Networks

Glossary

Term Definition
Region A group of data centers (Selectel and partners) located within the geographic area of a major city
Pool A part of the infrastructure in one data center. Availability zones (and therefore data centers) contain multiple pools. Pools are isolated from each other in terms of hardware and software failures.
L2 connections provide network connectivity within pools. Connectivity between the pools can be established through the Selectel global router (formerly L3VPN).
Network devices Network devices include switches, routers, and firewalls located within each pool that are used for connecting the servers.
Within one pool, the Internet and the local area network are completely isolated from each other. Network devices of a local network do not have logical or physical connection with the network devices on the Internet
Host A dedicated server on the network that has one or several IP addresses and is connected to the network devices of the pool
VLAN (network, private network) Unique networks, isolated from each other at the second (L2) level, created on the network devices of the pool for delimitation of client network segments.
VLANs (networks, private networks) are created in the pool separately for both the Internet network and the local network, which is created on network devices that do not have an Internet connection
Public IP address IP address that can be assigned to the host for providing Internet access
Subnets (IP addresses) The range of public IP addresses limited by the size of a prefix (mask) provided to the client.
Subnets (IP addresses) can be assigned to a single VLAN (network).
You cannot move Subnets (IP addresses) to another pool, but you can move IP addresses (subnets) between different VLANs located in the same pool and belonging to the same client.
Several subnets belonging to the same client can be assigned to a single VLAN (network)
Termination Assigning a public IP address of one or more client subnets to the specified VLAN (network) on the router interface.
Once assigned, this IP address can be used as the default gateway of the subnet to which it belongs.
Termination allows you to get routed (L3) connectivity with other subnets and provides Internet access
Static route A form of routing in which routes are defined explicitly in the router settings.
When setting a static route, the following parameters are specified:
- network address (to which traffic is routed);
- network mask;
- gateway address (node, next-hop) that facilitates further routing
VRRP (Virtual Router Redundancy Protocol) is a networking protocol that increases the availability of routers serving as the default gateway.
It can be achieved by combining a group of routers into a single virtual router and assigning them a common IP address, which will be used as the default gateway for computers on the network.
Two access routers are installed in each pool to support the protocol.
VRRP can be provided both within the same pool or between the pools
VRRP address The virtual address on routers that is used as the default gateway or next-hop for client hosts
MC-LAG MC-LAG can be used when connecting a host for both local and Internet networks, depending on the dedicated server type (host, learn more)
Learn more about the MC-LAG
Global private network
(Selectel global router — formerly L3VPN)		 Merging private networks in several pools based on L2 point-to-point connection or routed private network

VLAN (network, private network)

VLANs are used in the Internet and in local area networks to ensure isolation of client’s network activity at the second L2 level from each other.

Each client in the pool is provided with a VLAN (network) for the Internet and a separate VLAN (network) for the local network, which includes all the network interfaces of the dedicated servers, depending on their purpose, ordered by the client in the pool. All dedicated servers of the client in one pool have connectivity within the same VLAN (network) for both the Internet and the local network.

Upon client’s request and depending on the technical needs, several VLANs (networks) can be provided for use for both the Internet and the local network.

A dedicated server (host) can be simultaneously connected to the Internet and the local network only through different network interfaces of the server. One interface can be connected in only one VLAN local or Internet network.

Information about VLAN (network) is available in the Control panel.

If the pool has only one local network, then the local port is added to this network and is enabled. If there are several local networks, the local port remains disabled.

IP Addresses (Subnet)

By specifying the public IP address on the host, it becomes accessible from anywhere on the Internet. All subnets are divided into public and private ones based on the server’s IP visibility from the Internet.

The Subnets of dedicated servers are divided into Public (that use public IP addresses) and Private ones. Public subnets are divided into Shared and Dedicated ones.

Public Shared (1) Public Dedicated (2) Private (3)
Have a fixed /24 prefix (255.255.255.0 mask) and are used within the same VLAN (network) for several clients* Have any prefix (mask) and can be assigned to any client’s VLAN (network) The user has the opportunity to create a network where servers will have private IP addresses from standard ranges** and will not be directly accessible from the Internet
You cannot change or add an additional address on a server located on a public shared network Order a subnet to start using public dedicated networks To isolate a custom server from the Internet, please create a ticket with a request to disconnect the port***

* Within a public shared network, servers of different clients may not share L2 connectivity (private VLAN or port isolation can be used).

** Available standard ranges:

  • 10.0.0.0 — 10.255.255.255 (subnet mask: 255.0.0.0 or /8)
  • 100.64.0.0 — 100.127.255.255 (subnet mask 255.192.0.0 or /10) — This subnet is recommended for use as addresses for CGN (Carrier-Grade NAT) pursuant to RFC 6598
  • 172.16.0.0 — 172.31.255.255 (subnet mask: 255.240.0.0 or /12)
  • 192.168.0.0 — 192.168.255.255 (subnet mask: 255.255.0.0 or /16)

*** When submitting a disconnection request, it is important to remember that the OS auto-install functionality disappears without Internet connection.

Please note that IP addresses are assigned to one pool. It is not possible to use the same IP addresses in different pools.

When ordering a server, a public IP address from the network where other clients’ servers are located is assigned for free by default. Different servers of the same client can be connected to different public shared networks.

A shared public IP address does not allow you to:

  • enable Anti DDoS;
  • configure static or dynamic routing;
  • unlock blocked ports;
  • configure BGP connectivity;
  • use both a shared public IP address and an address from the dedicated network;
  • reassign the address to another server (including VRRP/CARP/Keepalived/Corosync, etc. for server redundancy).

Dedicated subnets allow you to:

If traffic is exchanged within the same subnet, then traffic within the private network is not taken into account.

Blocked Ports

The current list of blocked ports is provided on our website.

Please note that UDP ports are additionally blocked for public shared subnets: 0, 19, 53, 123, 161, 520, 1900.

Enabling and Using VRRP

VRRP can be provided both within the same pool or between the pools.

The use of VRRP between two adjacent devices having a common L2 segment is justified. For data centers spaced apart, different routers are used, and MPLS is organized between them. To configure VRRP between two pools, use a Geographically distributed subnet.

Configuring VRRP within one pool is provided free of charge.

To configure VRRP within one pool:

  1. Go to the Servers and colocation section in the Control panel.

  2. From the server’s card, go to the Network → Subnets section.

  3. In the Gateway redundancy field, click Enable.

  4. Select two free IP addresses that are not used by your hosts.

  5. Confirm that the selected IP addresses are free by clicking the checkbox.

    Please note that if you select already used IP addresses, their performance will be impaired.

  6. Click Enable Gateway redundancy.

  7. After connecting, the specified IP addresses will be displayed in the Gateway redundancy field.

Connecting Additional IP Addresses

Step 1. Purchasing additional IP addresses

To connect additional IP addresses:

  1. Click Order subnet on the Network tab of the Control panel.
  2. Select the desired service.
  3. Specify the pool. Please note that you cannot move the subnet to another pool.
  4. Specify the purpose of use.
  5. Select the billing option.
  6. Click Pay.

Enabling and activating the service may take some time. You will receive a notification via the ticket system when the service is ready.

Step 2. Accounting of public IP addresses on the server

With the accounting system, you can record which IP address is configured on your server. Assigning an IP address to the server in the Control panel will not change the server OS. For the changes to take effect, assign the corresponding VLAN on the Internet port and change the IP address in the server OS.

To add an IP address to the accounting system:

  1. Go to the server’s card and open the Network tab.
  2. Click Add IP address.
  3. Specify the subnet.
  4. Select one or more IP addresses.
  5. Save your changes.

Please note that when adding a dedicated subnet, you cannot use the default IPv4 address that is allocated by default when ordering the server.

Step 3. Changing the server’s network settings

When connecting an additional IP address in the server OS, change the following network settings:

  • IP address;
  • subnet mask;
  • gateway.

These parameters can be viewed in the Control panel in the Network section of the Subnet tab in the selected subnet’s card.

Apply network settings. Availability on the server will disappear until the VLAN (network) on the port is changed.

Step 4. Changing the VLAN (network) of the server port

To change the VLAN (network) of the server port:

  1. Go to the server’s card in the Control panel.
  2. Open the Ports tab.
  3. Change the Shared value to the allocated VLAN (network) in the Internet field.
  4. Save your changes.

Access to the server will be restored with the new IPv4.

To return to the free IP address (from a /32 subnet) in the server’s card:

  1. Go to the server’s card in the Control panel.
  2. Open the Ports tab.
  3. Change the allocated VLAN (network) to the Shared value in the Internet field.
  4. Save your changes.

You can purchase additional IPv4 and IPv6 addresses.

Please note that you cannot use IPv6 addresses on a public (/32) network.

Creating Static Routes

Static routing is a form of routing in which routes are defined explicitly when configuring the router. The most common use of static routing for client connections in Selectel is when ordering a firewall. The firewall allows passing Internet traffic for networks routed to it through itself. When setting a static route, the following parameters are specified:

  • network address (to which traffic is routed), network mask;
  • gateway address (node) that facilitates further routing (or is connected directly to the routed network).

As part of our service, a request from the Internet is processed by a router and redirected to a firewall to which servers are connected. Please create a ticket to connect static routes. Any terminated subnet can be registered as a static route.

Connecting the Server to the Network

Dedicated servers are connected to the Internet through a single network interface by default. Upon request, connecting custom servers can be performed through a group of aggregated network interfaces using the configurator, see more. Prebuilt servers cannot be connected in this way.

A private network is a group of client’s servers connected to a common local VLAN (network) within the same pool and/or connected to other client’s servers located in other pools. Connection to a private network is performed through another network interface (or a group of aggregated network interfaces — MC-LAG) for dedicated servers, except for the Chipcore Line servers.

You can enable additional VLANs (network) within the same pool for one client. Please create a ticket to create several private networks.

Diagram for Connecting to the Internet and the Private Network

After assigning a VLAN (network), all its IP subnets will be terminated on Selectel routers.

All dedicated servers can be merged into a private network, except for the Chipcore Line servers.

At the logical level, local networks are standalone dedicated VLANs (Virtual LAN). Within this VLAN, all servers interact with one another as if they were connected to the same physical switch.

When a dedicated server is transferred to the client, the LAN and Internet ports are turned on by default. You can view information about ports in the server’s card on the Ports tab.

Connecting the Private Networks in Several Pools and/or with Other Selectel Products

A Private routed network is used to organize network connectivity between different pools and services.

The L2 scheme is used inside the pool. Connecting servers in another pool can be performed in the following ways:

  • according to the L2 scheme — only if two pools/resource types are combined, if technically possible;
  • according to the L3 scheme — in all other cases.

We recommend you to use the connection according to the L3 scheme.

Please create a ticket and specify the private networks that need to be combined.

L2 scheme

L3 scheme

Several routers are used to organize the L3 scheme. Two routers are allocated for each pool, two addresses are allocated for each client to assign to Selectel routers, and Virtual IP is formed using the VRRP protocol.

VLAN to an Outside Operator

Selectel data centers are home to many telecom carriers. If technically possible, direct connections can be provided to such carriers through the client’s private network.

If you need to connect VLAN to an outside operator, please create a ticket.