Deep Dive

Networking &
Load Balancers

Enterprise networking with VPC isolation, managed NAT gateways, per-instance firewalls, and fully managed load balancers. Production-grade multi-hypervisor networking.

Explore Features View Documentation
VPC Networking

Virtual Private Cloud with VXLAN overlay

Create fully isolated private networks that span across multiple hypervisors. Your VPCs provide true tenant isolation at scale.

Tenant-Isolated Networks

Each VPC is a completely isolated private network. Traffic between tenants never crosses boundaries, with full network segmentation at the hypervisor level.

Multiple Subnets per VPC

Define multiple subnets within a single VPC to segment your infrastructure. Automatic IP assignment keeps provisioning fast and error-free.

Attach and Detach Instances

Add or remove instances from VPCs at any time. Hot-attach networking updates cloud-init configuration and applies changes without rebooting.

Cross-Hypervisor Networking

VPCs span across hypervisor nodes with built-in redundancy for high availability.

panel.yourdomain.com/vpcs
VPC Networking Dashboard
panel.yourdomain.com/vpc/nat-gateway
NAT Gateway Management
NAT Gateways

Managed NAT for private-to-public traffic

Give your VPC instances internet access through managed NAT gateways. Full bandwidth accounting with per-GB billing, configurable overage policies, and automatic suspension when limits are reached.

Per-GB Bandwidth Billing

Track and bill bandwidth consumed through the NAT gateway with configurable per-GB rates on each hypervisor group.

Configurable Accounting

Choose to meter uploads only, downloads only, or both directions. Flexible policies fit any billing model.

Overage Handling

When bandwidth limits are exceeded, choose to charge overage fees or automatically revoke access until the billing cycle resets.

Auto Suspend and Resume

Gateways automatically suspend when usage exceeds limits and resume when bandwidth resets or credits are replenished.

Subnets & IP Management

Complete control over your IP address space

Manage IPv4 and IPv6 subnets with flexible allocation, reverse DNS integration, and support for bridge, NAT, and routed networking modes.

IPv4 & IPv6 Subnets

Define subnets of any size for both IPv4 and IPv6. Full dual-stack support with independent allocation for each protocol.

Bulk IP Generation

Generate individual IPs or entire ranges in bulk. Background jobs handle large allocations without blocking the admin panel.

IPv6 /64 Allocations

Assign entire /64 IPv6 subnets to instances for applications that need large address spaces, such as container hosts or mail servers.

Reverse DNS

Automatic rDNS management via PowerDNS or ClouDNS. Users can request PTR record changes with an admin approval workflow.

MAC Address Management

Automatic MAC address generation for each IP. Cloud-init matches interfaces by MAC for reliable multi-NIC network configuration.

Bridge, NAT & Routed Modes

Choose the networking mode that fits your infrastructure. Bridge for direct layer-2 access, NAT for shared IPs, or routed for layer-3 isolation.

Per-Instance Firewalls

Granular traffic control for every VM

Every instance gets its own iptables-based firewall, managed from both the admin and user panels. Rules update in real time via WebSocket, so changes are reflected instantly without page reloads.

1

Inbound & Outbound Rules

Create rules for both directions. Control which traffic can enter or leave the instance with protocol, port, and source/destination filtering.

2

Protocol & Port Filtering

Filter by TCP, UDP, ICMP, or any protocol. Specify individual ports, port ranges, or allow all traffic. Source IP and CIDR filtering narrows access to trusted networks.

3

Real-Time WebSocket Updates

Rules are broadcast over WebSocket the moment they change. Admins and users see firewall state update live without refreshing, and the hypervisor applies changes immediately.

4

Admin & User Panel Access

Admins can manage firewall rules for any instance. Users manage their own rules through the self-service panel, keeping operations teams and end-users aligned.

panel.yourdomain.com/instance/firewall
Per-Instance Firewall Rules
New in v2.1

Managed Load Balancers

Fully managed HAProxy load balancers with SSL termination, health checks, session stickiness, and connection draining. Deploy in VPC-only or public mode.

panel.yourdomain.com/load-balancers
Load Balancer Management

Configuration blocks for every port

Each load balancer uses unified per-port configuration blocks that combine frontend listeners, backend pools, targets, certificates, and routing rules into a single manageable unit.

Layer 4 & Layer 7 Balancing

TCP/UDP pass-through for raw performance, or HTTP/HTTPS mode with header inspection, cookie-based routing, and path-based rules.

SSL Termination

Upload PEM certificates and terminate TLS at the load balancer. Backend servers receive plain HTTP, reducing their CPU overhead.

Active & Passive Health Checks

Active checks probe backends at configurable intervals. Passive checks detect failures from real traffic and remove unhealthy nodes automatically.

Session Stickiness

Pin users to the same backend using cookie insertion or source IP hashing. Configurable per configuration block for mixed workloads.

Connection Draining

Gracefully drain connections from backends before removal. Configurable timeout ensures in-flight requests complete.

Backend Node Modes

Set each target as active, backup, or drain. Backup nodes only receive traffic when all active nodes are down.

VPC & Public Modes

Deploy load balancers inside a VPC for private traffic, or in public mode with a dedicated IP for internet-facing services.

HA with Auto-Evacuation

High availability monitoring detects node failures and automatically evacuates load balancers to healthy hypervisors.

Real-Time HAProxy Statistics

Monitor active connections, request rates, backend health status, and bandwidth throughput in real time. Statistics are pulled directly from the HAProxy stats socket and displayed in the management panel.

LB-Specific Plans

Define dedicated resource plans for load balancers with full control over CPU, RAM, storage, network throughput, I/O limits, CPU topology, and bandwidth accounting. Each LB gets its own backing instance with precisely allocated resources.

Architecture

How it all fits together

A multi-layer networking stack built on proven open-source technologies, orchestrated through a single management plane.

Load Balancers

Managed HAProxy instances sitting at the edge, distributing traffic to backend pools across your VPC or public network.

Firewalls & NAT Gateways

Per-instance iptables rules filter traffic at the hypervisor. NAT gateways provide outbound internet access for private instances.

VPC Overlay Network

Isolated layer-2 overlay networks span across hypervisor nodes with built-in redundancy.

IP & Subnet Management

IPv4/IPv6 subnets with automatic IP assignment, MAC address management, and reverse DNS via PowerDNS or ClouDNS.

Ready to build your network?

Start with a free 30-day trial. VPC networking, load balancers, firewalls, and full IPv4/IPv6 management included in every plan.

Read the Docs