Endpoints available
Before you can run workloads in an IBM Cloud VPC, you must first set up your environment to access the VPC API. That is, if you choose to manage your VPC resources programmatically. The following information lists the regional API endpoints that you can use to access your VPC resources.
For more information about setting up your VPC API environment or referencing methods to access your VPC resources, see Setting up your CLI or API environment or the Virtual Private Cloud API reference.
Use one of the following public endpoints to connect to the VPC infrastructure API. The endpoints are based on the region of the service.
Location | Region | Public Endpoint | Private Endpoint |
---|---|---|---|
US South (Dallas) | us-south |
https://us-south.iaas.cloud.ibm.com |
https://us-south.private.iaas.cloud.ibm.com |
US East (Washington DC) | us-east |
https://us-east.iaas.cloud.ibm.com |
https://us-east.private.iaas.cloud.ibm.com |
Brazil (São Paulo) | br-sao |
https://br-sao.iaas.cloud.ibm.com |
https://br-sao.private.iaas.cloud.ibm.com |
Canada (Toronto) | ca-tor |
https://ca-tor.iaas.cloud.ibm.com |
https://ca-tor.private.iaas.cloud.ibm.com |
Location | Region | Public Endpoint | Private Endpoint |
---|---|---|---|
United Kingdom (London) | eu-gb |
https://eu-gb.iaas.cloud.ibm.com |
https://eu-gb.private.iaas.cloud.ibm.com |
Germany (Frankfurt) | eu-de |
https://eu-de.iaas.cloud.ibm.com |
https://eu-de.private.iaas.cloud.ibm.com |
Spain (Madrid) | eu-es |
https://eu-es.iaas.cloud.ibm.com |
https://eu-es.private.iaas.cloud.ibm.com |
For x86-64 dedicated host profiles, the Madrid region only supports dedicated host profiles with instance storage. For more information, see Dedicated host profiles.
Location | Region | Public Endpoint | Private Endpoint |
---|---|---|---|
Japan (Tokyo) | jp-tok |
https://jp-tok.iaas.cloud.ibm.com |
https://jp-tok.private.iaas.cloud.ibm.com |
Japan (Osaka) | jp-osa |
https://jp-osa.iaas.cloud.ibm.com |
https://jp-osa.private.iaas.cloud.ibm.com |
Australia (Sydney) | au-syd |
https://au-syd.iaas.cloud.ibm.com |
https://au-syd.private.iaas.cloud.ibm.com |
LinuxONE (s390x processor architecture) profiles are supported on virtual server instances in the US South (Dallas), Japan (Tokyo), Brazil (São Paulo), Spain (Madrid), Canada (Toronto), United Kingdom (London), and US East (Washington DC) regions.
After resources are created and accessible in your VPC, you're ready to run workloads. From inside the VPC infrastructure, you can access two types of IBM Cloud endpoints: platform as a service (PaaS) endpoints, also known as service endpoints, and infrastructure as a service (IaaS) endpoints.
Although the addresses for these endpoints look as if they communicate through the public internet, traffic to and from these endpoints does not leave IBM Cloud. Therefore, this traffic avoids the bandwidth charges associated with traffic that exits the cloud and goes onto the public internet.
Service endpoints
Use service endpoints to securely connect to IBM Cloud services over the IBM Cloud private network. These endpoints are available through DNS (Domain Name System) names in the cloud.ibm.com
domain and resolve to 166.8.0.0/14
addresses.
Traffic to and from service endpoints are subject to ACL and security group rules. In other words, these mechanisms can be used in cases where you want to limit what virtual server instances use a particular service endpoint.
VPCs are automatically able to reach service endpoints. For more information about service endpoints, see Services that support service endpoints. After you provision a service as a private endpoint, ping the endpoint from your virtual server instance to verify that the endpoint is reachable.
You can also use VPN for VPC to access service endpoints. For more information, see Access service endpoints through VPN.
IaaS endpoints
Infrastructure services are available by using certain DNS names from the adn.networklayer.com
domain, and they resolve to 161.26.0.0/16
addresses. Services that you can reach include:
- DNS resolvers
- Ubuntu and Debian APT (Advanced Packaging Tool) Mirrors
- Network Time Protocol (NTP)
- IBM Cloud Object Storage
The following ports must be open to allow ADN network traffic to flow for the following services.
Protocol | Port | Service |
---|---|---|
UDP | 53 | DNS |
TCP | 80 | HTTP |
TCP | 443 | HTTPS |
For Linux virtual machines, open port 8443
to 161.26.0.0/16
.
Virtual private endpoints
IBM Cloud services available through IBM Cloud Virtual Private Endpoints (VPE) for VPC are listed at VPE supported services. VPE supports both service and IaaS endpoints. For more information about private connectivity and VPE, see About virtual private endpoint gateways.
DNS resolver endpoints
IBM Cloud DNS Services provide private DNS to VPC users. Private DNS zones are resolvable only on IBM Cloud, and only from explicitly permitted networks in an account. For more information about DNS Services, see Getting started with IBM Cloud DNS Services.
DNS resolvers use IP address, rather than names. For shared cloud service endpoints, use the DNS server addresses 161.26.0.10
and 161.26.0.11
.
Ubuntu and Debian APT Mirrors
APT mirrors for updating Ubuntu and Debian images are available from mirrors.adn.networklayer.com
, which resolves to 161.26.0.6
.
For instances that are provisioned with stock images for CentOS, Red Hat Enterprise Linux, or Windows, update connections are configured as part of the provisioning process.
NTP servers
NTP is widely used to synchronize a computer to internet time servers or other sources. The IBM NTP server is available for VPC instances to use for time synchronization.
An NTP server is available from time.adn.networklayer.com
, which resolves to 161.26.0.6
.
IBM Cloud Object Storage
IBM Cloud Object Storage stores encrypted and dispersed data across multiple geographic locations. For more information about IBM Cloud Object Storage, see Getting started with IBM Cloud Object Storage.
For more information about reaching Object Storage from a VPC see Connecting to IBM Cloud Object Storage from VPC.