Virtual Machine Networking

Private Network

Virtual machines exist within an environment, and have access to the same private network as the containers within that environment. Applications running inside virtual machines can utilize the discovery service to connect to other containers/virtual machines via hostname.

Just like containers, virtual machines do not need to explicitly expose any ports for use on the private network. See here for more information.

Public Network

When it comes to receiving public internet traffic, virtual machines have several options available.

  1. Using a LINKED record, which will utilize the load balancer to route traffic to the virtual machine.
  • This will treat the virtual machine much the same way that containers are treated with regards to public traffic. All the additional functionality of the load balancer will be available.
  • TLS traffic can be handled at the load balancer using automatic TLS termination, eliminating the need for the virtual machine to handle encrypted HTTPS traffic.

For more information on creating a LINKED record for a virtual machine:

  1. Using static IP allocations, which will route traffic through the gateway service.
  • Simpler, useful if a fixed address is required. Uses simple gateway routing, which may be faster.

For more information on allocating a static IP address to a virtual machine:

  1. Using a LINKED record with DMZ mode enabled, which will instead direct all traffic pointed at that domain name to the virtual machine directly, bypassing the load balancer and going through the gateway service.
  • Same as #2, but uses a domain on top of allocating IPs.

These methods can be combined as well, allowing multiple routes for traffic to enter a virtual machine from the public internet.

Egress Traffic

Egress traffic will exit the virtual machine one of two ways, depending on whether there is a static IP allocated to the virtual machine

  • No Static IP Assigned: Traffic will exit using the host server's IP address.
  • Static IP Assigned: Traffic will exit from the gateway service, using one of the static IP addresses assigned to the virtual machine. If more than one IP is present, it will be chosen at random.

If a virtual machine has no need for ingress, all egress traffic can skip the gateway by not assigning any static IPs. This helps avoid sending extra traffic through the gateway unnecessarily, where it could become a point of saturation.

Allocating IPv4 Addresses

In order to have a public facing IPv4 address allocated to a virtual machine, the environment must be set to legacy mode. This is because IP addresses are assigned to the gateway, and the traffic needs to be forwarded using a private IPv4 address internally to the virtual machine.

As legacy mode currently MUST be set on environment create, and cannot be applied later, it is important to consider this when deploying environments that will have static IPv4s assigned to virtual machines.