Ways for Users to Connect to ICDC

When working with a cloud platform, it is important to choose the right method to connect to cloud resources. This choice affects the level of security, performance, fault tolerance, and the complexity of integration with your on-premise infrastructure.

All connection options can be classified by two criteria:

1. By OSI model level:

   • L2 (Data Link layer) – “pure” Ethernet is transmitted, as if the cloud were an extension of your local network.
   • L3 (Network layer) – interaction is performed at the IP routing level.

2. By type of communication channel:

   • Dedicated Provider link – a dedicated channel provided by a network provider.
   • Shared Internet – connection over the public internet.

Types of ICDC Connections

	Dedicated Provider link	Shared Internet
L3	Direct Connect	VPN Gateway, Public IP
L2	Direct Link	—

Dedicated Provider link

Direct Connect

Direct Connect (DX) allows you to combine the customer’s IP subnets in their on-premise infrastructure and the VPC networks in the cloud into a single routed domain. In essence, it is a direct L3 connection between your network and the cloud over a dedicated channel.

The physical connection is provided by a network provider that has its own equipment (Point of Presence, PoP) in the data center where the cloud platform is located.

The following parties are involved in establishing the connection:

• Customer
• Network provider (telecom operator with equipment in the data center)
• Data center team (owner of the MMR – Meet-Me Room)
• Cloud platform operator’s team

Key characteristics

• High performance and minimal latency
• Predictable connection quality
• Maximum security (traffic does not pass through the public internet)

It is suitable for mission-critical systems, hybrid infrastructures, and high-load enterprise solutions.
Direct Connect is the right choice when you need maximum reliability, stable bandwidth, and full integration of your network with the cloud.

Learn more about Direct Connect configuration.

Direct Link

Direct Link allows you to connect the customer’s L2 network directly to the VPC’s L2 network via a channel provided by a network provider (for example, L2VPN or a dedicated fiber link).
Within this L2 segment, virtual network interfaces (Virtual NICs) are created and connected directly to virtual machines. In simple terms, your cloud servers become a logical extension of your local Ethernet network.

Key characteristics

• Full network transparency
• Ability to use your own VLANs, DHCP, and broadcast mechanisms
• Maximum flexibility in network architecture

This is the most “low-level” and the most flexible integration method. It is suitable if you need to:

• extend your local network into the cloud,
• preserve your existing L2 architecture,
• use non-standard network protocols or mechanisms.

Shared Internet

VPN Gateway

VPN Gateway is a service for securely connecting to cloud resources over the public internet using a VPN.
When an account is created, the platform automatically deploys a virtual machine called Cloud Gateway (cloudgw), which acts as a VPN server. It is part of the VPC and provides networking services for the account.
To connect, the user must install the WireGuard VPN client.

VPN Gateway capabilities:

• Creating VPN connections and adding client devices
• Connecting account networks across different regions using Remote Gateway
• NAT Mapping to resolve IP subnet conflicts

Key characteristics

• Easy to set up
• Does not require a separate provider or physical connection
• Good level of security due to encryption

VPN Gateway is the optimal choice for most standard use cases, such as:

• quickly obtaining secure access to the cloud,
• providing access for administrators and developers,
• connecting small offices or individual users.

Public IP

Each account receives a primary public IP address, which:

• is used for outbound traffic to the internet,
• is used for Port Forward,
• is used to host ALB and VPN services.

This IP is associated with the VPC and is selected randomly from a shared pool.

Main use cases:

1. Providing internet access for virtual machines

2. Providing external access to account services via Port Forward:

3. web servers,

4. APIs,
5. ALB,
6. VPN gateways.

Key characteristics

• The simplest and most basic networking mechanism
• Does not require any additional connectivity configuration

A public IP address is a fundamental mechanism for internet access, publishing services, and operating ALB and VPN services.

In summary:

• Direct Link and Direct Connect are solutions for deep and professional integration with the cloud via dedicated channels.
• VPN Gateway is a universal and secure way to access the cloud over the internet.
• Public IP is the basic mechanism that provides network accessibility for the account and its services.