Welcome & FAQ

Our VPC functionality is far along in development and slated for general availability in Q1 of 2024. However, there are still known issues in Cloud Manger we are working to resolve in the coming weeks.

Please visit our product documentation for more information and help getting started and a list of general FAQs we’ve added below.

You can also check out our repositories for Python, Go, Packer, Ansible, and Terraform.

Known Issues in Cloud Manager

  • Public IP addresses still show on https://cloud.linode.com/linodes/{linodeId} for a VM in a VPC with 1:1 NAT disabled
    • A VM in a VPC with 1:1 NAT disabled will not have public connectivity
    • However the public IP addresses and SSH access still show for the VM
    • A future release will communicate instead that the VM will not be reachable at the public IP addresses
  • No indication whether a VM needs to be rebooted for its VPC changes to take effect
    • A VM needs to be rebooted for its VPC changes to take effect
    • A future release will include an indication that a particular VM is pending a reboot for its VPC changes to take effect

General FAQs

Q: Is VPC traffic captured in Public In/Out or Private In/Out on https://cloud.linode.com/linodes/{linodeId}?

A: Traffic within a VPC using the VPC IPv4 is captured in Private In/Out. Traffic from a VM in a VPC to the internet using public IPv4 by 1:1 NAT is captured in Public In/Out.

Q: I have created a VM with a public IPv4 outside of a VPC. I want to assign it to a VPC. I can either replace its existing public interface with a new VPC interface that has nat_1_1 enabled for both public and VPC connectivity, or I can add a new VPC interface alongside the existing public interface. Which way is recommended?

A: The former is recommended, replacing its existing public interface with a new VPC interface that has nat_1_1 enabled for both public and VPC connectivity.

Q: I have created a VM in a VPC with a public IPv4 assigned. I have SSH’ed to the VM but executing an ip address command does not print the public IPv4 address assigned to any of its eth* interfaces.

A: A public IPv4 is assigned and traffic to it routed to a VM created in a VPC by 1:1 NAT. Use the API e.g. /v4/networking/ips to read the public IPv4.

Q: When I create a VM in a VPC, why don’t I have a public IPv4 routed to it by default? (i.e. why isn’t the “Assign a public IPv4 address for this VM” checked by default on the Cloud Manager?)

A: One crucial problem that VPC solves is to allow VMs to communicate privately and work in tandem for a distributed workload or application. For these use cases, VMs in the backend will not need a dedicated public IPv4.

In fact, providing these backend VMs with direct public connectivity is an additional and unnecessary attack surface that might be considered a security risk. As such when a VPC is selected for a VM during its creation on the Cloud Manager, the “Assign a public IPv4 address for this VM” option is not checked by default.

Enabling it however is just a single click. The same option can also be edited, after a VM is created, in the corresponding setting on the VPC interface in its Config Profile.

2 Likes

I’ve been waiting a while for this, so I had to jump on today. Thanks!

Couple of concerns and one issue so far.

Concerns:

  1. The metadata service isn’t available to VMs that are solely in a VPC even with NAT 1:1 enabled
  2. There should be a half way point between completely private and NAT 1:1 that allows for outbound access only (eg to install software). Something like a cloud gateway that would do shared NAT perhaps?

Issue:

  • Although there seems to be good support in the terraform provider, there doesn’t seem to be a way to retrieve the VPC IP address assigned to the VM? For example using
data "linode_instance_networking" "example" {
    linode_id = linode_instance.my_instance.id
}

I see any public IPv4 (from a public interface), private IP (from private_ip: true) and IPv6 addresses, but nothing for the VPC interface

Hi John, thanks for being an early user! I’ll make sure this feedback makes it over to the engineering team. We’re off to a good start but we still have a lot more to add.

1 Like

Thanks agains for being an early user and for your feedback, John! Like Justin mentioned, there are a lot more to come. So please stay tuned.

As for the issue you mentioned, the VPC IP addresses is retrievable with the linode_instances data source under the interface block. It is not quite available yet with linode_instance_networking as it wraps around the https://api.linode.com/v4/linode/instances/{linodeId}/ips API endpoint which also doesn’t return the VPC IP at the moment. But we are looking into enhancing this. A lot more to come!

1 Like

ok, thanks - that worked. I’m not sure why I didn’t try that first :slight_smile:

1 Like