VPC Networks Overview
Crusoe Cloud provides a high performance Software Defined Network (SDN) for developers.
Concepts
Default networks and subnets
When you create a project, Crusoe creates a default VPC network and default zonal VPC subnets for all regions to which you have access. The CIDRs for these are:
| Network | CIDR |
|---|---|
default-vpc-network | 172.27.0.0/16 |
| Subnets | CIDR |
|---|---|
default-subnet-us-northcentral1-a | 172.27.0.0/20 |
default-subnet-us-east1-a | 172.27.16.0/20 |
default-subnet-us-southcentral1-a | 172.27.32.0/20 |
Certain regions listed above are restricted and may not be available for immediate provisioning. If you require access to additional locations, please contact our sales team to discuss your use case.
Crusoe also creates default firewall rules for this network and the associated subnets. Crusoe manages adding new subnets as new zones and regions come online, and will also add new firewall rules to the default network to cover added subnets.
Non-default networks and subnets
If you need more control over your infrastructure, you can also create non-default networks and subnets. Non-default subnets can be created with IP ranges in RFC 1918 space.
Non-default networks and subnets do not come with any default firewall rules, so you must add all applicable firewall rules to the network.
Reserved IPs within subnets
We currently reserve the first five IPs within a subnet (e.g. 172.27.0.0 through 172.27.0.4) as well as the broadcast address (e.g. 172.27.0.255). This applies to all subnets, both the default subnets as well as any non-default subnets.
Internal DNS
By default, we provide internal DNS for all VMs within a VPC network. VMs are reachable at $VM_NAME.$LOCATION.compute.internal, e.g. stable-diffusion-serving.us-northcentral1-a.compute.internal. Note that internal DNS is provided on a per-network basis.
Limitations
IPv4 only
Currently, we only support IPv4.
Static IPs
Currently, all private IPs are static. All public IPs are dynamic by default, which means they will change during a VM stop and restart, but can be changed to static. Learn more on how to updated the public IP type.
Communication limited to within a region
Currently, subnet-to-subnet communication using private IP addresses is limited to communication between instances and subnets in the same region. For instance, two VMs in the default-subnet-us-east1-a are allowed to communicate (provided that the correct firewall rules are configured to allow this communication), as are instance-1 in a non-default my-subnet-1-us-east1-a and instance-2 in a non-default my-subnet-2-us-east1-a. Communication between instance-1 in default-subnet-us-east1-a and instance-2 in default-subnet-us-northcentral1-a, over their private IPs, is not allowed.
If you want instances in different regions to talk to each other, you can use the public IP addresses assigned to the instances. We suggest configuring firewall rules to allow for secure connections across regions.