What is a VPC router?¶
[更新: 2019年7月5日]
Information about [VPC Router] appliance.
1. Overview¶
A VPC router is a virtual router appliance with which you can easily construct a Virtual Private Cloud (VPC) environment.
A VPC router has not only various functions such as IP masquerade and static NAT but also remote access functions that support each protocol of L2TP / IPsec and PPTP that is widely used for VPN connection, and site-to-site VPN (site-to-site IPsec VPN) function that can be interconnected with the hardware VPN appliance that becomes the gateway of your environment network.
Also, just like other functions, you can perform everything from appliance creation to setting work by operating the control panel. There is no need for you to have professional knowledge to independently build, set up, and maintain VPC routers.
Note
Virtual Private Cloud (VPC) is a technology that makes it possible to connect a virtual network built on the cloud and a private network at hand via a virtual private network (VPN) and use the resources on the cloud as if they are a part of facilities in the private network.
In SAKURA Cloud, 3 types of plans are prepared, namely, [Standard Plan], [Premium Plan], and [High Spec Plan], according to your usage patterns.
Functions and specifications that are common to every plan¶
The following functions are provided as standard for every plan.
| NAT function | IP masquerade (Forward NAT) Port forwarding (Reverse NAT) *Supports Hairpin NAT (NAT loop back) |
|---|---|
| VPN function | L2TP/IPsec PPTP |
| Products that support the site-to-site VPN function (*2) |
Juniper NetScreen/SSG series YAMAHA RT series (Note 1) Cisco ISR series (Note 2) Fortinet Fortigate series (Note 3) Vyatta/VyOS SophosUTM SG series (Note 4) |
| Other | DHCP server function (static mapping configurable) 7 interfaces on the VPC network (private) side Traffic monitoring function (Inbound/Outbound) Firewall function |
| Log display function (*3) | Display of communication logs that are permitted/blocked by firewall rules Display of logs related to site-to-site VPN/remote access VPN |
| syslog transfer function (*4) | Function to transfer logs that are the same logs as shown on the control panel to the syslog server |
- *2 They will be the devices of which we confirmed the operation.
- Note 1: The models of which we have confirmed the operation are RTX 1200 and RTX 1210.
- Note 2: The model of which we have confirmed the operation is Cisco 891FJ.
- Note 3: The model of which we have confirmed the operation is Fortigate60C (FortiOS4).
- Note 4: The model of which we have confirmed the operation is SophosUTM SG105.
- *3 The latest 100 logs recorded in the VPC router will appear. We do not have a plan to implement the function to show the past logs older than the latest 100 records on the control panel. Also, the log stored in the VPC router is rotated at the timing specified by us, so it does not guarantee the storage period and storage capacity. Always use the syslog transfer function, if you need to keep logs.
- *4 As for the setting method, please refer to :doc: New creation <vpc-create>. Furthermore, please prepare the syslog server of the transfer destination by yourself.
Functions and specifications that are different for each plan¶
The differences of each plan are as follows:
| Standard plan | Premium plan | High spec plan | Reference | |
|---|---|---|---|---|
| Upstream network connection destination | Shared segment | Router + switch | Router + switch | |
| Function to add line bandwidth | × | ○ (250Mbps~5Gbpsに変更可) |
○ (250Mbps~5Gbpsに変更可) |
The basic line bandwidth is 100 Mbps (best effort) for all plans. |
| Standard attached IPv4 address | 1 | /28 block | /28 block | With the premium or high spec plan, it can be changed to /27 ~ /24 blocks. |
| IP alias function | × | ○ | ○ | |
| Static NAT function | × | ○ | ○ | |
| VRRP redundancy function | × | ○ | ○ | |
| Support IPv6 | × | × | × |
The maximum creation limit for each function is as follows.
| Function | Upper limit |
|---|---|
| Port forwarding (Reverse NAT) |
Standard plan: 100 entries Premium plan: 200 entries High spec plan: 200 entries |
| IP address alias (*for granting to global interface) |
19 |
| Static NAT | 1 entry per IP address alias (up to 19 entries) |
| DHCP static mapping | 100 entries |
| Number of firewall rules | Standard plan: 60 each for the incoming direction and outgoing direction Premium plan: 200 each for the incoming direction and outgoing direction High spec plan: 200 each for the incoming direction and outgoing direction |
| Remote access clients | Standard plan: 100 users Premium plan: 200 users High spec plan: 200 users *Please note that the maximum number of simultaneous connections which you can use is about 100. |
| Site-to-site VPN opposing endpoint site | Standard plan: 4 locations Premium plan: 20 locations High spec plan: 50 locations |
| Subnet mask range available for the VPC network side |
/16 to /28 |
| Static route | 30 entries |
Performance estimates are as follows:
| Standard | Premium | High spec | |
|---|---|---|---|
| Throughput | 80Mbps | 400Mbps | 1,200Mbps |
| Number of simultaneous sessions (including timeout waiting) | 10,000 | 10,000 | 10,000 |
| New session performance | 1,500 cps | 1,500 cps | 1,500 cps |
Attention
Delays may occur if the number of arriving packets exceeds the standard.
Session timeout is as follows: 120 seconds for TCP, 30 seconds for UDP, and 30 seconds for ICMP.
Network configuration example¶
Depending on the difference of the upstream network connection destination of each plan, the following configuration is obtained.
Configuration example of the standard plan¶
Configuration example of the premium or high spec plan¶
Selling prices¶
For the service rates, please refer to SAKURA Cloud service site.
Important
In addition to the VPC appliance’s main body, [Switch] or [Router + Switch] is required for each plan. For details, please refer to the New creation page. Options which can be used for the premium plan and high spec plan to increase line speed and add IP address blocks have the same prices as [Router + Switch].
2. Flow of usage of each function¶
- New creation
- The following is an explanation of the basic setting procedure from creating a new VPC router to connecting the VPC network to an interface on the private side.
- For details, please refer to the Interface setting page.
- Set each interface of a VPC router.
- NAT setting
- Set the NAT function.
- DHCP server setting
- Set the DHCP server function.
- Remote access (VPN) setting
- Set the remote access (VPN) function.
- Site-to-site VPN setting
- Perform settings necessary for using the site-to-site VPN function.
- Firewall setting
- Perform settings necessary for using the firewall function.
- Static route setting
- Perform settings necessary for using the static route function.
- Other functions
- The following is an explanation of the functions that are not included above such as setting functions of activity monitor and basic information.