Skip to content
Products
Platform
Developer Tools
Portal

Concepts

Concept

Section titled “Concept”

A STACKIT NIC (NIC) represents a virtual network interface in the STACKIT Cloud. STACKIT NICs connect STACKIT Servers to STACKIT Networks and provide features to configure and secure these connections.

General

Section titled “General”

Each STACKIT NIC stays linked to its parent network and to its assigned IPv4 address for its entire lifecycle. You can configure several options when you create a STACKIT NIC:

  • IPv4 address: Set the NIC IPv4 address. It must be within the IPv4 range of the parent STACKIT Network.
  • Allowed addresses: When you enable NIC Security, specify additional IP addresses or ranges that can send or receive traffic.
  • NIC Security: This option is on by default. It applies all NIC security features. If you turn it off, all packets pass through without restriction (not recommended).
  • Security Groups: Apply one or more Security Groups to the NIC to control ingress and egress rules.

After creating a STACKIT NIC, attach it to a new or existing STACKIT Server. Each server supports up to 5 NICs.

Security

Section titled “Security”

STACKIT NICs secure traffic by combining NIC Security with STACKIT Security Groups.

  • NIC Security: Enabled by default. It applies all NIC security features. If you turn it off, all packets pass through and you can’t use Security Groups or Allowed Addresses.
  • Security Groups: Define rules for ingress (incoming) and egress (outgoing) traffic at the IP and port level. By default, Security Groups block all ingress traffic and allow all egress traffic.

Allowed addresses

Section titled “Allowed addresses”

With NIC Security enabled, the NIC accepts traffic only from the MAC and IP address assigned to it. The NIC drops any traffic with different addresses, regardless of Security Group rules. To allow other IP addresses, add them to the NIC allowed_addresses property.

Considerations

Section titled “Considerations”
  • IPv6 addresses aren’t supported at NIC creation.
  • You can’t change the NIC IPv4 address after creation.
  • You can’t move a NIC to a different STACKIT Network after creation.
  • Adding a NIC to an existing server may require OS level configuration.
  • Each network reserves up to two NICs for system purposes. These NICs consume IP addresses in the network and appear in the portal but can not be deleted.