All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Why don't many providers have internal IP addresses?
tazzytazzy
Member
Hey all. Just a semi-quick question. Why don't many providers have internal IP addressing? For example, I've contacted a couple of providers, such as ExtraVm and HostUS since they came highly rated from here, and it doesn't seem common to have an internal IP address.
For security reasons, I disable external IP addresses on my backend servers - backup servers, SQL boxes, etc. The only way I've configured the servers is: Backend - Two utility servers accepting only SSL Keys or the console. For the frontend, can only go through the HAProxy/Varnish servers. Having two NICs makes it that much easier to restrict access. Even on the internal layer, I still have firewalls. This prevents a rogue/drone server from accessing other resources it's not supposed to. For example, the web server can only talk to the reddis server or the sql server.
Another benefit is that I can use my own numbering system. For example, I can say all 10.200.99.x servers are my web servers, while all 10.200.100.x are my sql servers. This allows me to have firewall rules like: allow from 10.200.99.0/24:80,443 to 10.200.100.0/24.
If I had to external IP addresses, I would have to specify each IP address and go around updating firewall rules (granted, this could be taken care by saltstack, but that's just an extra layer of fud). When a server dies, gets sick, or SaltStack sees another server is needed for load, it can just spin up a new server...and it'll fit within the IP address ranges and firewall rules.
A second part of this question... Any one know a good VPS provider with internal IP addressing? I liked the specs of ExtraVM, but they don't offer internal IP address. A plus side: I would like to get a floating external IP address so that keepalived can map the IP address as needed (this would require the VPS provider have an API like digital ocean, aws, etc. to move the IP address) across my haproxy servers.
Thanks all.
Comments
A lot of providers offer "private" or "internal" IP addresses, however on a shared subnet (dediserve and DigitalOcean) come to mind. If you want a really private network (basically a vlan) you'll need to look at IBM SoftLayer, AWS or Azure (and spend a significantly higher amount of money as well). Most budget providers don't offer you that kind of functionality, because it's hard/expensive to automate it.
OVH also has private VLAN feature which even also works in between their datacenters. So you have a private lan with your instances in all their location.
Have you looked at using tinc or something similar if they don't offer it.
If you're looking for a provider that has internal IPs take a look at BuyVM they also offer Anycast. I'm sure if you have a chat with @Francisco about his slices you could find a good solution for what you're trying to do.
Im currently on vultr. Any vm you create can talk to eacher on a private network within the same region. Maybe im spoiled with it.
I was looking for a different provider as they dont have the best performance or up time.
We offer private networking and a firewall for each VPS. There are some VaporNode offers floating around LET.
If you have any questions or want to discuss your requirements, let me know!
Linode offers private IP (traffic is free within this network, but works only within 1 datacenter). Linode is not really a low end provider, but I think it is cheaper than having to go to an IBM/Amazon
Read linode's announcement here - https://blog.linode.com/2008/03/14/private-back-end-network-support/
Pretty sure Lunanode have an internal network option.
We also offer private IP addresses. Floating ips will be available in the future. https://mnx.io/pricing
As mentioned, we have private IP's on each service as a 'big fat LAN' for the time being. With the slices roll out and network upgrades I hope to have cross DC communication working over the LAN IP's (since all IP's are globally unique within Stallion).
Francisco
they indeed have, that's why I'm with em atm
You can also create an iptable rule to block all traffic except from and to the other node, effectively making it a "private" ip.
Yeh they seemed ok when I was using them, although I ended up going to OVH and just renting another Dedi as once you start wanting more than a couple of larger VM's that becomes cheaper than using a cloud provider, and the VM's don't need 100% uptime/HA or anything like that.
Correct, we offer two private (shared) lans. One for communcation between your servers and our Storage Network, (NAS) and one for comms between your servers (1gbps on both).
Both are free, as are private / internal IPs, and our firewall platform lets you lock down all eth' on the server