CenturyLink Cloud customers may wish to add a public IP to a specific virtual machine or Bare Metal server in their cloud environment to deliver services. Public IPs are delivered using a 1 to 1 NAT model.
General Notes & Best Practices
- All public IPs deployed on the platform have hairpinning enabled.
- In its current iteration setting a source IP filter will secure all public ports, single ports or port ranges specified by the customer. Customers can leverage OS based firewall services if they wish to secure public services in a more granular fashion.
- Customers are encouraged to leverage the source IP filter unless delivering completely open public Internet services to their user community.
- Customers should avoid opening RDP or SSH to their virtual machines to the public Internet. As such the following are recommended access methods.
- Use the free OpenVPN client included in every CenturyLink Cloud Account. Refer to How To Configure Client VPN. This is the ideal solution for individuals who are mobile and not in fixed office or data center locations.
- Build an IPSEC VPN Tunnel from a remote office or data center location. Refer to Creating a Self-Service IPSEC Site-to-Site VPN Tunnel. IPSEC VPN tunnels are best for remote access to Cloud Virtual Machines when administrators are in centralized offices or data centers.
- If either of the previous options are not feasible customers should at a minimum use the source IP filter service on the public IP and pair that with local OS firewall policies within the guest VM.
- Refer to How to Add Public IP to servers, for further instructions.
Public IP Listing
Below is the current CenturyLink public IP listing. It is updated regularly as public IPs are created.
|Data Center||IP Blocks|
Frequently Asked Questions
Q: What happens to my Public IP if I use the pause, power off or archive services in CenturyLink Cloud?
A: Public IP addresses are static and using any of these features does not remove the public IP services from the server. The only time a public IP is removed from a server is a) when the server is deleted b) the customer removes the public IP in the GUI or API
Q: How are customers billed for public IP addresses?
A: Customers are billed a nominal fee per public IP on a monthly basis. Public IPs are not an hourly billing service and as such using a public IP even for an hour will result in a nominal charge for the public IP address.
Q: What is the maximum number of Public IPs that can be bound to a server?
A: As the platform uses a 1 to 1 NAT (public to private) and /24 network sizes the current maximum number of public IPs is 219 per VM. Bare Metal servers are only permitted a single public IP currently.
Q: My server is housed in a datacenter in a non-US country. Why do geolocation services show me as being in the United States?
A: All IPs in CenturyLink Cloud datacenters worldwide are registered to a mailing address in the United States via a third-party registrar. As such, most GeoIP services will show the IPs as being in the US, rather than in the country the datacenter is housed in. This is an effect of our relationship with our registrars and cannot be changed either per customer or per datacenter.
Q: Who do I contact for support or questions regarding Public IP listings?
A: For service issues please contact support.