Cloud networks and subnets

Cloud networksCloud networks

A cloud network is similar to a traditional LAN in a data center. Cloud networks are created in folders and used for transmitting information between cloud resources and connecting resources to the internet.

Internet access to and from Yandex Compute Cloud VMs and database hosts is provided through public IP addresses.

You can manage cloud network and subnet traffic using security groups. They contain rules that define the protocols and IP addresses for receiving and sending traffic.

SubnetsSubnets

A subnet is a range of IP addresses in a cloud network. Addresses from this range can be assigned to cloud resources, such as VMs and DB clusters. You can only create subnets in the folder the cloud network belongs to.

Subnet size is set using Classless Inter-Domain Routing (CIDR). Subnets can only use private IPv4 addresses from the ranges defined by RFC 1918:

• 10.0.0.0/8
• 172.16.0.0/12
• 192.168.0.0/16

The maximum CIDR size in these ranges is /16, while the minimum is /28.

Subnet IP address ranges cannot overlap within the same cloud network. The first two addresses from any range are allocated to the gateway (x.x.x.1) and DNS server (x.x.x.2).

Traffic can be transmitted between subnets of the same network, but not subnets of different networks. To transfer traffic between subnets of different networks, use public IP addresses.

To have a resource connected to a subnet, make sure it resides in the same availability zone as the subnet.

You can move a network and subnet between folders within a single cloud. You cannot move subnets between networks and availability zones.

Cloud network mapCloud network map

A cloud network map shows the connections between resources in a folder, as well as the networks and subnets that include these resources. Here is an example of such a map:

You can use the map to visualize networks. For example, with the map, you can identify the subnets with the highest loads or with configured route tables. The map shows the following resources:

• Instance groups.
• Virtual machines.
• Yandex Managed Service for Kubernetes clusters.
• Managed Service for Kubernetes node groups.
• Managed Service for Kubernetes nodes.
• Cloud networks.
• Subnets.
• Route tables.

You have the option to only map network connections for specific resources. This can be useful if you have a large network with a vast number of resources. In addition, you can use the map to navigate to resource pages with just one click. To learn more about using the map, see this guide.

See alsoSee also

• Software-accelerated network in Virtual Private Cloud