Networks
All workloads that need to communicate with the Internet must be connected to the provider-external network — the single provider network for public connectivity on UNIQCloud.
Overview
UNIQCloud exposes a single provider network — provider-external — for all workloads requiring Internet access. Whether you are running customer-facing APIs, public websites, or any service that needs to send or receive traffic from outside the platform, your workload must attach to this network.
Public IP Addressing
Load balancers attached to provider-external receive public IP addresses, making your services reachable from the Internet.
Load Balancer Required
Services are exposed via a load balancer connected to provider-external. Direct server attachment to the provider network is not supported.
SNAT for Outbound Traffic
The tenant router is connected to provider-external and performs SNAT, allowing servers on private subnets to reach the Internet without a public IP per instance.
Network Architecture
Servers and pods never attach directly to the provider network. Instead, the recommended topology is:
[ Instance / Pod ]
│
[ Private Subnet ] ←─ tenant-owned, RFC 1918 space
│
[ Tenant Router ] ←─ SNAT for outbound, Floating IPs / LB VIPs for inbound
│
[ provider-external ] ←─ public IP pool managed by UNIQCloud
│
[ Internet ]
| Component | Role |
|---|---|
| Private Subnet | Tenant-managed RFC 1918 network for all instances |
| Tenant Router | Connects the private subnet to provider-external; performs SNAT |
| Load Balancer | Terminates inbound traffic; assigned a public VIP from provider-external |
provider-external | The UNIQCloud provider network — sole gateway to the Internet |
Requirements
[!IMPORTANT] Any workload that needs to reach or be reached from the Internet must have its router's external gateway set to
provider-external. Without this, outbound Internet traffic and inbound public access will not work.
- Router external gateway → set to
provider-external - Load Balancer → created on
provider-external(assigns a public VIP) - OpenStack APIs → reachable via public DNS entries on the
provider-externalnetwork
Quick Setup (OpenStack CLI)
# 1. Create a private tenant network and subnet
openstack network create my-network
openstack subnet create my-subnet \
--network my-network \
--subnet-range 192.168.100.0/24
# 2. Create a router and attach it to provider-external
openstack router create my-router
openstack router set my-router --external-gateway provider-external
# 3. Connect the private subnet to the router
openstack router add subnet my-router my-subnet
# 4. Create a load balancer on provider-external for public access
openstack loadbalancer create \
--name my-lb \
--vip-network-id $(openstack network show provider-external -f value -c id)