Networking Overview

Learn about CloudNexus's global network infrastructure, how to configure VPCs, manage IP addresses, and secure your applications with firewalls.

🕒 Last updated: Oct 24, 2025 · 12 min read

Introduction

CloudNexus provides a high-performance, low-latency global network designed for modern distributed applications. Our backbone utilizes 100 Gbps links and anycast routing to ensure your data reaches users with minimal hop counts.

Networking resources are provisioned within your Project and can be scoped to specific regions or available as global resources (like CDN endpoints). This guide covers the core components:

VPCs: Isolated network environments.
Subnets: Segments within a VPC for resource organization.
Firewalls: Stateful packet filtering rules.
Load Balancers: Traffic distribution across instances.

ℹ️

Note: All resources created in this version of the API use our next-generation networking stack (NGN). Legacy v1 networking is deprecated.

Virtual Private Clouds (VPC)

A VPC allows you to launch resources into a virtual network that you've defined. You have complete control over your virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways.

Creating a VPC

You can create a VPC using the CLI, the Dashboard, or the API. Here is an example using the CloudNexus CLI (`cnx`):

bash

# Create a new VPC in the us-east-1 region
cnx network vpc create my-production-vpc \
  --region us-east-1 \
  --cidr 10.0.0.0/16

# Output:
{"id": "vpc_8x9z...", "name": "my-production-vpc", "status": "active"}

CIDR Blocks

When creating a VPC, you must specify an IPv4 CIDR block. CloudNexus supports the following private ranges:

Range	Size	Description
`10.0.0.0/8`	16,777,216	Standard large private network
`172.16.0.0/12`	1,048,576	Medium private network
`192.168.0.0/16`	65,536	Small private network

Firewalls & Security Groups

CloudNexus uses stateful firewalls to control ingress and egress traffic. Rules are evaluated in priority order (lowest number first). If no rule matches, the default action is DENY for ingress and ALLOW for egress.

⚠️

Security Warning: Never open port 22 (SSH) or 3389 (RDP) to 0.0.0.0/0 in a production environment. Use our Bastion Host feature instead.

Rule Priority

When creating firewall rules, ensure unique priorities. Rules with the same priority are evaluated in order of creation time.

json

{
  "firewall_name": "allow-https",
  "priority": 100,
  "action": "ALLOW",
  "direction": "INGRESS",
  "protocol": "TCP",
  "ports": [443],
  "sources": ["0.0.0.0/0"]
}

Load Balancing

Distribute traffic across multiple instances to ensure high availability. CloudNexus offers Layer 4 (TCP/UDP) and Layer 7 (HTTP/HTTPS) load balancers.

Global Load Balancer: Routes traffic to the nearest region with available capacity.
Regional Load Balancer: Distributes traffic within a single region.

DNS & Private Zones

You can associate custom domains with your load balancers or individual instances. We also support Private DNS zones within your VPC to allow internal service discovery without exposing hostnames to the public internet.

Was this page helpful?

← Get Started Architecture Virtual Private Clouds → Configure VPCs