10.1. Preparing Project Networking to Create Virtual Machine with Access to the Internet

A typical project’s network must consist of a virtual private network and a virtual router that connects it to the public network. To do it, you must create a virtual private network, virtual router, and virtual machine (refer to Creating Virtual Machines). Then connect your virtual machine to your private network.

10.1.1. Creating Virtual Private Network

  1. On the Networks screen, click + Create virtual network.

    ../_images/vhc-creating-virtual-private-network-1.png
  2. On the Network configuration step, do the following:

    1. Turn on the IP address management toggle to provide Internet access for this network.

    2. Specify the name of the network and click Next.

      ../_images/vhc-creating-virtual-private-network-2.png
  3. When IP address management is enabled, you will move on to the IP address management step:

    1. In the Subnets section, click Add and select IPv4 subnet.

      ../_images/vhc-creating-virtual-private-network-3.png
    2. In the Add IPv4 subnet window, specify the network’s IPv4 address range. The CIDR must be of some private range. For example, 10.100.0.0/24.

    3. Specify the gateway, which is a placeholder IP for the virtual router. It can be any IP within the CIDR range—for example, 10.10.0.1.

    4. Select the Built-in DHCP server checkbox to enable delivering the IP for VMs. The DHCP server will take the first two IPs from the allocation pool.

    5. Specify one or more allocation pools. The allocation pool is an optional configuration to set only needed IP ranges within the CIDR range. When not provided, the allocation pool is equal to the CIDR range. Typically, you do not need to configure it, only if you want to exclude some IPs from being issued by providing narrowed pool range.

    6. Specify DNS servers. They must point to some existing DNS services.

    7. Click the Add button.

      ../_images/vhc-creating-virtual-private-network-4.png
    8. Click Next.

      ../_images/vhc-creating-virtual-private-network-5.png
  4. On the Summary step, review the configuration and click Create virtual network.

    ../_images/vhc-creating-virtual-private-network-6.png

10.1.2. Creating Virtual Router

  1. Navigate to the Routers screen and click + Add router.

  2. In the Add virtual router window:

    1. Specify the name of the virtual router.

    2. On the Network dropdown menu, select an available public network through which public networks will be accessed.

    3. Select the SNAT checkbox to allow VMs in the private network to communicate with the Internet.

    4. In the Add internal interfaces section, select the created private network (refer to Creating Virtual Private Network) as an internal interface for the router.

    5. Click Create.

      ../_images/vhc-creating-virtual-private-network-7.png

10.1.3. Connecting Virtual Machine to Private Network

  1. On the Virtual machines screen, click the required virtual machine.

  2. On the Overview tab, click Edit in the Network interfaces section.

  3. In the Network interfaces window, click Add to attach a network interface.

  4. In the Add network interface window:

    1. Select a compute network to connect to. By default, MAC and primary IP addresses are assigned automatically. To specify them manually, clear the Assign automatically checkboxes and ensure that free IP and MAC are selected.

    2. A secondary IP can be used by applications inside the VM.

      Note

      Virtuozzo DHCP does not configure additional IP for an interface inside the VMs. Therefore any additional IP must be configured manually inside the VM guest.

    3. A security group is a port firewall rules list; fault opens all connections. The default security group is selected by default. Create other rules on the Security group tab if required. Please refer to Managing Security Group Rules.

    4. Spoofing protection is enabled by default. It is a security feature that blocks outgoing traffic with source MAC and IP addresses that differs from what was defined above. Disabling the spoofing protections also means disabling any firewall control. Do not disable the spoofing protection. If required, deselect the security group.

    5. Click Add.

      ../_images/vhc-connecting-virtual-machine-to-private-network.png
  5. Click Done to finish editing VM network interfaces and save your changes.

The resulting VM will be able to reach the Internet, and you can access it via the console from the self-service panel.