public gateway logo

Gateway

Deploy a single communication point between your private network and the public network

Gateway is the easiest way to ensure a scalable - inbound and outbound - connection between an infrastructure built inside the vRack and a private network that has internet connectivity. Gateway enables secure access to the internet for all your instances. No more need for a public IP address for each instance. Several plans are available, providing distinct bandwidth capabilities to match your specific needs.

Single & robust entry point for your infrastructure

Have all incoming internet traffic arrive at a single point - built with a 99.99% SLA-backed availability - that can then be forwarded to relevant resources. Thanks to Gateway, you can split your architecture on multiple networks, and configure routes on-demand, depending on your business logic.

Simple, pay as you go billing

Gateway is billed upon usage, on an hourly basis. The service is available in three plans, depending on your traffic profile: Small, Medium and Large. With its simple pricing, you can easily anticipate your monthly costs.

Increased security

With its NAT functionality, Gateway for public cloud ensures individual instances, do not need to be directly attached to the public network and remain private. Any resources behind Gateway can still reach internet sources.

Discover our Gateway service plans

Gateway Small Medium Large
Bandwith capacity 200 Mbps 500 Mbps 2Gbps
Outbound internet connectivity (through SNAT) Yes
Inbound internet connectivity (through Floating IP) Yes

 

Use cases

Flexible service exposure with Floating IPs

Leverage Floating IP and Gateway in combination to manage service exposure. Keep your service IP and if needed, reassign it to other instances and services. Or ensure no services is exposed outside with private instances remaining only accessible within the private network, while having internet access by leveraging the Gateway SNAT capability.

Combine Load Balancer and Floating IPs

Use our Gateway in conjunction with Load Balancer and Floating IPs to ensure, your application services are exposed according to your security needs. This architecture allows customers to choose from different operating modes of Load Balancer (public and private). You benefit from the flexibility to update your Load Balancer transparently.

Outbound Gateway to internet

Create instances that only use private ports rather than public ports, while keeping access to the internet through the Gateway. This is useful when you need your instance to query the outside world, access external 3rd party services, while staying directly unreachable from the internet.

Gateway scenarios

gateway scenario

Combine Floating IP, Gateway and Load Balancer in your architecture and achieve the appropriate rules for network accessibility and achieve the level of security that you require.

Enable internet access to private instances

Instances running within a private network can leverage Gateway to send traffic to the public internet, while not being accessible from the outside. This enables you to update any software running on your private instances while making sure that only services within the private network can connect to your private instances.

Exposing a service on an instance

A service running on an instance within a private network can only be reached from the public internet through a Floating IP. This enables you to update or replace the instance, transparently as the Floating IP remains the same. 

For outgoing traffic to the public internet, the service can leverage Gateway. A typical use case is when a service needs to download an update.

Exposing services behind Load Balancer

A Load Balancer can be reached via a Floating IP and distribute incoming traffic into several instances. The instances behind Load Balancer have no public IP, ensuring they remain completely private and not directly accessible from outside. Load Balancer brings a higher level of security while supporting SSL encryption and can be updated transparently as the floating IP is hosted at the Gateway level.

Guides

Understand Networking concepts in Public Cloud
Creating a private network with Gateway from OVHcloud Control Panel

Key Features

Regionalized

Create and assign Floating IPs for your projects in different Public Cloud regions to be closer to your customers, and take a geographical approach when building your infrastructure.

Cloud native automation

Deploy and manage your Gateway directly from your Public Cloud environment, thanks to OpenStack API support and all compatible tools (Terraform, Ansible, Salt, etc.).

Connection to private networks

To keep your application nodes isolated on the private network, the Load Balancer can be used as a pathway between public addressing and your private networks, with the OVHcloud vRack.

Anti-DDoS Protection

This is the first line of defense for any product and service on the OVHcloud network. A large network capacity and a distributed global platform help protect against even the largest of attacks.

Scaling

Adapt the capacity of your Gateway to your needs, without interruption of service and at any time. You can choose between three plans, depending on your traffic profile: Small, Medium and Large.

Simplified management

Your cluster is created online in just a few minutes. You will then have the OVHcloud Control Panel to manage your service, and tools for daily monitoring.

SNAT capabilities

Allow traffic from a private network to go out to the internet by leveraging Source Network Address Translation (SNAT) protocol. Your instances behind your Gateway can access the internet while remaining non accessible from the public network.

Network Security

You can combine the Floating IP with the Gateway, to have instances within a private network to be accessible from outside. On the other hand, you can have fully private instances leveraging the SNAT mode of the Gateway, without Floating IP, only reachable within the private network.

Instant interaction with Floating IP

Create your Floating IP in less than a minute and assign or move it almost instantly. This allows you to be more responsive in managing availability and scheduled maintenance.

Support any Public Cloud instances

Gateway can be used to send/receive traffic by any instance type inside your private network.

Public cloud prices

Gateway billing

Gateway is billed upon usage, on an hourly basis. The service is available in three plans, depending on your traffic profile: Small, Medium and Large.

FAQ

What is Gateway ?

Gateway is an additional component in your infrastructure. It enables you to connect a partial or fully private set of instances to the public network by combining it with a Public Cloud Floating IP. When used by itself, it can act as a typical gateway to allow instances from one of your private networks to communicate with another application deployed in another network.

Why use Gateway ?

Gateway acts as the single entry point for your applications. By combining Gateway with Floating IP, you can ensure instances within a private network are accessible from outside or that a private Load Balancer can distribute traffic.

Can this Gateway be integrated into a Public Cloud project?

Yes, our service can be consumed within a Public Cloud project. You can manage it from your customer control panel or the OVHcloud API, or even via the OpenStack API.

What is the billing model?

For greater flexibility, our Gateway is designed to be used in a pay-as-you-go model, charged by the hour, with an invoice sent at the end of each month. You can choose between three packages, sized according to your needs, and of course, you can upgrade or downgrade at any time.