Skip to content

Commit

Permalink
VPC beta product documentation (linode#6798)
Browse files Browse the repository at this point in the history 
* VPC beta product documentation

* Updates dates and adds description paramater to several VPC guides
  • Loading branch information
@wildmanonline
wildmanonline authored Jan 9, 2024
1 parent 83539e4 commit db2a71d
Show file tree
Hide file tree
Showing 8 changed files with 385 additions and 0 deletions.
1 change: 1 addition & 0 deletions ci/vale/dictionary.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2535,6 +2535,7 @@ vmstat
vmui
vmware
vnc
VPCs
VPLs
vpns
vset
Expand Down
71 changes: 71 additions & 0 deletions docs/products/networking/vpc/_index.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,71 @@
---
title: VPC
title_meta: "VPC Product Documentation"
description: "VPCs make it easy to create your own virtual private clouds on the Akamai cloud computing platform, providing an isolated network for your applications."
bundles: ['network-security']
tab_group_main:
is_root: true
title: Overview
weight: 10
published: 2024-01-09
cascade:
product_description: "A virtual private enables private communication between Compute Instances, isolating your network traffic from other customers and the internet."
---

{{< note type="warning" title="VPC Beta Notice" >}}
VPCs are now publicly available in beta, providing customers with another method of isolating network traffic between Compute Instances (in addition to the [VLANs](/docs/products/networking/vlans/) feature). Not all data centers are currently supported. For more information, review the [Availability](#availability) section.
{{</ note >}}

A VPC (*Virtual Private Cloud*) is an isolated network that enables private communication between Compute Instances within the same data center. Since Cloud environments often necessitate sharing infrastructure with other users, VPCs are a critical component of many application architectures and can further isolate your workloads from other Akamai users.

## Protect Sensitive Data

Networking packets sent over a VPC are walled off from the public internet --- as well as from other services within the same data center that don't belong to the same VPC. When assigning a Compute Instance to a VPC, you can opt for it to be fully private or configure it with public internet access through either a 1:1 NAT on the VPC or a public internet interface.

## Segment Traffic Into Separate Subnets

Each VPC can further segment itself into distinct networks through the use of multiple subnets. These subnets can isolate various functionality of an application (such as separating public frontend service from private backend services) or separate out a production environment from staging or development.

## Compatible with Cloud Firewalls

If a Compute Instance is assigned to a Cloud Firewall, firewall rules that limit access and filter traffic will be applied to the public interface as well as the VPC interface. This means that private traffic between Compute Instances within a VPC will be filtered by the Cloud Firewall.

## Availability

VPCs are available to all customers as a public beta in a small number of data centers. Additional regions will be made available throughout the beta period and after the public launch.

## Pricing

VPCs are provided at no additional cost. Additionally, communication across your private VPC network does not count against your [monthly network transfer usage](/docs/products/platform/get-started/guides/network-transfer/).

## Difference Between Private Network Options (VPCs, VLANs, and Private IPs)

Both [VLANs](/docs/products/networking/vlans/) and [Private IP addresses](/docs/products/compute/compute-instances/guides/manage-ip-addresses/#types-of-ip-addresses) are private networking services offered by Akamai cloud computing. VLANs operate on layer 2 of the OSI model whereas VPCs and Private IPs operate on layer 3. While this allows VLANs to use any layer 3 protocol, it also means that there are limitations to routing and other layer 3 features. Since VPC is on layer 3 and uses the IP (Internet Protocol), IP addressing and IP routing features are built-in.

- **Latency:** All 3 services offer extremely low latency.

- **Cost:** There is no charge for VPCs, VLANs, and private IP addresses. The only costs are related to the associated Compute Instance service and any outbound traffic over the public IP addresses.

- **Network Isolation:** Both VPC and VLANs offer true network isolation from other tenants within the same data center. Private IP addresses are accessible by default from any other instance in the same region, provided that instance also has a private IP address. This is because they all use the same `192.168.128.0/17` range.

- **Multiple Subnets:** Each VPC can have multiple subnets. Each VLAN can only be configured with IP addresses from one specified range.

## Technical Specifications

- Users can create up to 10 VPCs per data center (by default). Each VPC can have up to 10 subnets.

- Compute Instances can join a VPC by specifying the VPC as a network interface. Other services, such as NodeBalancers, LKE clusters, and Managed Databases cannot join a VPC at this time.

- VPCs are deployed to a specific data center when created. Only compatible services within that data center can belong to a VPC.

- A VPC interface can be private or have public internet access through a 1:1 NAT.

## Additional Limits and Considerations

- VPCs peering is not supported (within the same data center or different data centers).

- While VPC traffic is isolated from other cloud tenants, it is not encrypted.

- IPv6 addresses are not available on a VPC interface.

- VPC IP addresses cannot use [IP Sharing](/docs/products/compute/compute-instances/guides/manage-ip-addresses/#configuring-ip-sharing) or [IP Transfer](/docs/products/compute/compute-instances/guides/manage-ip-addresses/#transferring-ip-addresses) features.
12 changes: 12 additions & 0 deletions docs/products/networking/vpc/developers/index.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
---
title: Developers
title_meta: "Developer Resources for VPC"
description: "Use the Linode API v4 and the Linode CLI to create and manage VPCs."
tab_group_main:
weight: 40
published: 2024-01-09
---

## Linode CLI

The [Linode CLI](https://github.com/linode/linode-cli) is a wrapper around the Linode API v4 that allows you to manage your Linode account and resources from the command line. Learn how to use the Linode CLI to [create and manage your Linode resources](/docs/products/tools/cli/get-started/).
40 changes: 40 additions & 0 deletions docs/products/networking/vpc/get-started/index.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
---
title: Get Started
title_meta: "Getting Started with VPC"
description: "A holistic view on determining your application's cloud networking infrastructure, creating a VPC, and assigning your instances to a VPC."
keywords: ['networking','vpc','private network']
tags: ["security", "networking", "linode platform"]
tab_group_main:
weight: 20
published: 2024-01-09
---

## Determine Your Application's Networking Architecture

Consider your application's requirements and determine how your application should communicate both internally and over the public internet. As part of this, review the range of options available for private and public network connectivity on the Linode platform: VPCs, VLANs, Private IPv4 addresses, and Public IPv4/IPv6 addresses. When choosing VPC for private networking (the most common product), determine if segmenting the VPC into multiple subnets is needed. Consider the number of IP addresses you need now (and might need in the future) per subnet and decide on a CIDR range within the [RFC1918](https://datatracker.ietf.org/doc/html/rfc1918) that can accommodate that number. Your subnet must be within the following blocks:

- 10.0.0.0/8
- 172.16.0/12

## Create a VPC

Once you've determined that a VPC is needed, you can create it directly in the Cloud Manager using the Create VPC form or by deploying a new Compute Instance and entering a new VPC. During this process, you'll need to define the following parameters:

- **Region:** The data center where the VPC is deployed. Since VPCs are region-specific, only Compute Instances within that region can join the VPC.
- **Label:** A string to identify the VPC. This should be unique to your account.
- **Subnet Label:** A string to identify the subnet, which should be unique compared to other subnets on the same VPC.
- **Subnet CIDR range:** The range of IP addresses that can be used by Compute Instances assigned to this subnet.

While at least 1 subnet must be created, you can create up to 10 subnets per VPC.

Review the [Create a VPC](/docs/products/networking/vpc/guides/create/) guide for complete instructions.

## Assign Compute Instances

You can assign existing Compute Instances to a VPC or, more commonly, deploy a new Compute Instance to the VPC.

- **New Compute Instance:** When creating a Compute Instance, there is an option to add it to an existing VPC. The VPC must already be created in the same data center as selected for the Compute Instance. When assigning a new instance to a VPC, you must also select the subnet that the instance should belong to. By default, an IPv4 address from the subnet's CIDR range will be assigned to the instance, though you can opt to manually enter an IP address. Additionally, public IPv4 connectivity won't be configured by default, though an option is present to configure 1:1 NAT on the VPC interface.

- **Existing Compute Instance:** If you need to add an existing Compute Instance to a VPC, you can do so from the VPC page or by directly editing that instance's Configuration Profile. Advanced users may prefer directly editing their Configuration Profile to avoid causing downtime or interruptions.

For further instructions, review the [Assign (and Remove) Services](/docs/products/networking/vpc/guides/assign-services/) page.
18 changes: 18 additions & 0 deletions docs/products/networking/vpc/guides/_index.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
---
title: Guides
title_meta: "Guides and Tutorials for VPCs"
description: "A collection of guides to help instruct you how to use VPCs."
tab_group_main:
weight: 30
published: 2024-01-09
---

## Basics

- [Getting Started with VPCs](/docs/products/networking/vpc/get-started/): An introduction to VPCs, including how to create and administer them within the Cloud Manager.

- [Create a VPC](/docs/products/networking/vpc/guides/create/): Learn how to create a VPC using the Cloud Manager and Linode API.

- [Manage Subnets](/docs/products/networking/vpc/guides/subnets/): Information about VPC subnets and instructions on creating, editing, and deleting them.

- [Assign (and Remove) Services](/docs/products/networking/vpc/guides/assign-services/): Learn how to add an remove existing Compute Instances to/from a VPC.
59 changes: 59 additions & 0 deletions docs/products/networking/vpc/guides/assign-services/index.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
---
title: "Assign (and Remove) Services"
title_meta: "Assign (and Remove) Services on a VPC"
description: "Learn how to add (and remove) Compute Instances to a VPC."
published: 2024-01-09
authors: ["Linode"]
---

VPCs enable private communication between services within a data center and are a critical component of many application architectures. Both new and existing Compute Instances can be added to VPCs. Follow the instructions withing this guide to add (or remove) Compute Instances to a subnet on a VPC.

## Components and Options

- **Network Interface:** Every Compute Instance can have up to 3 network interfaces (Public, VPC, and VLAN). If you wish for an instance to be configured on a VPC, the **VPC** option needs to be selected on at least one interface. See [Configuration Profile Settings](/docs/products/compute/compute-instances/guides/configuration-profiles/#settings).

- **Subnet:** When a Compute Instance is assigned to a VPC, a subnet needs to be selected. The subnet that the Compute Instance is assigned to.

- **VPC IPv4 address:** The IPv4 address of the Compute Instance within the private network of the subnet. It must be within the CIDR range defined in the subnet. The address can be automatically generated or manually entered.

- **Public internet connectivity:** The Compute Instance can connect to the public internet through a 1:1 NAT on the VPC interface (the *Assign a public Ipv4 address for this Linode* option) or can have a separate network interface configured as *Public Internet*. The latter option may be preferred for existing Compute Instances that are already functioning and you wish to keep VPC traffic separated.

## Considerations

- Newly created Compute Instances configured with a VPC will have a VPC network interface configured and set as the default. There will not be any public interface configured.

- A Compute Instance configured on a VPC but without a 1:1 NAT configured and without a *Public Internet* network interface is only be able to communicate within the VPC subnet it is assigned to.

- Compute Instances can only be assigned to a single subnet of a single VPC. Multiple VPC interfaces are not allowed.

## Assign Existing Compute Instances

1. Navigate to the **Subnets** section of a VPC. See [View Subnets](/docs/products/networking/vpc/guides/subnets/#view-subnets).

1. Locate the subnet you wish to use, expand the corresponding ellipsis menu, and click **Assign Linodes**. This opens the **Assign Linodes to subnet** panel.

1. Within the **Linodes** dropdown menu, select the instance you would like to add to the VPC on the selected subnet.

1. By default, an IPv4 address will be automatically generated for the instance on the subnet's defined CIDR range. If you want to manually assign an IP address, uncheck the **Auto-assign a VPC IPv4 address for this Linode** option and enter your custom IPv4 address. This address must still be within the subnet's IP range.

1. Click the **Assign Linode** button to add the instance to the subnet.

1. You can review the list of all instances assigned to that subnet. Once you have added all instances you wish to assign, click the **Done** button.

1. Restart each added Compute Instance to automatically configure the VPC interface on the system.

## Assign a New Compute Instance

Review the [Create a Compute Instance](/docs/products/compute/compute-instances/guides/create/) workflow and complete the VPC section.

## Remove Services

1. Navigate to the **Subnets** section of a VPC. See [View Subnets](/docs/products/networking/vpc/guides/subnets/#view-subnets).

1. Locate the subnet you wish to use, expand the corresponding ellipsis menu, and click **Unassign Linodes**. This opens the **Unassign Linodes from subnet** panel.

1. Open the **Linodes** dropdown menu and select each instance you wish to remove from the subnet.

1. Review the list of instances to be removed and then click the **Unassign Linodes** button to confirm.

1. Restart each Compute Instance to automatically remove the VPC interface from the system.
133 changes: 133 additions & 0 deletions docs/products/networking/vpc/guides/create/index.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,133 @@
---
title: "Create a VPC"
title_meta: "Create a VPC on the Linode Platform"
keywords: ["getting started", "deploy", "linode", "linux"]
description: "Learn how to create a new Compute Instance, including choosing a distribution, region, and plan size."
published: 2024-01-09
authors: ["Linode"]
---

This guide walks you through creating a VPC through the Cloud Manager, Linode CLI, and Linode API.

1. [Get Started](#get-started)
1. [Set the Basic Parameters](#set-the-basic-parameters)
1. [Define Subnets](#define-subnets)
1. [Deploy the VPC](#deploy-the-vpc)
1. [Next Steps](#next-steps)

## Get Started

Open the Create Form in the Cloud Manager or start entering your Linode CLI or Linode API command.

{{< tabs >}}
{{< tab "Cloud Manager" >}}
Log in to the [Cloud Manager](https://cloud.linode.com/), click the **Create** dropdown menu on the top bar, and select *VPC*. This opens the **Create VPC** form.
{{< /tab >}}
{{< tab "Linode CLI" >}}
{{< note type="warning" noTitle=true >}}
During the closed beta period, VPC functionality might not be enabled on the Linode CLI.
{{< /note >}}

Within your terminal, paste the command provided below. If you do not have the Linode CLI, review the [Install and Configure the Linode CLI](/docs/products/tools/cli/guides/install/) guide. **Before submitting the request, read through the rest of this document.**

```command
linode-cli vpcs create \
--description "An optional description" \
--label vpc-example \
--region us-east \
--subnets.label subnet-example \
--subnets.ipv4 10.0.1.0/24
```
{{< /tab >}}
{{< tab "Linode API" >}}
Within your terminal, enter the API curl request below. Make sure to properly paste in or reference your [API token](/docs/products/tools/api/guides/manage-api-tokens/). For a complete API reference, see the [VPC API endpoints](/docs/api/vpcs/) documentation. **Before submitting the request, read through the rest of this document.**

```command
curl https://api.linode.com/v4beta/vpcs \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-X POST -d '{
"description": "An optional description",
"label": "vpc-example",
"region": "us-east",
"subnets": [
{
"label": "subnet-example",
"ipv4": "10.0.1.0/24"
}
]
}'
```
{{< /tab >}}
{{< /tabs >}}

## Set the Basic Parameters

Select the region and enter a label and description for the VPC.

- **Region:** Select the data center where the VPC should be deployed. Since VPCs do not span multiple data centers, only services within the selected data center can join the VPC.

{{< note >}}
VPC is limited to select data centers during the beta period. For more details, review [Availability](/docs/products/networking/vpc/#availability)
{{< /note >}}

- **Label:** Enter an alphanumeric string (containing only letters, numbers, and hyphens) to identify the VPC. A good label should provide some indication as to the purpose or intended use of the VPC.

- **Description:** Adding tags gives you the ability to categorize your Linode services however you wish. If you're a web development agency, you could add a tag for each client you have. You could also add tags for which services are for development, staging, or production.

## Define Subnets

Subnets partition out the VPC into smaller networks, allowing groups of related systems to be separated from other functions of your applications or workloads. At least one subnet is required, though up to 10 can be created for each VPC.

- **Subnet Label:** Enter an alphanumeric string (containing only letters, numbers, and hyphens) to identify the subnet. It should be unique among other subnets in the same VPC and should provide an indication as to its intended usage.

- **Subnet IP Address Range:** VPC subnet ranges must be in the RFC1918 IPv4 address space designated for private networks. That said, it cannot overlap with the `192.168.128.0/17` range set aside for [Private IP addresses](/docs/products/compute/compute-instances/guides/manage-ip-addresses/#types-of-ip-addresses) on Compute Instances.

Follow the instructions below to create multiple subnets. You are also able to add, edit, and remove subnets from the VPC after it has been created.

{{< tabs >}}
{{< tab "Cloud Manager" >}}
For each additional subnet you wish to create, press the **Add Another Subnet** button within the **Subnets** section. This adds another set of subnet fields to the form.
{{< /tab >}}
{{< tab "Linode CLI" >}}
{{< note type="warning" noTitle=true >}}
During the closed beta period, VPC functionality might not be enabled on the Linode CLI.
{{< /note >}}

```command
...
--subnets.label backend-example-subnet \
--subnets.ipv4 10.0.4.0/24 \
--subnets.label frontend-example-subnet \
--subnets.ipv4 10.0.5.0/24
...
```
{{< /tab >}}
{{< tab "Linode API" >}}
```command
...
"subnets": [
{
"label": "backend-example-subnet",
"ipv4": "10.0.4.0/24"
},
{
"label": "frontend-example-subnet",
"ipv4": "10.0.5.0/24"
}
]
...
```
{{< /tab >}}
{{< /tabs >}}

## Deploy the VPC

Once all fields have been entered, you can click the **Create VPC** button in the Cloud Manager or run the Linode CLI or Linode API command. If you are using the Cloud Manager, you are taken to the VPC's details page where you can view and edit the VPC and its subnets.

## Next Steps

Once the VPC has been created, the next step is to start adding services to it. Currently, only Compute Instances can be added to the VPC.

- **Add an Existing Compute Instance to the VPC:** Review the [Assign Existing Compute Instance to a VPC Subnet]() guide.
- **Add a new Compute Instance to the VPC:** To add a new instance, follow the [Create a Compute Instance](/docs/products/compute/compute-instances/guides/create/) workflow and complete the VPC section.
Loading

0 comments on commit db2a71d

Please sign in to comment.