Cloud resource addresses
In cloud networks, addresses can be internal or public.
Internal addresses
Internal IP addresses are assigned to resources in the selected subnet of the folder where the resource is created. These addresses are used for transmitting information between the resources within your cloud.
An internal IP address can only be used to access resources connected to subnets in the same cloud network. The internal IP address does not change during the entire lifetime of the cloud resource.
You can set internal IP addresses manually or automatically when creating a resource.
You can get a list of internal IP addresses that use cloud resources in the same subnet. For more information, see Viewing a list of addresses used in a subnet.
Public addresses
Public IP addresses allow cloud resources to exchange data with the internet and resources from other cloud networks. Public addresses are mapped to internal resource addresses using one-to-one NAT. You can assign public addresses to resources automatically or select them from the list of reserved addresses.
Note
A virtual machine can access the internet and you can access the VM via a public IP address only if there is no 0.0.0.0/0 default static route in its subnet. If a virtual machine is behind a NAT instance, you can connect to it via an internal IP address using the NAT instance as a jump host:
ssh -J <NAT_instance_username>@<NAT_instance_public_IP_address> \
<VM_user_name>@<VM_internal_IP_address>
Public IP addresses can be dynamic or static. When creating a cloud resource with a public IP, it is usually assigned a dynamic address. When a VM with a dynamic public IP is stopped, its address is released, and it gets a new public IP address when started next time. If you restart the VM, it retains its public IP address.
You can convert a dynamic public IP address to static. Static IP addresses do not change when resources are stopped, and you can reserve them in your folder for future use even if they are not linked to any cloud resources. To learn how to convert a dynamic IP address to static, see Making a VM's public IP address static.
Note
You are charged for outgoing traffic from public IPs, including when public IPs are used for internal Yandex Cloud traffic, except for accessing Yandex Object Storage, Yandex Cloud Backup, and Yandex Cloud CDN. To avoid paying for outgoing traffic within your cloud, use internal IPs.
For more information about IP address pricing, see Public IP addresses in the Virtual Private Cloud documentation.
Outgoing traffic to TCP port 25
Yandex Cloud automatically blocks traffic sent from Virtual Private Cloud public IPs to TCP port 25 of any servers on the internet and Yandex Compute Cloud VMs. The only exception is the traffic sent to Yandex Mail email servers, which is allowed and not blocked.
Yandex Cloud can provide a special public IP address with TCP port 25 opened upon request to the support team if you follow the Acceptable Use Policy. In case you violate the Policy, Yandex Cloud can block outgoing traffic on TCP port 25 again.
For public IPs that are already in use, port 25 cannot be opened.
Hostname (FQDN)
You can use a host name to access one cloud resource from another within the same cloud network.
The host name is either set manually or generated automatically using the VM ID.
For more information about how FQDNs are generated, see the Host name and internal FQDN section in the Compute Cloud documentation.