Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Activate and configure a Firewall for each Network Interface Card (NIC) to better protect your servers from attacks. IONOS Cloud Firewalls can filter incoming (ingress), outgoing (egress), or bidirectional traffic. When configuring firewalls, define appropriate rules to filter traffic accordingly.
To activate a Firewall, follow these steps:
1. In the Workspace, select a Virtual Machine with a NIC.
2. From the Inspector pane, open the Network tab.
3. Open the properties of the NIC for which you want to set up a Firewall.
4. Choose either Ingress, Egress, or Bidirectional traffic flow type for which the Firewall needs to be activated.
Warning: Activating the Firewall without additional rules will block all incoming traffic. Make sure you set the Firewall rules by using Manage Rules.
Result: The Firewall is activated for the selected NIC.
To create a Firewall rule, follow these steps:
1. In the Workspace, select a VM with a NIC.
2. From the Inspector pane, open the Network tab.
3. Open the properties of the NIC for which you wish to manages Firewall Rules.
4. Click Manage Rules.
5. Click Create Firewall Rule and choose from the following type of Firewall rules to add from the drop-down list:
Transmission Control Protocol (TCP) Rule
User Datagram Protocol (UDP) Rule
Internet Control Message Protocol (ICMP) Rule
ICMPv6 Rule
Any Protocol
6. Enter values for the following in a Firewall rule:
Name: Enter a name for the rule.
Direction Choose the traffic direction between Ingress and Egress.
Source MAC: Enter the Media Access Control (MAC) address to be passed through by the firewall.
Source IP/CIDR: Enter the IP address to be passed through by the Firewall.
Destination IP/CIDR: If you use virtual IP addresses on the same network interface, you can enter them here to allow access.
Port Range Start: Set the first port of an entire port range.
Port Range End: Set the last port of a port range or enter the port from Port Range Start if you only want this port to be allowed.
ICMP Type: Enter the ICMP Type to be allowed. Example: 0 or 8 for echo requests (ping) or 30 for traceroutes.
ICMP Code: Enter the ICMP Code to be allowed. Example: 0 for echo requests.
IP Version: Select a version from the drop-down list. By default, it is Auto.
7. (Optional) You can add Firewall rules from an existing template by using Rules from Template. The Generic Webserver, Mailserver, Remote Access Linux, and Remote Access Windows are the types of Firewall rules you can add from the existing rules template.
8. Alternatively, you may import an existing rule set from the Clone Rules from other NIC.
9. Click Save to confirm creating a Firewall rule.
Result: A Firewall Rule is created with the configured values.
Prerequisites: Make sure you have the appropriate privileges. Only contract owners, administrators, or users with the Create Data Center privilege can set up a VDC. Other user types have read-only access and can't provision changes.
If you want to build a network using static IP addresses, IONOS Cloud offers you the option to reserve IPv4 addresses for a fee. You can reserve one or more addresses in an IP block using the DCD's IP Manager.
Note: It is not possible to reserve a specific IPv4 address; you are assigned a random address by IONOS Cloud.
An IP address can only be used in the data center from the region where it was reserved. Therefore, if you need an IP address for your virtual data center in Karlsruhe, you should reserve the IP address there. Each IP address can only be used once, but different IP addresses from a block can be used in different networks, provided these networks are provisioned in the same region where the IP block is located.
Reserving and using IPv4 addresses is restricted to authorized users only. Contract owners and administrators may grant privileges to reserve IP addresses.
Prerequisites: Make sure you have the appropriate permissions. Only contract owners, administrators, or users with the Reserve IP privilege can reserve IP addresses. Other user types have read-only access and can't provision changes.
In the DCD, go to the Menu > Management > IP Management.
In the IP Manager, select + Reserve IPs.
Enter the following IP block information:
Name: Enter a name for the IP block.
Number of IPs: Enter the number of IPv4 addresses you want to reserve.
Region: Enter the location of the IONOS data center where you want your IPs to be available.
Confirm your entries by selecting Reserve IPs.
The number of IPs you have reserved are available as an IP block. The IP block details should now be visible on the right.
IP addresses cannot be returned individually, but only as a block and only when they are not in use.
Note: If you return a static IP address, you cannot reserve it again afterwards.
In the DCD, go to Menu > Management > IP Management.
Ensure the IPs you want to release are not in use.
Select the required IP block.
Select Delete to return the IP block to the pool.
Confirm your action by selecting OK.
The IP block and all IP addresses contained are released and removed from your IONOS Cloud account.
IONOS Cloud Networks enables IONOS virtual resources to securely communicate with each other, the internet, and on-premises networks. Our broad portfolio of networking products built using Software-Defined Networking (SDN) technology ensure customer workloads can scale and connect securely across both physical and virtual networks. Refer to our user guides, reference documentation, and FAQs to support your virtual networking needs.
helps you connect the elements of your infrastructure and build a network to set up a functional virtual data center. Without a connected internet access element, your network is private.
The quickest way to connect elements is to drag them from the Palette directly onto elements that are already in the Workspace. The DCD will then show you whether and how the elements can be connected automatically.
1. Drag the elements from the Palette into the Workspace and connect them through their .
2. In the Workspace, select the required ; the Inspector will show its properties on the right.
3. From the Inspector pane, open the Network tab. Now you can access NIC properties.
4. Set NIC properties according to the following rules:
MAC: The MAC address will be assigned automatically upon provisioning.
Primary IP: The primary is automatically assigned by the IONOS DHCP server. You can, however, enter an IP address for manual assignment by selecting one of the reserved IPs from the drop-down menu. Private IP addresses (according to ) must be entered manually. The NIC has to be connected to the Internet.
Failover: If you have an HA setup including a failover configuration on your VMs, you can create and manage IP failover groups that support your HA setup.
Firewall: Configure a firewall.
DHCP: It is often necessary to run a DHCP server in your virtual data center (e.g. PXE boot for fast rollout of VMs). If you use your own DHCP server, clear this check box so that your IPs are not reassigned by the IONOS DHCP server.
Additional IPs: In order to use "floating" or virtual IPs, you can assign additional IPs to a NIC by selecting them from the drop-down menu.
When ready, provision your changes. The will create a private network according to set properties.
1. To split a LAN, select the required LAN in the Workspace.
2. In the Inspector, open the Actions menu and select Split LAN.
3. Confirm by clicking Split LAN.
4. Make further changes to your data center and provision your changes when ready.
The selected LAN is split and new IPs are assigned to the NICs in the new LAN.
1. To merge a LAN, select the required LAN in the Workspace.
2. To integrate this LAN into another LAN.
3. In the Inspector, open the Actions menu and select Merge LAN with another LAN.
4. In the dialog that appears, select the LANs to be merged with the selected LAN.
5. Select the checkboxes of the LANs you wish to keep separate.
6. Confirm by clicking Merge LANs.
(Optional) Make further changes to your data center.
7. Provision your changes
The selected LANs are merged and new IPs are assigned to the NICs in the newly integrated LAN.
A private LAN that is integrated into a public LAN also becomes a public LAN.
Users who do not have the permissions to add a new internet access element, can connect to an existing element in their VDC, provided they have the permissions to edit it.
1. To add internet access, drag the Internet element from the Palette onto the Workspace.
2. Connect this element with Servers.
3. Set further properties of the connection at the respective NIC.
with internet access are assigned an IP automatically by the IONOS DHCP server. Please note that multiple servers sharing the same internet interface also share the same subnet. With required permissions, you can add as many internet access elements as you wish.
Reserve and return IPv4 addresses for network use.
Create a private network and add internet access.
Activate a multidirectional firewall and add rules.
Ensure that HA setups are available on your VMs.
Capture data related to IPv4 network traffic flows.
Configure IPv6 addresses for a LAN.
Reserve and return IPv4 addresses for network use.
Create a private network and add internet access.
Activate a multi-directional firewall and add rules.
Ensure that HA setups are available on your VMs.
Capture data related to IPv4 network traffic flows.
Connect VDCs with each other using a LAN.
Configure IPv6 addresses for a LAN.
Enable internet access to virtual machines without exposing them to the internet by a public interface.
Configure high-performance, low-latency Layer 4 load-balancing.
Configure high-performance, low-latency Layer 7 load-balancing.
The DCD helps you interconnect the elements of your infrastructure and build a network to set up a functional VDC. Virtual networks work just like normal physical networks. Transmitted data is completely isolated from other subnets and cannot be intercepted by other users.
You cannot find any switches in the DCD by design. Switching, routing, and forwarding functionality is deeply integrated into our network stack, which means we are responsible for distributing your traffic. If you wish to route from one of your private networks to the next by means of a virtual machine(VM), the VM must be configured accordingly, and the routing table adjusted.
IP settings: By default, IP addresses are assigned by our DHCP server. You can also assign IP addresses yourself. MAC addresses cannot be modified.
Firewall: In order to protect your network against unauthorized access or attacks from the Internet, you can activate the firewall for each NIC. By default, this will block all traffic, and you need to configure the rules to specify what traffic can pass through. Ingress, Egress and Bidirectional firewalls are supported. For TCP, UDP, ICMP and ICMPv6 protocols, you can specify rules for individual source or target IPs.
IONOS Cloud allows virtual entities to be equipped with network cards (“network interface cards”; NICs). Only by using these virtual network interface cards, it is possible to connect multiple virtual entities together and/or to the Internet.
The maximum external throughput may only be achieved with a corresponding upstream of the provider.
Compatibility
The use of virtual MAC addresses and/or the changing of the MAC address of a network adapter is not supported. Among others, this limitation also applies to the use of CARP (Common Address Redundancy Protocol).
Gratuitous ARP (RFC 826) is supported.
Virtual Router Redundancy Protocol (VRRP) is supported based on gratuitous ARP. For VRRP to work IP failover groups must be configured.
Depending on the location, different capacities for transmitting data to or from the Internet are available for operating the IONOS Cloud service. Due to the direct connection between the data centers at the German locations, the upstream can be used across locations.
The total capacities of the respective locations are described below:
IONOS backbone AS-8560, to which IONOS Cloud is redundantly connected, has a high-quality edge capacity of 1.100 Gbps with 2.800 IPv4/IPv6 peering sessions, available in the following Internet and peering exchange points: AMS-IX, BW-IX, DE-CIX, ECIX, Equinix, FranceIX, KCIX, LINX.
IONOS Cloud operates redundant networks at each location. All networks are operated using the latest components from brand manufacturers with connections up to 100 Gbps.
IONOS Cloud uses high-speed networks based on InfiniBand technology both for connecting the central storage systems and for handling internal data connections between customer servers.
IONOS Cloud operates a high availability core network at each location for the redundant connection of the product platform. All services provided by IONOS Cloud are connected to the Internet via this core network.
The core network consists exclusively of devices from brand manufacturers. The network connections are completed via an optical transmission network, which, by use of advanced technologies, can provide transmission capacities of several hundred gigabits per second. Connection to important Internet locations in Europe and America guarantees the customer an optimal connection at all times.
Data is not forwarded to third countries. At the customer’s explicit request, the customer can opt for support in a data center in a third country. In the interests of guaranteeing a suitable data protection level, this requires a separate agreement (within the meaning of article 44-50 DSGVO and §§ 78 ff. BDSG 2018).
IONOS Cloud provides the customer with public IP addresses that, depending on the intended use, can be booked either permanently or for the duration for which a server exists. These IP addresses provided by IONOS Cloud are only needed if connections are to be established over the internet. Internally, VMs can be freely networked. For this, IONOS Cloud offers a DHCP server that allows assignment of IP addresses. However, one can establish one’s own addressing scheme.
See also: Reserve an IP Address
Every virtual network interface card that is connected to the internet is automatically assigned a public IPv4 address by DHCP. This IPv4 address is dynamic, meaning it can change while the server is operational or in the case of a restart.
Customers can reserve static public IPv4 addresses for a fee. These reserved IPv4 addresses can be assigned to a virtual network interface card, which is connected to the internet, as primary or additional IP addresses.
In networks that are not connected to the Internet, each virtual network interface card is automatically assigned a private IPv4 address. This is assigned by the DHCP service. These IPv4 addresses are assigned statically to the MAC addresses of the virtual network interface cards.
The use of the IP address assignment can be enabled or disabled for each network interface card. Any private IPv4 addresses pursuant to RFC 1918 can be used in private networks.
By default, every VDC is assigned a public /56 IPv6 CIDR block. Customers can choose to enable IPv6 in a LAN as per their needs and a maximum of 256 IPv6 enabled LANs can be created per VDC. On enabling IPv6 in a LAN, the customer can either select a /64 IPv6 CIDR block from the /56 IPv6 CIDR block assigned to the VDC or have a /64 block automatically assigned to the LAN. Public IPv6 addresses are assigned to both private and public LANs.
Every connected virtual NIC is then assigned a /80 IPv6 CIDR block and a single /128 IPv6 address either automatically, or the customer can also select both. The /80 and /128 address must both be assigned from the /64 IPv6 CIDR block assigned to the corresponding LAN. The first public IPv6 address is assigned by DHCP and in total a maximum of 50 IPv6 addresses can be assigned per NIC. IPv6 addresses are static, meaning they remain assigned in the case of a VM restart.
IONOS DDoS Protect is a managed Distributed Denial of Service defense mechanism, which ensures that every customer resource hosted on IONOS Cloud is secure and resilient against Layer 3 and Layer 4 DDoS attacks. This is facilitated by a filtering and scrubbing technology, which in event detection of an attack filters the malicious DDoS traffic and lets through only the genuine traffic to its original destination. Hence, enabling applications and services of our customers to remain available under a DDoS attack.
Known attack vectors regularly evolve and new attack methods are added. IONOS Cloud monitors this evolution and dedicates resources to adapt and enhance DDoS Protect as much as possible to capture and mitigate the threat.
The service is available in all of our data centers.
The service is available in two packages:
DDoS Protect Basic: This package is enabled by default for all customers and does not require any configuration. It provides basic DDoS Protection for every resource on IONOS Cloud from common volumetric and protocol attacks and has the following features:
DDoS traffic filtering - All suspicious traffic is redirected to the filtering platform where the DDoS traffic is filtered and the genuine traffic is allowed to the original destination.
Always-On attack detection - The service is always on by default for all customers and does not require any added configuration or subscription.
Automatic Containment - Each time an attack is identified the system automatically triggers the containment of the DDoS attack by activating the DDoS traffic and letting through only genuine traffic.
Protect against common Layer 3 and 4 attacks - This service protects every resource on IONOS Cloud from common volumetric and protocol attacks in the Network and Transport Layer such as UDP, SYN floods, etc.
DDoS Protect Advanced: This package offers everything that's part of the DDoS Protect Basic package plus advanced security measures and support.
24/7 DDoS Expert Support - Customers have 24/7 access to IONOS Cloud DDoS expert support. The team is available to assist customers with their concerns regarding ongoing DDoS attacks or any related issues.
Proactive Support - The IONOS Cloud DDoS support team, equipped with alarms, will proactively respond to a DDoS attack directed towards a customer's resources and also notify the customer in such an event.
On-demand IP specific DDoS filtering - If a customer suspects or anticipates a DDoS attack at any point in time, he can request to enable DDoS filtering for a specific IP or server owned by him. Once enabled, all traffic directed to that IP will be redirected to the IONOS Cloud filtering platform where DDoS traffic will be filtered and genuine traffic will be passed to the original destination.
On-demand Attack Diagnosis - At the customer's request, a detailed report of a DDoS attack is sent to the customer, explaining the attack and other relevant details.
Note! IONOS Cloud sets forth Security as a Shared Responsibility between IONOS Cloud and the customer. We at IONOS Cloud strive at offering a state-of-the-art DDoS defense mechanism. Successful DDoS defense can only be achieved by a collective effort on all aspects including optimal use of firewalls and other settings in the customer environment.
To make sure that high-availability (HA) or setups on your are effective in case of events such as a physical server failure, you should set up "IP failover groups".
They are essential to all HA or fail-over setups irrespective of the mechanism or protocol used.
Please ensure that the high-availability setup is fully installed on your VMs. Creating an IP failover group in the alone is not enough to set up a failover scenario.
A failover group is characterized by the following components:
Members: The same (reserved, public) is assigned to all members of an IP failover group so that communication within this group can continue in the event of a failure. You can set up multiple IP failover groups. A can be a member of multiple IP failover groups. Dedicated Core Servers should be spread over different . The rules for managing the traffic between your VMs in event of a failure are specified at the operating system level using the options and features for setting up high-availability or fail-over configurations. Users must have access rights for the IPs they wish to use.
Master: During the initial provisioning, the master of an IP failover group in the DCD represents the master of the HA setup on your virtual machines. If you change the master later, you won't have to change the master of the IP failover group in the DCD.
Primary IP address: The IP address of the IP failover group can be provisioned as the primary or additional IP address. We recommend that you provide the IP address used for the IP failover group as the primary IP address, as it is used to calculate the gateway IP, which is advantageous for some backup solutions. Please note that this will replace the previously provisioned primary IP address. When there are multiple IP failover groups in a LAN, a involved in multiple of these groups can only be used once for the primary IP address. The DCD will alert you accordingly.
For technical reasons this feature can only be used subject to the following limitations:
In public LANs that do not contain load balancers.
With reserved public IP addresses only - DHCP-generated IP addresses cannot be used.
Virtual MAC addresses are not supported.
IP failover must be configured for all HA setups.
Prerequisites: Please make sure that you have the privileges to Reserve IPs. You should have access to the required IP address. The LAN for which you wish to create an IP failover group should be public (connected to the Internet), and should not contain a load balancer.
1. In the Workspace, select the required LAN.
2. In the Inspector, open the IP Failover tab.
3. Click Create Group. In the dialog box that appears, select the IP address from the IP drop-down menu.
Select the NICs that you wish to include in the IP failover group by selecting their respective checkboxes.
Select the Primary IP checkboxes for all NICs for which the selected address is to be the primary IP address.
The primary IP address previously assigned to a NIC in another IP failover group is replaced.
Select the master of the group by clicking the respective radio button.
4. Click Create.
5. Provision your changes.
The IP failover group is now available.
1. Click the IP address of the required IP failover group.
2. The properties of the selected group are displayed.
3. To change the IP address, click Change.
4. In the dialog box that appears, select a new IP address.
(Optional) If no IP address is available, reserve a new one by clicking +.
5. Specify the primary IP address by selecting the respective check box.
6. Confirm your changes by clicking Change IP.
7. To Change Master, select the new Master by clicking the respective radio button.
8. To add or remove members Click Manage.
9. Select or clear the checkboxes of the required NICs.
10. Confirm your changes by clicking Update Group.
1. Click the IP address of the required failover group.
2. The properties of the selected IP failover group are displayed.
3. Click Remove. Confirm your action by clicking OK.
4. Provision your changes
The IP failover group is no longer available. The DCD no longer maps your HA setup.
The information and assistance available in this category make it easier for you to work with flow logs using the (DCD). For the time being, you have the option of doing either of the following.
You can create flow logs for your network interfaces as well as the public interfaces of the Network Load Balancer and Network Address Translation () Gateway. Flow logs can publish data to your buckets in the .
After you have created and configured your bucket in the IONOS S3 Object Storage, you can create flow logs for your network interfaces.
Before you create a flow log, make sure that you meet the following prerequisites:
You are logged on to the .
You are the .
You have to edit the required data center.
You have the privilege.
You are the owner or have write access to permissions of an .
You have an IONOS S3 Object Storage instance with a bucket that exists for your flow logs. To create an IONOS S3 Object Storage bucket, see .
Select the appropriate tab for the instance or interface for which you want to activate flow logs in the workspace.
In the Inspector pane, open the Network tab.
Open the properties of the Network Interface Controller (NIC).
Activate flow logs
Open the Flow Log drop-down and fill in the following fields:
For Name, enter a name for the flow log rule. The name will also be the first part of the objects’ name prefix.
For Direction, choose Ingress to create flow logs for incoming traffic, Egress for outgoing traffic, or Bidirectional to create flow logs for all traffic.
For Action, choose Rejected to capture only traffic blocked by the firewall, Accepted to capture only traffic allowed by the firewall, or Any for all traffic.
For Target S3 bucket, enter a valid existing IONOS S3 Object Storage bucket name and an optional object name prefix where flow log records should be written.
Select Add flow log to complete the configuration of the flow log. It becomes applied once you provision your changes.
Characters / (slash) and %2F are not supported as object prefix characters.
You cannot edit/modify changes to the fields of a flow log rule after activating it.
There is a limit of one flow log created per NIC, NAT Gateway, and Network Load Balancer (NLB).
Result: An activated flow log rule is visualized by a green light on the NIC properties. The green light indicates that the configuration has been validated and is valid for provisioning.
A summary of the flow logs rule can be seen by opening the drop-down of the flow log and selecting the name of the flow log rule.
At this point, you may make further changes to your data center (optional).
When ready, select Provision changes. After provisioning is complete, the network interface's flow logs are activated.
Flow logs can be provisioned on both new and previously provisioned instances.
Prerequisites
Before you delete a flow log, make sure that you meet the following prerequisites:
Procedure
Select the relevant VM of the interface for which you want to delete the flow logs in the Workspace.
In the Inspector pane, open the Network tab.
Open the properties of the NIC.
Open the Flow Log drop-down.
Select the trash bin icon to delete the flow log.
6. In the confirmation message, select OK
7. Select Provision changes. After provisioning is complete, the network interface's flow logs are deleted and no longer captured.
Deleting a flow log does not delete the existing log streams from your bucket. Existing flow log data must be deleted using the respective service's console. In addition, deleting a flow log that publishes to IONOS S3 Object Storage does not remove the bucket policies and log file access control lists (ACLs).
In the Inspector pane, open the Settings tab.
To activate flow logs, open the Flow Log drop-down and fill in the following fields:
For Name, enter a name for the flow log rule. The name will also be the first part of the objects’ name prefix.
For Direction, choose Ingress to create flow logs for incoming traffic, Egress for outgoing traffic, or Bidirectional to create flow logs for all traffic.
For Action, choose Rejected to capture only traffic blocked by the firewall, Accepted to capture only traffic allowed by the firewall, or Any for all traffic.
For Target S3 bucket, enter a valid existing IONOS S3 Object Storage bucket name and an optional object name prefix where flow log records should be written.
Select Add flow log to complete the configuration of the flow log. It becomes applied once you provision your changes.
A flow log record is a record of a network flow in your virtual data center (). By default, each record captures a network internet protocol (IP) traffic flow, groups it, and is enhanced with the following information:
Account ID of the resource
Unique identifier of the network interface
The flow's status, indicating whether it was accepted or rejected by the software-defined networking (SDN) layer
The flow log record is in the following format:
The following table describes all of the available fields for a flow log record.
Field | Type | Description | Example Value |
---|
In this example, traffic to the network interface 7ffd6527-ce80-4e57-a949-f9a45824ebe2
for the account 12345678
was accepted.
In this example, traffic to the network interface 7ffd6527-ce80-4e57-a949-f9a45824ebe2
for the account 12345678
was rejected.
Location | Connection | Redundancy level | AS |
---|---|---|---|
You are logged on to the .
You are the
You have to edit the required data center.
You have the privilege.
You are the owner or have write access to permissions of an .
The following are examples of flow log records that capture specific traffic flows. For information on how to create flow logs, see
Parameter
Size
Performance
Throughput, internal
MTU 1,500
Up to 6 Gbps
Throughput, external
MTU 1,500
Up to 2 Gbps
Berlin (DE)
2 x 100 Gbps
N+1
AS-8560
Frankfurt am Main (DE)
2 x 100 Gbps
N+5
AS-8560
Karlsruhe (DE)
2 x 100 Gbps
N+2
AS-8560
London (UK)
1 x 10 Gbps 1 x 100 Gbps
N+1
AS-8560
Logroño (ES)
4 x 100 Gbps
N+1
AS-8560
Paris (FR)
2 x 100 Gbps
N+1
AS-8560
Las Vegas (US)
2 x 10 Gbps
N+2
AS-54548
Newark (US)
2 x 10 Gbps
N+1
AS-54548
Lenexa (US)
4 x 100 Gbps
N+2
AS-54548
Network address range
CIDR notation
Abbreviated CIDR notation
Number of addresses
Number of networks as per network class (historical)
10.0.0.0 to 10.255.255.255
10.0.0.0/8
10/8
224 = 16.777.216
Class A: 1 private network with 16,777,216 addresses; 10.0.0.0/8
172.16.0.0 to 172.31.255.255
172.16.0.0/12
172.16/12
220 = 1.048.576
Class B: 16 private networks with 65,536 addresses; 172.16.0.0/16 to 172.31.0.0/16
192.168.0.0 to 192.168.255.255
192.168.0.0/16
192.168/16
216 = 65.536
Class C: 256 private networks with 256 addresses; 192.168.0.0/24 to 192.168.255.0/24
Machines use IP addresses to communicate over a network, and IONOS has introduced Internet Protocol version 6 (IPv6) to its compute instances, offering a significantly larger pool of unique addresses. This upgrade enables support for the ever-growing number of connected devices.
At IONOS, we recognize the significance of IPv6 configuration in virtual environments and offer a flexible and scalable infrastructure that accommodates IPv6 configuration, allowing our customers to take advantage of the latest features.
One of the primary requirements is to ensure that VMs in the VDC can access services on the internet over IPv6. IONOS allows you to do the necessary provisions to provide seamless service access.
In addition to being a client to an IPv6 service, a Virtual Machine (VM) in the IONOS Virtual Data Center (VDC) can provide a service, such as a simple REST API, over IPv6. In this case, it is essential to ensure that the IPv6 address assigned to the VM is static. If DHCPv6 is enabled, the NICs can receive their static IPv6 address(es) using DHCPv6. You do not need to log in every server and hardcode the IPv6 address. A Network Interface Card (NIC) has a Media Access Control address (MAC) and it sends a DHCPv6-Discover request to every user asking for a configuration for its MAC address. DHCPv6 shares configuration information with NIC, containing the IPv6 address. Our DHCPv6 has the information on which MAC address gets which IPv6 address(es). This is a critical requirement to allow you to access the service continuously, without any interruptions.
IONOS supports the internet standard IPv6. Following are a few concepts associated with it:
IPv6 or Internet Protocol version 6, is the most recent version of the Internet Protocol (IP) that provides a new generation of addressing and routing capabilities. The IPv6 is designed to replace the older IPv4 protocol, which is limited in its available address space.
IPv6 uses 128-bit addresses, providing an almost limitless number of unique addresses. This allows for a much larger number of devices to be connected to the Internet.
IPv6 defines several types of addresses, including unicast, multicast, and anycast addresses. Unicast addresses identify a single interface on a device, multicast addresses identify a group of devices, and anycast addresses identify a group of interfaces that can respond to a packet.
IPv6 addresses are divided into two parts: a prefix and an interface identifier. The prefix is used for routing and can be assigned by an Internet Service Provider (ISP) or network administrator, while the interface identifier is typically generated by the device.
As IPv6 adoption continues, transition mechanisms are used to ensure compatibility between IPv6 and IPv4 networks. These mechanisms include dual-stack, tunneling, and translation methods. For more information about IPv6 see our latest blog on IPv6: Everything about the New Internet Standard.
Use the Flow logs feature to capture data that is related to IPv4 and IPv6 network traffic flows. Flow logs can be enabled for each network interface of a Virtual Machine (VM) instance, as well as the public interfaces of the Network Load Balancer (NLB) and Network Address Translation (NAT) Gateway.
Flow logs can help you with a number of tasks such as:
Debugging connectivity and security issues
Monitoring network throughput and performance
Logging data to ensure that firewall rules are working as expected
Flow logs are stored in a customer’s IONOS S3 Object Storage bucket, which you configure when you create a flow log collector.
A network traffic flow is a sequence of packets sent from a specific source to a specific unicast, anycast, or multicast destination. A flow could be made up of all packets in a specific transport connection or a media stream. However, a flow is not always mapped to a transport connection one-to-one.
A flow consists of the following network information:
Source IP address
Destination IP address
Source port
Destination port
Internet protocol
Number of packets
Bytes
Capture start time
Capture end time
Flow log data for a monitored network interface is stored as flow log records, which are log events containing fields that describe the traffic flow. For more information, see Flow Log Record.
Flow log records are written to flow logs, which are then stored in a user-defined IONOS S3 Object Storage bucket from where they can be accessed.
You can export, process, analyze, and visualize flow logs using tools, such as Security Information and Event Management (SIEM) systems, Intrusion Detection Systems (IDS), Cyberduck, Logstash, etc.
Traffic flows in your network are captured in accordance with the defined rules.
Flow logs are collected at a 10-minute rotation interval and have no impact on customer resources or network performance. Statistics about a traffic flow are collected and aggregated during this time period to create a flow log record.
No flow log file will be created if no flows for a particular bucket are received during the log rotation interval. This prevents empty objects from being uploaded to the IONOS S3 Object Storage.
The flow log file's name is prefixed with an optional object prefix, followed by a Unix timestamp and the file extension .log.gz
, for example, flowlogs/webserver01-1629810635.log.gz.
Flow logs are retained in the IONOS S3 Object Storage bucket until they are manually deleted. Alternatively, you can configure objects to be deleted automatically after a predefined time period using a Lifecycle Policy for an object in the IONOS S3 Object Storage.
The IONOS S3 Object Storage owner of the object is an IONOS internal technical user named flowlogs@cloud.ionos.com (Canonical ID 31721881|65b95d54-8b1b-459c-9d46-364296d9beaf).
Never delete the IONOS Cloud internal technical user from your bucket as this disables the flow log service. The bucket owner also receives full permissions to the flow log objects per default.
To use flow logs, you need to be aware of the following limitations:
You can't change the configuration of a flow log or the flow log record format after it's been created. In the flow log record, for example, you can't add or remove fields. Instead, delete the flow log and create a new one with the necessary settings.
There is a limit of one flow log created per NIC, NAT Gateway, and Network Load Balancer.
A Virtual Data Center (VDC) is a collection of cloud resources for creating an enterprise-grade IT infrastructure. A Local Area Network (LAN) in a VDC refers to the interconnected network of Virtual Machines (VMs) within a single physical server or cluster of servers. The LAN in a VDC is a critical component of cloud computing infrastructure that enables efficient and secure communication between VMs and other resources within the data center.
VDC operates in a dual-stack mode that is, the Network Interface Cards (NICs) can communicate over IPv4, IPv6, or both. In Data Center Designer (DCD), IPv6 can be enabled for both Private and Public LANs, but on provisioning, only Public IPv6 addresses are allocated to all LANs.
One limitation of IPv6 is that a /56 block is typically assigned to a data center, with a /64 block assigned inside this /56 block to the Local Area Network (LAN). The difference between a /56 and a /64 block is 8, resulting in 2^8 (2 to the power of 8) blocks, or a total of 256 blocks. This limitation can impact the scalability and flexibility of IPv6 addressing in large networks. Therefore, it is important to carefully consider the allocation of IPv6 blocks to ensure efficient utilization of available resources.
You will get a new /56 prefix every time you create a new data center. If your services depend on static IPv6 addresses, and you want to rebuild your data center, you must not delete the data center itself, but only its components, such as, LANs, NICs, etc. For more information about how to create new Data Center LANs in DCD, see DCD How-Tos.
For older Debian images (version 10 and version 11), you may need to tweak the OS initialization process of your image. For example, the Dynamic Host Configuration Protocol version 6 (DHCPv6) client may need to be run manually after restarting the system. Generally, if the interfaces have not received an IPv6 address from the IONOS DHCP server, try to run the DHCPv6 client manually. For more information, see FAQs.
In Rocky Linux 8, it is important to note that the IPv6 protocol may not be readily available after the initial boot. For the latest version, Rocky Linux 9.0, you can use IPv6 support right from the first boot.
Currently, IPv6 is not available for Managed Services such as Application Load Balancer (ALB), Network Load Balancer (NLB), Network Address Translation (NAT) Gateway, IP Failover and Managed Kubernetes (MK8s).
| string | The flow log version. Version 2 is the default. | 2 |
| string | The IONOS Cloud account ID of the owner of the resource containing the interface for which flow logs are collected. | 12345678 |
| string | The interface unique identifier (UUID) for which flow logs are collected. | 7ffd6527-ce80-4e57-a949-f9a45824ebe2 |
| string | The source address for incoming traffic, or the IPv4 address of the network interface for outgoing traffic. | 172.17.1.100 |
| string | The destination address for outgoing traffic, or the IPv4 address of the network interface for incoming traffic. | 172.17.1.101 |
| uint16 | The source port from which the network flow originated. | 59113 |
| uint16 | The destination port for the network flow. | 20756 |
| uin8 | 6 |
| uint64 | The number of packets transferred during the network flow capture window. | 17 |
| uint64 | The number of bytes transferred during the network flow capture window. | 1325 |
| string | The timestamp, in UNIX EPOCH format, of when the first packet of the flow was received within the grouping interval. | 1587983051 |
| string | The timestamp, in UNIX EPOCH format, of when the last packet of the flow was received within the grouping interval. | 1587983052 |
| string | The action associated with the traffic: ACCEPT: traffic accepted by the firewall REJECT: traffic rejected by the firewall | ACCEPT |
| string | The flow log logging status: OK: normal flow logging SKIPDATA: Some flow log records were skipped during the grouping interval | OK |
To enable IPv6 for Local Area Network (LAN) in the Data Center Designer (DCD), follow these steps:
Drag the Server element from the Palette onto the Workspace. The created server is automatically highlighted in turquoise. The Inspector pane allows you to configure the properties of this individual server instance.
Drop the internet element onto the Workspace, and connect it to a LAN to provide internet access. First, connect the server or cube to the internet and then to the Local Area Network (LAN).
Note: Upon provisioning, the data centre will be allocated a /56 network prefix by default.
By default, every new LAN has IPv6 addressing disabled. Select the checkbox Activate IPv6 for this LAN in LAN view.
Note: On selecting PROVISION CHANGES, you can populate the LAN IPv6 CIDR block with prefix length /64 or allow it to be automatically assigned from the VDCs allocated /56 range. /64 indicates that the first 64 bits of the 128-bit IPv6 address are fixed. The remaining bits (64 in this case) are flexible, and you can use all of them.
In the Inspector pane, configure your LAN device in the Network tab. Provide the following details:
Name: Your choice is recommended to be unique to this Virtual Data Center (VDC).
MAC: The Media Access Control (MAC) address will be assigned automatically upon provisioning.
LAN: Select a LAN for which you want to configure the network.
Firewall: To activate the firewall, choose between Ingress / Egress / Bidirectional.
IPv4 Configuration: Provide the following details:
Primary IP: The primary IP address is automatically assigned by the IONOS DHCP server. You can, however, enter an IP address for manual assignment by selecting one of the reserved IPs from the drop-down list. Private IP addresses should be entered manually. The Network Interface Controller (NIC) has to be connected to the Internet.
Failover: If you have an HA setup including a failover configuration on your VMs, you can create and manage IP failover groups that support your High Availability (HA) setup.
Firewall: Configure the firewall.
DHCP: It is often necessary to run a Dynamic Host Configuration Protocol (DHCP) server in your VDC (e.g. Preboot Execution Environment (PXE) boot for fast rollout of VMs). If you use your own DHCP server, clear this checkbox so that your IPs are not reassigned by the IONOS DHCP server.
Add IP: In order to use "floating" or virtual IPs, you can assign additional IPs to a NIC by selecting them from the drop-down menu.
IPv6 Configuration: Provide the following details:
NIC IPv6 CIDR: You can populate an IPv6 CIDR block with prefix length /80 or allow it to be automatically assigned from the VDCs allocated range, by selecting PROVISION CHANGES. You can also choose 1 or more individual /128 IPs. Only the first IP is automatically allocated. The remaining IPs can be assigned as per your requirement. The maximum number of IPv6 IPs that can be allocated per NIC is 50.
DHCPv6: It is often necessary to run your own DHCPv6 server in your Virtual Data Center (VDC) (e.g. PXE boot for fast rollout of VMs). If you use your own DHCPv6 server, clear this checkbox so that your IPs are not reassigned by the IONOS DHCPv6 server.
Add IP: In order to use "floating" or virtual IPs, you can assign additional IPs to a NIC by selecting them from the drop-down menu.
Start the provisioning process by clicking PROVISION CHANGES in the Inspector.
The Virtual Data Center (VDC) is provisioned with the new network settings.
Note:
IPv6 CIDR assigned to LANs(/64) and NICs(/80 and /128) must be unique.
You can create a max of 256 IPv6-enabled LANs per VDC.
Prerequisites:
Prior to enabling IPv6, make sure you have the appropriate privileges. New Virtual Data Center (VDC) can be created by the contract owners, administrators, or users with create VDC privilege. The leading number of bits in the address that cannot be changed is the prefix length. For Data Center IPv6 CIDR, the prefix length is /56.
You can enable the IPv6 LAN and configure the network to support IPv6. Using IPv6 LANs, devices can communicate on the same LAN using standard IPv6 protocols. IONOS LANs route packets between devices and networks, ensuring that the network runs smoothly and effectively.
To update IPv6 configurations for LANs in the Data Center Designer (DCD), follow these steps:
Select the LAN you want to update IPv6 for.
You can update your IPv6 CIDR block with prefix length /64 from the VDCs allocated range.
Start provisioning by clicking PROVISION CHANGES in the Inspector pane.
The Virtual Data Center (VDC) will now be provisioned with the new network settings. In this case, the existing configuration gets reprovisioned accordingly.
Note: IPv6 traffic and IPv6-enabled LANs are now supported for the Flow Logs feature. For more information about how to enable flow logs in DCD, see Enable Flow Logs.
To disable IPv6 for LANs in the Data Center Designer (DCD), follow these steps:
Select the LAN you want to disable IPv6 for, and clear the Activate IPV6 for this LAN checkbox.
Start provisioning by clicking PROVISION CHANGES in the Inspector pane.
The Virtual Data Center (VDC) is provisioned with the new network settings. On disabling IPv6 on a LAN, existing IPv6 configuration on the Network Interface Card (NICs) will be removed or deleted.
How do I configure IPv6 on my network?
IPv6 can be configured via the Data Center Designer (DCD) or Cloud API using IPv6-enabled LAN. You can get IPv6 support by configuring the network. For more information about how to enable IPv6 on Virtual Data Center LANs in DCD, see .
Why do we need IPv6 configuration in DCD?
The main reason for the transition to IPv6 is the exhaustion of available IPv4 addresses due to the exponential growth of the internet and the increasing number of devices connected to it.
If I use private images, do I need to adapt them in any way so that they support IONOS IPv6?
For older versions of some images like Debian, you may need to tweak the OS initialization process of your image. For example, the Dynamic Host Configuration Protocol version 6 (DHCPv6) client may need to be run manually after the system boot. Generally, if the interfaces have not received an IPv6 address from the IONOS Dynamic Host Configuration Protocol (DHCP) server, try to run the dhcp6 client manually.
This is because the client device may have cached the previous configuration information and needs to clear it before applying the new one. However, not all DHCPv6 implementations require a manual restart, as some may be able to automatically apply the new configuration without any intervention.
The Internet Assigned Numbers Authority (IANA) protocol number of the traffic. For more information, see
Learn how to enable IPv6 for LANs in VDC using the DCD.
Learn how to update IPv6 for LANs in VDC using the DCD.
Learn how to disable IPv6 for LANs in VDC using the DCD.
Learn all about the limitations associated with IPv6.
Learn all about the FAQs associated with IPv6.
For every network interface, you can activate a firewall, which will block all incoming traffic by default. You must specify the rules that define which protocols will pass through the firewall, and which ports are enabled. For instructions on how to set up a firewall, see Configure a Firewall.
The IONOS firewall offered in the DCD can be used for simple protection for THE hosts behind it. Once activated, all incoming traffic is blocked. The traffic can only pass through the ports that are explicitly enabled. Outgoing traffic is generally permitted. We recommend that you set up your firewall VM, even for small networks. There are many cost-free options, including IP tables for Linux, pfSense FreeBSD, and various solutions for Windows.
See also: Activating a Firewall
Yes, there are DNS resolvers. Valid everywhere IP addresses for 1&1 resolvers are:
212.227.123.16
212.227.123.17
2001: 8d8: fe: 53: 72ec :: 1
2001: 8d8: fe: 53: 72ec :: 2
By adding a public DNS resolver you will provide a certain level of redundancy for your systems.
Reverse DNS entries for IPv4 addresses can be created with IONOS Cloud DNS. For instructions on how to create reverse DNS entries, see Create and manage a Reverse DNS Entry. To create a reverse DNS entry for IPv6 addresses, please contact IONOS Cloud Support.
Once a server has been provisioned, you can find its IP address by following the procedure below:
Open VDC
Select the server, for which you wish to know the IP
Select the Network tab in the Inspector
Open the properties of the NIC
The IPv4 and IPv6 addresses are listed in the Primary IP field.
See also: Reserve an IP Address
The internet access element can connect to more than one server. Simply add multiple virtual machines to provide them all with internet access.
Users with the appropriate privileges can reserve and release additional IP addresses. Additional addresses are made available as part of a reserved consecutive IP block. For IPv6, you can add up to 50 addresses without any reservation.
See also: Reserve an IP address
The public IP address assigned by DHCP will remain with your server. The IP address, however, may change when you deallocate your VM (power stop) or remove the network interface. We, therefore, recommend assigning reserved IPs when static IPs are required, such as for web servers. IPv6 addresses are not removed on deallocating your VM.
Yes, you can. To make sure that a network interface will be addressed from your own DHCP server, perform the following steps:
Open your data center
Select the NIC
Open the properties of the NIC in the Inspector
Clear the DHCP check box
This will disable the allocation of IPs to this NIC by IONOS DHCP, and then you can use your own DHCP server to allocate information for this interface.
We preset the subnet mask 255.255.255.255 for the DHCP allocation of public IPs. Unfortunately, this is not supported by all DHCP clients. You can perform network configuration at the operating system level or specify the netmask 255.255.255.0 using a configuration file.
DHCP configurations may fail during the installation of Linux distributions that do not support /32 subnet mask configurations. If this happens, the IP address can be assigned manually using the Remote Console.
Example
Network interface "eth0" is being assigned P address "46.16.73.50" and subnet mask "/24" ("255.255.255.0"). For the internet access to work, the IP address of the gateway (which is "46.16.73.1" in this example) must also be specified.
Command-line:
ifconfig eth0 46.16.73.50 netmask 255.255.255.0
route add default gw 46.16.73.1
Config file:
Modify the "interface" file in the "/etc/networking/" folder as follows:
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
allow-hotplug eth0
iface eth0 inet static
address 46.16.73.50
netmask 255.255.255.0
gateway 46.16.73.1
Restart the interfaces:
ifdown eth0
ifup eth0
We support both IPv4 and IPv6 versions.
Our data centers are connected as follows:
Data center Bandwidth
First, attempt to log on to the VM with the Remote Console. If this is successful, please collect the information we will need to help you resolve the issue as described below.
We will need to know the following:
VM name
IP address
URLs of web applications running on your VM
We will need the output of the following commands:
ping Hostname
date /t
time /t
route print
ipconfig /all
netstat
netstat -e
route print
or netstat -r
tracert
and ping in/out
nslookup hostname DNS-Server
nslookup hostname DNS-Server
date
traceroute
ping Hostname
The output of the following commands can also give important clues:
arp -n
ip address list
ip route show
ip neighbour show
iptables --list --numeric --verbose
cat /etc/sysconfig/network-scrips/ifcfg-eth*
cat /etc/network/interfaces
cat /etc/resolv.conf
netstat tcp --udp --numeric -a
We have prepared a ready-made script that helps gather the relevant information. The script provides both screen output and a log file which you can forward to us.
Use the script with the additional parameter -p
You will be able to observe the commands as they are being executed, and take screenshots as needed.
If you are using the Java-based edition of the Remote Console, please ensure that you have the latest Java version installed and the following ports released:
80 (HTTP),
443 (HTTPS),
5900 (VNC).
The Remote Console becomes available immediately once the server is provisioned.
There is no traffic overview screen in the user interface currently.
Customers can use either Traffic or Utilization endpoints of the Billing API to get details about their traffic usage.
Traffic
Utilization
More information in Swagger: https://api.ionos.com/billing/doc/
Please use the configuration below to ensure the stability and performance of the network connections on the operating system side. We suggest that you first check the current settings to see if any adjustments are necessary.
Open Device Manager
Open the network adapter section where you can see all your connected virtual network cards named “Red Hat VirtIO Ethernet Adapter”. Now open the Properties dialog and go to the “Advanced” tab.
Verify that your settings match those listed below; if not, follow the guidelines later in this guide to update them accordingly.
"Init.MTUSize"="1500"
"IPv4 Checksum Offload"="Rx & Tx Enabled"
"Large Send Offload V2 (IPv4)"="Enabled"
"Large Send Offload V2 (IPv6)"="Enabled"
"Offload.Rx.Checksum"="All"
"Offload.Tx.Checksum"="All"
"Offload.Tx.LSO"="Maximal"
"TCP Checksum Offload (IPv4)"="Rx & Tx Enabled"
"TCP Checksum Offload (IPv6)"="Rx & Tx Enabled"
"UDP Checksum Offload (IPv4)"="Rx & Tx Enabled"
"UDP Checksum Offload (IPv6)"="Rx & Tx Enabled"
Manual adjustments in the Properties dialog are not saved to the registry. To make any persistent changes, follow the guidelines in the following section.
Once you determine that your system needs an update (see the “Verifying current network configuration” above), one of the following actions must be taken to adjust the settings:
Online update using IONOS VirtIO Network Driver Settings Update Scripts (recommended)
The best way to update network configuration is by using IONOS VirtIO Network Driver Settings Update Scripts.
The scripts are distributed in the following versions:
Installer, available for download here: https://github.com/ionos-enterprise/ionos-network-helper/blob/master/WinNet-v0.1.171.0001.exe
Installer will extract the scripts to the user-specified folder and optionally run the scripts.
ZIP archive, available for download here: https://github.com/ionos-enterprise/ionos-network-helper/blob/master/WinNet-v0.1.171.0001.zip
When using the ZIP archive, or not selecting script execution in the installer, scripts can be started manually by launching the update.cmd file in the root folder of the extracted scripts.
If Windows does not allow you to start the installer or update.cmd from the File Explorer window, please launch it directly from the command line.
Offline update using IONOS Windows VirtIO Drivers ISO Image (alternative)
Alternatively, use the VirtIO drivers ISO for Microsoft operating systems provided by IONOS.
Use DCD or API to add an ISO image to the Dedicated Core Server you’d like to update (In DCD select the VM -> Inspector -> Storage -> CD-ROM -> IONOS-Images -> Windows-VirtIO-Drivers).
Set the boot flag to the virtual CD/DVD drive with the ISO image.
Boot your Dedicated Core Server from the Windows VirtIO drivers ISO.
Open the remote console of the virtual machine.
Select an operating system from the list of supported versions. Driver installation or update will be performed automatically.
Remove the ISO and restart the VM through the DCD. Make sure that the boot flag is set correctly again.
Updating drivers
Make sure you have the latest “VirtIO Ethernet Adapter” driver package. The driver package is available in the “Drivers” folder of IONOS VirtIO Network Driver Settings Update Scripts as described above.
Open Device Manager.
in the “File Explorer“ window right-click “My PC”, select “Properties” and then “Device Manager”.
Under Network Adapters, for each "Red Hat VirtIO Ethernet Adapter":
Right-click the adapter and select “Update driver”
Select “Browse my computer for driver software”
Click “Browse” and select the folder with the driver package suitable for your OS version
Click OK and follow the instructions to install the driver.
Updating existing VirtIO network devices
Open Device Manager
In the File Explorer window, right-click My PC, select Properties, and then Device Manager
Under Network adapters, for each "Red Hat VirtIO Ethernet Adapter":
Open Properties (double-click usually works)
Go to Advanced tab
Navigate and set the following settings there:
"Init.MTUSize"="1500"
"IPv4 Checksum Offload"="Rx & Tx Enabled"
"Large Send Offload V2 (IPv4)"="Enabled"
"Large Send Offload V2 (IPv6)"="Enabled"
"Offload.Rx.Checksum"="All"
"Offload.Tx.Checksum"="All"
"Offload.Tx.LSO"="Maximal"
"TCP Checksum Offload (IPv4)"="Rx & Tx Enabled"
"TCP Checksum Offload (IPv6)"="Rx & Tx Enabled"
"UDP Checksum Offload (IPv4)"="Rx & Tx Enabled"
"UDP Checksum Offload (IPv6)"="Rx & Tx Enabled"
Please be aware that these settings will revert to old Registry values unless the full update procedure is executed as described above.
Please use the configuration below to ensure the stability and performance of the network connections on the operating system side.
Please make sure to use the MTU setting of 1500 for all network interfaces.
Make sure that all of your network interfaces have hardware offloads enabled. This can be done with the ethtool utility; to install ethtool:
For .deb-based distributions:
apt-get install ethtool -y
For .rpm-based distributions:
yum install ethtool.x86_64 -y
Once installed, please do the following for each of your VirtIO-net devices:
Replace the [device_name] with the name of your device, e.g. eth0 or ens0, and check that the highlighted offloads are in the On state:
If you changed any configuration parameters, such as increase MTU or disable offloads for network adapters, please make sure to roll back these changes.
Fixing persistent network interface configuration may include removing such configuration in the below files:
and then restarting the affected network interfaces with ifdown eth0; ifup eth0
In all examples below, please replace the [device_name] with the name of the network device being adjusted, e.g. “eth0” or “ens6”.
Dynamically adjust network device MTU configuration:
ip link set mtu 1500 dev [device_name]
Dynamically enable hardware offloads for VirtIO-net devices. This can be done with the ethtool utility; to install ethtool:
For .deb-based distributions:
apt-get install ethtool -y
For .rpm-based distributions:
yum install ethtool.x86_64 -y
Once installed, please do the following for each of your VirtIO-net devices:
ethtool -K [device_name] tx on tso on
Location | Bandwidth in Gbit/s |
---|---|
Karlsruhe (DE)
4 x 10
Frankfurt (DE)
2 x 40 & 3 x 10
Berlin (DE)
2 x 10
London (UK)
2 x 10
Las Vegas (US)
3 x 10
Newark (US)
2 x 10
Logroño (ES)
2 x 10