Restrictions in BareMetal networks
There is a number of restrictions in BareMetal networks.
MAC addresses
| Type of limit | Quantity |
|---|---|
| MAC addresses per port | 5 |
The limit on the number of MAC addresses is set separately for each server’s network interface. If you need more MAC addresses, create a request to support specifying the servers for which you need to increase the limit.
Request template
Subject: [BareMetal]: Changing limits on the number of MAC addresses
Request text:
Please change the limits on the number of MAC addresses for the following servers.
servers:
- id: "ly5ckajdi38d********"
mac_addresses: ["aa:bb:cc:dd:ee:ff"]
- id: "ly5fy37fir9s********"
mac_addresses: ["aa:bb:cc:dd:ee:fd", "aa:bb:cc:dd:ee:fc"]
mac_limit: 10
Note
Network ports with the connection speed of 1 Gbps do not support increasing the number of MAC addresses beyond the set limit.
MTU and MSS
The following MTU and MSS limits apply to the service:
| Type of limit | Value, bytes |
|---|---|
| MTU in public network | 1500 |
| MSS in public network | 1460 |
| MTU in private network | 8910 |
| MSS in private network | 8870 |
Bandwidth
Bandwidth model in a public network
By default, in a public network, the following the bandwidth package is enabled for all BareMetal servers, including servers with over 1 Gbps NICs and servers with MC-LAG aggregation groups:
| Data amount, TB per day | Connection capacity, Gbps |
|---|---|
| 10 | 1 |
Note
To request a bandwidth package of 100 TB, contact support.
To increase this amount, you can use a package with daily billing:
| Data amount, TB per day | Connection capacity, Gbps | Note |
|---|---|---|
| 100 | 10 | You can use this package only for servers with 10 and 25 Gbps NICs. |
Billing for increased bandwidth.
Bandwidth between Baremetal and VPC
You can set up a connection between BareMetal and Virtual Private Cloud within the same region.
This connection has a default bandwidth limit of 10 Gbps for each user, regardless of the number of servers and their network card types. To request for a higher bandwidth, contact support.
Storm Control
The service is subject to the following broadcast traffic limits:
| Type of limit | Value,packets per second (pps) |
|---|---|
| Broadcast | 100 |
| UnknownUnicast | 100 |
| Multicast | 100 |
Blocked network ports
The routers connecting BareMetal servers to the internet limit the incoming internet traffic to public server addresses on some TCP and UDP ports as well as the outgoing SMTP traffic. By blocking these ports you can protect the Yandex BareMetal infrastructure against malicious networking traffic.
| Port | Application layer protocol | Transport protocol |
|---|---|---|
17 |
QOTD | TCP, UDP |
23 |
Telnet | TCP |
67–68 |
DHCP | UDP |
111 |
SUNRPC | UDP |
135–139 |
NetBIOS | TCP, UDP |
389 |
LDAP | TCP, UDP |
427 |
SLP | TCP, UDP |
445 |
SMB | TCP, UDP |
513 |
rlogin | TCP |
520 |
RIP | UDP |
631 |
IPP | TCP, UDP |
646 |
LDP | TCP, UDP |
750 |
Kerberos-IV | UDP |
1900 |
SSDP | UDP |
3702 |
WSD | UDP |
11211 |
memcached | UDP |
If the port you need is not in the table, use the Nmap utility to check if it is available on the BareMetal server OS side.
| Port | Application layer protocol | Transport protocol |
|---|---|---|
25 |
SMTP1 | TCP |
1 SMTP traffic is blocked to avoid unauthorized newsletters. We recommend using Yandex Cloud Postbox as an alternative for newsletters.