CenturyLink Cloud customers may wish to add a public IP address to a specific virtual machine or Bare Metal server in their cloud environment to deliver services. Public IP addresses are delivered using a 1-to-1 NAT model.
General Notes & Best Practices
All public IPs deployed on the platform have hairpinning enabled.
In its current iteration setting a source IP filter will secure all public ports, single ports or port ranges specified by the customer. Customers can leverage OS based firewall services if they wish to secure public services in a more granular fashion.
Customers are encouraged to leverage the source IP filter unless delivering completely open public Internet services to their user community.
As a security best practice, we strongly encourage our customer to avoid opening RDP (3389) or SSH (22) to their virtual machines over the public IP address. Please review the following recommended access methods for RDP and SSH to the VM which will help ensure a strong security posture to your VM infrastructure.
Use the free OpenVPN client included in every CenturyLink Cloud Account. Refer to How To Configure Client VPN. This is the ideal solution for individuals who are mobile and not in fixed office or data center locations.
Build an IPSEC VPN Tunnel from a remote office or data center location. Refer to Creating a Self-Service IPSEC Site-to-Site VPN Tunnel. IPSEC VPN tunnels are best for remote access to Cloud Virtual Machines when administrators are in centralized offices or data centers.
If either of the previous options are not feasible customers should at a minimum use the source IP filter service on the public IP and pair that with local OS firewall policies within the guest VM.
Refer to How to Add Public IP to servers, for further instructions.
Public IP Listing
Below is the current CenturyLink public IP listing. It is updated regularly as public IP (CIDR) blocks are assigned in the data centers.
|Data Center||IP Blocks|
Frequently Asked Questions
Q: What happens to my Public IP address if I use the pause, power off or archive services in CenturyLink Cloud?
A: Public IP addresses are static and using any of these features does not remove the public IP services from the server. The only time a public IP is removed from a server is a) when the server is deleted b) the customer removes the public IP in the GUI or API
Q: How are customers billed for public IP addresses?
A: Customers are billed a nominal fee per public IP on a monthly basis. Public IP's are not an hourly billing service and as such using a public IP even for an hour will result in a nominal charge for the public IP address.
Q: What is the maximum number of Public IP addresses that can be bound to a server?
A: As the platform uses a 1-to-1 NAT (public to private) and /24 network sizes the current maximum number of public IP's is 219 per VM. Bare Metal servers are only permitted to assign a single public IP.
Q: My server is housed in a datacenter in a non-US country. Why do geolocation services show me as being in the United States?
A: All IP addresses assigned in CenturyLink Cloud data centers worldwide are registered to a mailing address in the United States via a third-party registrar. As such, most GeoIP services will show the IP's as being in the US, rather than in the country the datacenter is housed in. This is an effect of our relationship with our registrars and cannot be changed either per customer or per datacenter.
Q: Who do I contact for support or questions regarding Public IP listings?
A: For service issues, please contact Support.