Available in VPC
You can build VPC (Virtual Private Cloud) on the NAVER Cloud Platform in various ways depending on your network environment. The main quickstarts are as follows:
- Create a single public subnet
- Create public subnet and private subnet
- Create a public subnet and a private subnet for on-premise connectivity
- Configure a private network (peering) between VPCs
Create a single public subnet
You should use the single public subnet quickstart when you want to run a single-tier public web application, such as a blog or a simple website. The configuration is as follows:
The following is the procedure to implement this quickstart:
1. Create VPC
2. Create Public Subnet
3. Configure Network ACL
4. Configure Route Table
5. Create server
1. Create VPC
As the first step, create a VPC in the NAVER Cloud Platform console. You can create a VPC in the 
> Services > Networking > VPC menu. You use a /16 IPv4 CIDR block (Example: 10.0.0.0/16) for a VPC, which gives you 65,536 IP addresses.
For detailed instructions, see:
2. Create Public Subnet
Once you've finished creating a VPC, build a subnet in the VPC so that you can practically use the network. You can build a public subnet for internet communication. You can use up to 256 IP addresses with a maximum /24 block, and you can associate one public IP address with each server deployed in this subnet. (1:1 NAT)
For detailed instructions, see:
3. Configure Network ACL
After you create a subnet, you configure Network ACL (Access Control List) to control inbound and outbound traffic for the subnet and enhance security.
For detailed instructions, see:
In this quickstart, you should configure Network ACL as follows:
- Inbound
| Priority | Protocol | Access source | Port | Acceptability | Description |
|---|---|---|---|---|---|
| 1 | TCP | 0.0.0.0/0 | 80 | Acceptability | Accept inbound HTTP traffic. |
| 2 | TCP | 0.0.0.0/0 | 443 | Acceptability | Accept inbound HTTPS traffic. |
| 3 | TCP | Client IP | 22 | Acceptability | Accept SSH traffic from the client IP through the Internet Gateway. |
| 4 | TCP | Client IP | 3389 | Acceptability | Accept RDP traffic from the client IP through the Internet Gateway. |
| 5 | TCP | 0.0.0.0/0 | 32768-65535 | Acceptability | Accept inbound return traffic for requests originating from the subnet (example values). |
| 197 | TCP | 0.0.0.0/0 | 1-65535 | Block | Block all remaining traffic except the rules above. |
| 198 | UDP | 0.0.0.0/0 | 1-65535 | Block | Block all remaining traffic except the rules above. |
| 199 | ICMP | 0.0.0.0/0 | - | Block | Block all remaining traffic except the rules above. |
- Outbound
| Priority | Protocol | Access source | Port | Acceptability | Description |
|---|---|---|---|---|---|
| 1 | TCP | 0.0.0.0/0 | 80 | Acceptability | Accept outbound HTTP traffic. |
| 2 | TCP | 0.0.0.0/0 | 443 | Acceptability | Accept outbound HTTPS traffic. |
| 3 | TCP | 0.0.0.0/0 | 32768-65535 | Acceptability | Accept outbound responses from the internet to the client (example values). |
| 197 | TCP | 0.0.0.0/0 | 1-65535 | Block | Block all remaining traffic except the rules above. |
| 198 | UDP | 0.0.0.0/0 | 1-65535 | Block | Block all remaining traffic except the rules above. |
| 199 | ICMP | 0.0.0.0/0 | - | Block | Block all remaining traffic except the rules above. |
You should configure Access Control Group (ACG), which controls inbound and outbound traffic for servers, using the same rules as Network ACL. You can configure ACG in the VPC environment of the console under > Services > Compute > Server > ACG. For more information, see ACG configuration method guide.
4. Configure Route Table
After you complete Network ACL configuration, you set up a route table to define network paths. In this quickstart, the system automatically sets up the following route table so that your servers can communicate with other instances in the VPC or with the internet.
| Destination point | Target type | Target name |
|---|---|---|
| 0.0.0.0/0 | IGW | INTERNET GATEWAY |
| 10.0.0.0/16 | LOCAL | LOCAL |
For detailed instructions, see:
5. Create server
After you complete the route table configuration, you create a server to deploy within the VPC you created. When you create the server, select the VPC and subnet you created earlier and specify the ACG mentioned above. After you complete server creation, connect to the server, set up a web server, and verify that HTTP communication works.
For detailed instructions, see:
Create public subnet and private subnet
You should use the public and private subnet quickstart when you want to block public access to private servers (Example: Databases) and run a public web application. The configuration is as follows:
The following is the procedure to implement this quickstart:
1. Create VPC
2. Create public subnet and private subnet
3. Configure Network ACL
4. Configure Public Subnet Route Table
5. Create NAT Gateway
6. Configure Private Subnet Route Table
7. Create server
1. Create VPC
As the first step, create a VPC in the NAVER Cloud Platform console. You can create a VPC in the > Services > Networking > VPC menu. You use a /16 IPv4 CIDR block (Example: 10.0.0.0/16) for a VPC, which gives you up to 65,535 IP addresses.
For detailed instructions, see:
2. Create public subnet and private subnet
Once you've finished creating a VPC, build a subnet in the VPC so that you can practically use the network. Subnets are primarily classified into Public Subnets and Private Subnets.
- Public Subnet: You set the subnet CIDR to 10.0.0/24 and use up to 256 IP addresses, and you can associate one public IP address with each server deployed in this subnet. (1:1 NAT)
- Private Subnet: You set the subnet CIDR to 10.0.0/24 and use up to 256 IP addresses, and servers deployed in this subnet do not accept inbound traffic from the internet. When you add a NAT Gateway, you can send outbound traffic to the internet.
For detailed instructions, see:
3. Configure Network ACL
After you create a subnet, you configure Network ACL (Access Control List) to control inbound and outbound traffic for the subnet and enhance security.
For detailed instructions, see:
In this quickstart, you should configure Network ACL as follows:
- Public Subnet: Inbound
| Priority | Protocol | Access source | Port | Acceptability | Description |
|---|---|---|---|---|---|
| 1 | TCP | 0.0.0.0/0 | 80 | Acceptability | Accept inbound HTTP traffic. |
| 2 | TCP | 0.0.0.0/0 | 443 | Acceptability | Accept inbound HTTPS traffic. |
| 3 | TCP | Client IP | 22 | Acceptability | Accept SSH traffic from the client IP through the Internet Gateway. |
| 4 | TCP | Client IP | 3389 | Acceptability | Accept RDP traffic from the client IP through the Internet Gateway. |
| 5 | TCP | 0.0.0.0/0 | 32768-65535 | Acceptability | Accept inbound return traffic for requests originating from the subnet (example values). |
| 197 | TCP | 0.0.0.0/0 | 1-65535 | Block | Block all remaining traffic except the rules above. |
| 198 | UDP | 0.0.0.0/0 | 1-65535 | Block | Block all remaining traffic except the rules above. |
| 199 | ICMP | 0.0.0.0/0 | - | Block | Block all remaining traffic except the rules above. |
- Public Subnet: Outbound
| Priority | Protocol | Access source | Port | Acceptability | Description |
|---|---|---|---|---|---|
| 1 | TCP | 0.0.0.0/0 | 80 | Acceptability | Accept outbound HTTP traffic. |
| 2 | TCP | 0.0.0.0/0 | 443 | Acceptability | Accept outbound HTTPS traffic. |
| 3 | TCP | 0.0.0.0/0 | 32768-65535 | Acceptability | Accept outbound responses from the internet to the client (example values). |
| 4 | TCP | Private server's private IP | Private server port (Example: DB) |
Acceptability | Accept traffic to communicate with the private server. |
| 197 | TCP | 0.0.0.0/0 | 1-65535 | Block | Block all remaining traffic except the rules above. |
| 198 | UDP | 0.0.0.0/0 | 1-65535 | Block | Block all remaining traffic except the rules above. |
| 199 | ICMP | 0.0.0.0/0 | - | Block | Block all remaining traffic except the rules above. |
- Private Subnet: Inbound
| Priority | Protocol | Access source | Port | Acceptability | Description |
|---|---|---|---|---|---|
| 1 | TCP | Public subnet server's private IP | Private server port (Example: DB) |
Acceptability | Accept traffic to communicate with the public server. |
| 2 | TCP | 0.0.0.0/0 | 32768-65535 | Acceptability | Accept inbound return traffic for requests originating from the internet (example values). |
| 197 | TCP | 0.0.0.0/0 | 1-65535 | Block | Block all remaining traffic except the rules above. |
| 198 | UDP | 0.0.0.0/0 | 1-65535 | Block | Block all remaining traffic except the rules above. |
| 199 | ICMP | 0.0.0.0/0 | - | Block | Block all remaining traffic except the rules above. |
- Private Subnet: Outbound
| Priority | Protocol | Access source | Port | Acceptability | Description |
|---|---|---|---|---|---|
| 1 | TCP | Public subnet server's private IP | 32768-65535 | Acceptability | Accept outbound responses from the public server to the private server (example values). |
| 197 | TCP | 0.0.0.0/0 | 1-65535 | Block | Block all remaining traffic except the rules above. |
| 198 | UDP | 0.0.0.0/0 | 1-65535 | Block | Block all remaining traffic except the rules above. |
| 199 | ICMP | 0.0.0.0/0 | - | Block | Block all remaining traffic except the rules above. |
You should configure Access Control Group (ACG), which controls inbound and outbound traffic for servers, using the same rules as Network ACL. You can configure ACG in the VPC environment of the console under > Services > Compute > Server > ACG. For more information, see ACG configuration method guide.
4. Configure public subnet route table
After you complete Network ACL configuration, you set up a route table to define network paths. In this quickstart, the system automatically sets up the public subnet route table so that servers can communicate with other instances in the VPC or with the internet.
| Destination point | Target type | Target name |
|---|---|---|
| 0.0.0.0/0 | IGW | INTERNET GATEWAY |
| 10.0.0.0/16 | LOCAL | LOCAL |
For detailed instructions, see:
5. Create NAT Gateway
You create a NAT Gateway to connect servers in the private subnet to the internet.
For detailed instructions, see:
6. Configure private subnet route table
Because the private subnet route table includes only the local route by default, configure the NAT Gateway network route separately. If you need to communicate with all internet sites, set the destination to 0.0.0.0/0:
| Destination point | Target type | Target name |
|---|---|---|
| 0.0.0.0/0 | NATGW | The name of NAT Gateway to be configured |
| 10.0.0.0/16 | LOCAL | LOCAL |
For detailed instructions, see:
7. Create server
After you complete the route table configuration, you create a server to deploy within the VPC you created. When you create the server, select the VPC and subnet you created earlier and specify the ACG mentioned above. After you complete server creation, connect to the server, set up a web server, and verify that HTTP communication works.
For detailed instructions, see:
Create a public subnet and a private subnet for on-premise connectivity
Use the public subnet and on-premise–connected private subnet quickstart when you want to run a public web application and communicate with your on-premise environment. The configuration is as follows:
The following is the procedure to implement this quickstart:
1. Create VPC
2. Create public subnet and private subnet
3. Configure Network ACL
4. Configure Public Subnet Route Table
5. Create Virtual Private Gateway
6. Create IPsec VPN
7. Configure Private Subnet Route Table
8. Create server
1. Create VPC
As the first step, create a VPC in the NAVER Cloud Platform console. You can create a VPC in the > Services > Networking > VPC menu. You use a /16 IPv4 CIDR block (Example: 10.0.0.0/16) for a VPC, which gives you 65,536 IP addresses.
For detailed instructions, see:
2. Create public subnet and private subnet
Once you've finished creating a VPC, build a subnet in the VPC so that you can practically use the network. Subnets are primarily classified into Public Subnets and Private Subnets.
- Public Subnet: You set the subnet CIDR to 10.0.0/24 and use up to 256 IP addresses, and you can associate one public IP address with each server deployed in this subnet. (1:1 NAT)
- Private Subnet: You set the subnet CIDR to 10.0.0/24 and use up to 256 IP addresses, and servers deployed in this subnet do not accept inbound traffic from the internet. When you add a NAT Gateway, you can send outbound traffic to the internet.
For detailed instructions, see:
3. Configure Network ACL
After you create a subnet, you configure Network ACL (Access Control List) to control inbound and outbound traffic for the subnet and enhance security.
For detailed instructions, see:
In this quickstart, you should configure Network ACL as follows:
- Public Subnet: Inbound
| Priority | Protocol | Access source | Port | Acceptability | Description |
|---|---|---|---|---|---|
| 1 | TCP | 0.0.0.0/0 | 80 | Acceptability | Accept inbound HTTP traffic. |
| 2 | TCP | 0.0.0.0/0 | 443 | Acceptability | Accept inbound HTTPS traffic. |
| 3 | TCP | Client IP | 22 | Acceptability | Accept SSH traffic from the client IP through the Internet Gateway. |
| 4 | TCP | Client IP | 3389 | Acceptability | Accept RDP traffic from the client IP through the Internet Gateway. |
| 5 | TCP | 0.0.0.0/0 | 32768-65535 | Acceptability | Accept inbound return traffic for requests originating from the subnet (example values). |
| 197 | TCP | 0.0.0.0/0 | 1-65535 | Block | Block all remaining traffic except the rules above. |
| 198 | UDP | 0.0.0.0/0 | 1-65535 | Block | Block all remaining traffic except the rules above. |
| 199 | ICMP | 0.0.0.0/0 | - | Block | Block all remaining traffic except the rules above. |
- Public Subnet: Outbound
| Priority | Protocol | Access source | Port | Acceptability | Description |
|---|---|---|---|---|---|
| 1 | TCP | 0.0.0.0/0 | 80 | Acceptability | Accept outbound HTTP traffic. |
| 2 | TCP | 0.0.0.0/0 | 443 | Acceptability | Accept outbound HTTPS traffic. |
| 3 | TCP | 0.0.0.0/0 | 32768-65535 | Acceptability | Accept outbound responses from the internet to the client (example values). |
| 4 | TCP | Private server's private IP | Private server port (Example: DB) |
Acceptability | Accept traffic to communicate with the private server. |
| 197 | TCP | 0.0.0.0/0 | 1-65535 | Block | Block all remaining traffic except the rules above. |
| 198 | UDP | 0.0.0.0/0 | 1-65535 | Block | Block all remaining traffic except the rules above. |
| 199 | ICMP | 0.0.0.0/0 | - | Block | Block all remaining traffic except the rules above. |
- Private Subnet: Inbound
| Priority | Protocol | Access source | Port | Acceptability | Description |
|---|---|---|---|---|---|
| 1 | TCP | Public subnet server's private IP | Private server port (Example: DB) |
Acceptability | Accept traffic to communicate with the public server. |
| 2 | TCP | Customer server's private IP | Customer server port | Acceptability | Accept traffic to communicate with the customer’s on-premise server. |
| 197 | TCP | 0.0.0.0/0 | 1-65535 | Block | Block all remaining traffic except the rules above. |
| 198 | UDP | 0.0.0.0/0 | 1-65535 | Block | Block all remaining traffic except the rules above. |
| 199 | ICMP | 0.0.0.0/0 | - | Block | Block all remaining traffic except the rules above. |
- Private Subnet: Outbound
| Priority | Protocol | Access source | Port | Acceptability | Description |
|---|---|---|---|---|---|
| 1 | TCP | Public subnet server's private IP | 32768-65535 | Acceptability | Accept outbound responses from the public server to the private server (example values). |
| 2 | TCP | Customer server's private IP | Customer server port | Acceptability | Accept traffic to communicate with the customer’s on-premise server. |
| 197 | TCP | 0.0.0.0/0 | 1-65535 | Block | Block all remaining traffic except the rules above. |
| 198 | UDP | 0.0.0.0/0 | 1-65535 | Block | Block all remaining traffic except the rules above. |
| 199 | ICMP | 0.0.0.0/0 | - | Block | Block all remaining traffic except the rules above. |
You should configure Access Control Group (ACG), which controls inbound and outbound traffic for servers, using the same rules as Network ACL. You can configure ACG in the VPC environment of the console under > Services > Compute > Server > ACG. For more information, see ACG configuration method guide.
4. Configure public subnet route table
After you complete Network ACL configuration, you set up a route table to define network paths. In this quickstart, the system automatically sets up the public subnet route table so that servers can communicate with other instances in the VPC or with the internet.
| Destination point | Target type | Target name |
|---|---|---|
| 0.0.0.0/0 | IGW | INTERNET GATEWAY |
| 10.0.0.0/16 | LOCAL | LOCAL |
For detailed instructions, see:
5. Create Virtual Private Gateway
Create a Virtual Private Gateway to connect servers in the private subnet to the customer’s on-premise server.
For detailed instructions, see:
6. Create IPsec VPN
To create a managed IPsec VPN, complete a service application form and submit it through your account manager or customer support. (Automation is planned.)
Download the service application form from Customer Support > Resources in the portal.
After you receive the service activation notice, proceed to the next step.
(Currently, the team performs service activation manually after you submit the application form. We plan to release an automated offering in the near future.)
7. Configure private subnet route table
Because the private subnet route table includes only the local route by default, configure the Virtual Private Gateway network route separately. To set the destination to the customer’s on-premise server:
| Destination point | Target type | Target name |
|---|---|---|
| Customer server's private IP | VGW | Configured Virtual Private Gateway name |
| 10.0.0.0/16 | LOCAL | LOCAL |
For detailed instructions, see:
8. Create server
After you complete the route table configuration, you create a server to deploy within the VPC you created. When you create the server, select the VPC and subnet you created earlier and specify the ACG mentioned above. After you complete server creation, connect to the server, set up a web server, and verify that HTTP communication works.
For detailed instructions, see:
Configure a private network (peering) between VPCs
Use this quickstart when you want to set up private communication between two different VPCs. Although you can communicate using public IP addresses by default, build a private network for better security and stability.
This quickstart explains a quickstart that connects VPC A and VPC B. The configuration is as follows:
The following is the procedure to implement this quickstart:
1. Create VPC
2. Create Subnet
3. Configure Network ACL
4. Create VPC Peering
5. Configure Route Table
6. Create server
When you configure Network ACL and the route table, some settings may differ, such as how you enter the peer VPC IP address range.
1. Create VPC
First, create two VPCs in the NAVER Cloud Platform console. You can create a VPC in the > Services > Networking > VPC menu. Each VPC uses a /16 IPv4 CIDR block (Example: 10.0.0.0/16), which provides 65,536 IP addresses.
For detailed instructions, see:
2. Create Subnet
Once you've finished creating a VPC, build a subnet in the VPC so that you can practically use the network.
3. Configure Network ACL
Configure Network Access Control List (ACL) to control inbound and outbound traffic for the subnet. For the subnet of the VPC that requests peering, allow Network ACL traffic to the peer VPC.
For detailed instructions, see:
In this quickstart, you should configure Network ACL as follows:
- Inbound
| Priority | Protocol | Access source | Port | Acceptability | Description |
|---|---|---|---|---|---|
| 1 | TCP | 172.16.0.0/16 | 1-65535 | Acceptability | Accept inbound communication from the peering VPC IP range (example values). |
| 2 | TCP | 0.0.0.0/0 | 32768-65535 | Acceptability | Accept inbound return traffic for requests originating from the subnet (example values). |
| 197 | TCP | 0.0.0.0/0 | 1-65535 | Block | Block all remaining traffic except the rules above. |
| 198 | UDP | 0.0.0.0/0 | 1-65535 | Block | Block all remaining traffic except the rules above. |
| 199 | ICMP | 0.0.0.0/0 | - | Block | Block all remaining traffic except the rules above. |
- Outbound
| Priority | Protocol | Access source | Port | Acceptability | Description |
|---|---|---|---|---|---|
| 1 | TCP | 172.16.0.0/16 | 1-65535 | Acceptability | Accept outbound communication from the peering VPC IP range (example values). |
| 2 | TCP | 0.0.0.0/0 | 32768-65535 | Acceptability | Accept outbound responses from the internet to the client (example values). |
| 197 | TCP | 0.0.0.0/0 | 1-65535 | Block | Block all remaining traffic except the rules above. |
| 198 | UDP | 0.0.0.0/0 | 1-65535 | Block | Block all remaining traffic except the rules above. |
| 199 | ICMP | 0.0.0.0/0 | - | Block | Block all remaining traffic except the rules above. |
You should configure Access Control Group (ACG), which controls inbound and outbound traffic for servers, using the same rules as Network ACL. You can configure ACG in the VPC environment of the console under > Services > Compute > Server > ACG. For more information, see ACG configuration method guide.
4. Create VPC Peering
After you complete Network ACL configuration, request VPC-to-VPC communication through the VPC Peering menu. Because peering provides one-way communication, specify a requesting VPC and an accepting VPC. You can set the accepting VPC to another VPC in your account or to a VPC in a different account. If you need bidirectional communication, reverse the requesting and accepting VPCs and create two peering connections.
For detailed instructions, see:
5. Configure Route Table
After you create VPC peering, configure a route table to define network paths. Configure routing from the subnet of the requesting VPC to the peer VPC. If you request peering from Subnet A in VPC A to Subnet C in VPC B, configure the route table:
| Destination point | Target type | Target name |
|---|---|---|
| IP range of VPC B | VPCPEERING | Configured VPC peering name |
| 0.0.0.0/0 | IGW | INTERNET GATEWAY |
| 10.0.0.0/16 | LOCAL | LOCAL |
For detailed instructions, see:
6. Create server
After you complete the route table configuration, create a server in each of the two VPCs you created. When you create the server, select the VPC and subnet you created earlier and specify the ACG mentioned above. After you complete server creation, connect to the server, set up a web server, and verify that HTTP communication works.
For detailed instructions, see: