Virtual private cloud

Pan-Net is providing a virtual network dedicated to each user account, which is logically isolated from any other virtual network inside the Pan-Net cloud. All resources, like VMs, containers, load balancers, etc., should be launched inside this virtual network.

When a user has multiple virtual networks, there is the possibility of enabling peering between these networks and set up controlled connectivity between them, see Virtual private cloud (VPC)

When a user creates a virtual private cloud (VPC), Pan-Net is providing connectivity services including

  • Routing

  • Basic security rules - connectivity between resources inside VPC is enabled and non-filtered (permit all rule is applied) by default.

  • Floating IP addresses (destination NAT)

  • Internet access through default gateway

The default VPC network has the following properties:

  • Networking is based on SDN rules, which is based on distributed routing using traffic flow rather than virtual routers and legacy routing protocols. Routing between instances and the cloud infrastructure is entirely handled by SDN, so the user does not need to consider any logical separation of of subnets (such as VLAN).

  • There is no network created between the sites (data centers) where the VPC is created. Users can add new subnets to the VPC, but proper addressing must be ensured so that there is no IP address overlap between sites.

  • The first address in the default network is reserved for the gateway. However, this can be changed by the user.

  • The connectivity between resources inside VPC is enabled and controlled by security rules. Security rules can be specified by the user through layer 3 and 4 access control lists (ACL) in the security groups.

  • Internet access is available in the two NAT types - SNAT (enabling many VPC resources accessing the Internet) and DNAT (enabling external access to a resource in the VPC).

  • The VPC supports only IP unicast traffic - IP multicast is not supported.

  • Any VM can have multiple interfaces, but in this case the customer needs to configure the instances to ensure proper routing inside the VPC.

  • The communication between cloud resources can be realized in two ways:

    • Using the SDN-based virtual networks for instances within VPC

    • Using interfaces for additional Pan-Net PaaS services (such as web application firewall (WAF), load balancing (LBaaS), etc.), which are not deployed inside the VPC