN (network) The user has the opportunity to create a network where servers will have private IP addresses from standard ranges** and will not be directly accessible from the Internet
You cannot change or add an additional address on a server located on a public shared network Order a subnet to start using public dedicated networks To isolate a custom server from the Internet, please create a ticket with a request to disconnect the port***

* Within a public shared network, servers of different clients may not share L2 connectivity (private VLAN or port isolation can be used).

** Available standard ranges:

  • 10.0.0.0 — 10.255.255.255 (subnet mask: 255.0.0.0 or /8)
  • 100.64.0.0 — 100.127.255.255 (subnet mask 255.192.0.0 or /10) — This subnet is recommended for use as addresses for CGN (Carrier-Grade NAT) pursuant to RFC 6598
  • 172.16.0.0 — 172.31.255.255 (subnet mask: 255.240.0.0 or /12)
  • 192.168.0.0 — 192.168.255.255 (subnet mask: 255.255.0.0 or /16)

*** When submitting a disconnection request, it is important to remember that the OS auto-install functionality disappears without Internet connection.

When ordering a server, a public IP address from the network where other clients’ servers are located is assigned for free by default. Different servers of the same client can be connected to different public shared networks.

A shared public IP address does not allow you to:

  • enable Anti DDoS;
  • configure static or dynamic routing;
  • unlock blocked ports;
  • configure BGP connectivity;
  • use both a shared public IP address and an address from the dedicated network;
  • reassign the address to another server.

Dedicated subnets allow you to:

If traffic is exchanged within the same subnet, then traffic within the private network is not taken into account.

Blocked Ports

The current list of blocked ports is provided on this page.

Please note that UDP ports are additionally blocked for public shared subnets: 0, 19, 53, 123, 161, 520, 1900.

Enabling and Using VRRP

VRRP can be provided both within the same location or between the locations.

If VRRP is enabled between locations, there are a number of technological constrains on its use.

The use of VRRP between two adjacent devices having a common L2 segment is justified. For data centers spaced apart, different routers are used, and MPLS is organized between them.

See more about router redundancy in the article.

Connecting Additional IP Addresses

Step 1. Purchasing additional IP addresses

To connect additional IP addresses:

  1. Click Order subnet on the Network tab of the Control panel.
  2. Select the desired service.
  3. Specify the location. Please note that you cannot move the subnet to another location.
  4. Specify the purpose of use.
  5. Select the billing option.
  6. Click Pay.

Enabling and activating the service may take some time. You will receive a notification via the ticket system when the service is ready.

Step 2. Assigning one or more IP addresses to the server

To use additional addresses on the server:

  1. Go to the server’s card and open the Network tab.
  2. Click Add address.
  3. Specify the subnet.
  4. Select one or more IP addresses.
  5. Save your changes.

Step 3. Changing the server’s network settings

When connecting an additional IP address in the server OS, change the following network settings:

  • IP address;
  • subnet mask;
  • gateway.

These parameters can be viewed in the Control panel in the Network section of the Subnet tab in the selected subnet’s card.

Apply network settings. Availability on the server will disappear until the VLAN (network) on the port is changed.

Step 4. Changing the VLAN (network) of the server port

To change the VLAN (network) of the server port:

  1. Go to the server’s card in the Control panel.
  2. Open the Ports tab.
  3. Change the Shared value to the allocated VLAN (network) in the Internet field.
  4. Save your changes.

Access to the server will be restored with the new IPv4.

To return to the free IP address (from /32 subnet) in the server’s card:

  1. Go to the server’s card in the Control panel.
  2. Open the Ports tab.
  3. Change the allocated VLAN (network) to the Shared value in the Internet field.
  4. Save your changes.

You can purchase additional IPv4 and IPv6 addresses. Please note that it is impossible to use IPv6 addresses for the Chipcore Line servers.

Creating Static Routes

Static routing is a form of routing in which routes are defined explicitly when configuring the router. The most common use of static routing for client connections in Selectel is when ordering a firewall. The firewall allows to pass Internet traffic for networks routed to it through itself. When setting a static route, the following parameters are specified:

  • network address (to which traffic is routed), network mask;
  • gateway address (node) that facilitates further routing (or is connected directly to the routed network).

As part of our service, a request from the Internet is processed by a router and redirected to a firewall to which servers are connected. Please create a ticket to connect static routes. Any terminated subnet can be registered as a static route.

Connecting the Server to the Network

Dedicated servers are connected to the Internet through a single network interface by default. Upon request, connecting custom servers can be performed through a group of aggregated network interfaces using the configurator, see more. Preconfigured servers cannot be connected in this way.

A private network is a group of client’s servers connected to a common local VLAN (network) within the same location and/or connected to other client’s servers located in other locations. Connection to a private network is performed through another network interface (or a group of aggregated network interfaces — MC-LAG) for dedicated servers, except for the Chipcore Line servers.

You can enable additional VLANs (network) within the same location for one client. Please create a ticket to create several private networks.

Diagram for Сonnecting to the Internet and the Private Network

After assigning a VLAN (network), all its IP subnets will be terminated on Selectel routers. All dedicated servers can be merged into a private network, except for the Chipcore Line servers. At the logical level, local networks are standalone dedicated VLANs (Virtual LAN). Within this VLAN, all servers interact with one another as if they were connected to the same physical switch.

When a dedicated server is transferred to the client, the LAN and Internet ports are turned on by default. You can view information about ports in the server’s card on the Ports tab.

Connecting the Private Networks in several locations and/or with other Selectel products

A Private routed network is used to organize network connectivity between different locations and services.

The L2 scheme is used inside the location. Connecting servers in another location can be performed in the following ways:

  • according to the L2 scheme — only if two locations/services are combined, if technically possible;
  • according to the L3 scheme — in all other cases.

We recommend you to use the connection according to the L3 scheme.

Please create a ticket and specify the private networks that need to be combined.

L2 scheme

L3 scheme

Several routers are used to organize the L3 scheme. Two routers are allocated for each location, two addresses are allocated for each client to assign to Selectel routers, and Virtual IP is formed using the VRRP protocol.

VLAN to Outside Operator

Selectel data centers are home to many telecom carriers. If technically possible, direct connections can be provided to such carriers through the client’s private network.

If you need to connect VLAN to an outside operator, please create a ticket.