A router is a logical component that forwards data packets between networks. It also provides basic L3 NAT capabilities to enable external network (Internet) access from the project network.
Routers also implement support for floating IPs, which creates a static one-to-one mapping from a public IP address on the Internet to a private IP on one of the other subnets attached to the router. This allows you to selectively expose instances running on private networks to the Internet.
Connecting routers to networks
There are two distinct ways to connect routers to networks. For internal (project) networks, you simply create an interface (port) on this network for the router, using the gateway IP for given subnet to assign to the router interface (all the instances will use that IP to connect to any endpoints outside of the current network).
You can also connect an external network to the router. The external network is regarded as a default route of the router and the router acts as a gateway for external connectivity. Once such connection is made, instances on the networks connected to that router (with external network gateway configured) can reach to the internet (via SNAT mechanism), as well as get a floating IP to become accessible over the Internet.
When a network is connected to a router with external gateway, it will automatically get two (not just one) interfaces configured, with different interface types:
- Router Interface_distributed
- Router Centralized_snat
These interfaces simply reflects technical implementation how traffic flows through the router - the "snat" interface is used for the traffic going outside via source NAT, and "distributed" - the traffic which goes via floating IPs. For the practical purposes, you can consider the "distributed" interface as the one used as gateway on your networks.
Note that a freshly created account already has a router called default-router created, which comes pre-connected to both external network (called ext-net) and pre-created internal network (called default-network).
In order to be able to route traffic correctly, the router need to be provided with instructions - how to route the traffic. Normally, it can get this information from two sources:
- When router connects to any network, it automatically receives the route to that specific network (this configuration is a property of the subnet).
- When a router is connected to an external network (by configuring a gateway on that router), this gateway becomes a default destination for any traffic which does not have more specific destination. In practical terms, that means that this router will send traffic to any IP which does not belong to one of the private networks it is connected to, to the gateway (which is the internet gateway).
For the majority of scenarios, these two rules are sufficient. However, there can be other scenarios when specific routes needs to be created.
For example, imagine you want to build your own VPN appliance, and connect it to a specific remote private network. Let's say, this appliance is located on the private network 192.168.3.0/24, has a fixed IP address 192.168.3.17, and it connects to a remote VPN gateway, providing a path to the remote network 10.5.0.0/16.
In this case, the router should send the traffic with destination 10.5.0.0/16 to the gateway 192.168.3.17. However, without knowing any better, by default it will simply send the traffic to ext-net, and that traffic will not be delivered since 10.5.0.0/16 network is not globally routable.
The way to configure it properly is to add a static route on the router, specifying that traffic with destination CIDR 10.5.0.0/16 should go to the subnet 192.168.3.0/24, destination 192.168.3.17. Once configured, every instance on every network connected to this router will be able to communicate with the 10.5.0.0/16 network via the VPN appliance.
Creating and managing routers
In order to create a router, follow these steps:
- On the Routers page, click on the "Create router" button to open the router creation window.
- Enter the Name of the router.
- Click "Create".
Once your router is created, you can connect it to networks, including external network.
To connect a router to a private network, open the router management page via context menu, then go to the "Interfaces" tab. Click on "Add interface" control, and select the subnet you'd like this router to connect to. You can either specify IP address of the gateway on this subnet (so this router will serve as a gateway), or leave the IP field blank - normally, the router will receive gateway IP automatically.
To connect a router to an external network, go to the "Gateway" tab on the router management page. Click on "Set gateway" control, and select the external network (typically you'd see only one network there called ext-net). Once this connection is made, any instance on a network connected to this router can access internet via Source NAT, and can get floating IP assigned if required. To verify this connection is successful, you can go to the "Interfaces" tab to make sure both "snat" and "distributed" interfaces gets created (note this will take few seconds, and you might need to refresh the page to see the results).
Note that although there is no limits how many routers you can connect to a network, for most practical scenarios you only need one router per network.
Configuring static routes
In the most common scenarios, the router will get proper set of routes from the networks it is connected to.
However, in the cases like VPN gateway described above, you will need to add static routes to your router. In order to do that, do the following:
- On the Router management page, click on the "Routes" tab.
- Enter the destination network CIDR, subnet of your appliance which will deliver traffic to this destination, and IP address of this appliance on that subnet.
- Click "Add route".
Viewing your Routers
In order to view your routers, simply navigate to the "Routers" page on the left pane of the portal. On this page, you can view all created routers and you can filter by name.