Skip to content

IaaS Networking

InteSys provides enterprise-grade networking capabilities for your IaaS environment, including private networks, load balancing, managed DNS, and high-bandwidth interconnects.

Network Architecture

All InteSys datacenters are interconnected via a 200 Gbps backbone with multiple Tier 1 transit providers and peering exchanges. Server uplinks operate at 25/40 Gbps depending on the configuration.

Internet
   ├── Tier 1 Transit Providers (multiple)
   ├── Peering Exchanges (IX.br, AMS-IX, Equinix IX)
   └── InteSys Edge (Fortinet DDoS Mitigation)
          ├── Public Network (routed, firewalled)
          └── Private Network (isolated VLANs)

Private Networks and VLANs

Isolate your workloads using private VLANs that are not routable from the public internet.

Creating a Private Network

  1. Navigate to Services > Networking > Private Networks
  2. Click Create Network
  3. Define the VLAN parameters:
    • Name: Descriptive label (e.g., "backend-db-network")
    • Subnet: Private IP range (e.g., 10.100.0.0/24)
    • Region: Must match the datacenter of attached servers
  4. Attach VPS instances or IaaS workloads to the network

Use Private Networks for Backend Traffic

Database connections, inter-service communication, and replication traffic should always traverse private networks. This improves security and avoids bandwidth charges on public interfaces.

Multi-Region Private Networking

Connect private networks across regions using encrypted tunnels:

  • Site-to-site VPN: IPsec tunnels between datacenters
  • Direct interconnect: Dedicated MPLS circuits for high-throughput, low-latency links
  • WireGuard overlay: Lightweight encrypted mesh for smaller deployments

Load Balancing

Distribute incoming traffic across multiple backend servers for high availability and performance.

Layer 4 (TCP/UDP) Load Balancing

  • Connection-level distribution with minimal overhead
  • Health checks via TCP connect or UDP probe
  • Algorithms: round-robin, least-connections, source-IP hash

Layer 7 (HTTP/HTTPS) Load Balancing

  • Content-based routing (host, path, headers)
  • SSL/TLS termination with managed certificates
  • HTTP/2 and WebSocket support
  • Sticky sessions via cookie insertion
Feature Layer 4 Layer 7
Protocol awareness TCP/UDP only HTTP/HTTPS
SSL termination
Content routing
Performance overhead Minimal Low
WebSocket support Pass-through

DNS Management

InteSys provides managed authoritative DNS with global anycast resolution.

Features

  • Anycast network — DNS queries are answered by the nearest node
  • Low TTL support — TTLs as low as 30 seconds for rapid failover
  • Record types — A, AAAA, CNAME, MX, TXT, SRV, CAA, and more
  • API access — Automate DNS management via REST API

Common Records

; A record for your application
app.example.com.    300    IN    A    203.0.113.10

; CNAME for www subdomain
www.example.com.    3600   IN    CNAME    app.example.com.

; MX records for email
example.com.        3600   IN    MX    10 mail.example.com.

DNS Propagation

Changes to DNS records may take up to 48 hours to propagate globally, depending on the previous TTL values. Plan DNS migrations accordingly.

Firewall and Security Groups

Define granular network access policies:

  • Inbound rules: Control which ports and source IPs can reach your servers
  • Outbound rules: Restrict egress traffic for compliance requirements
  • Security groups: Reusable rule sets that can be applied to multiple servers
  • Geo-blocking: Restrict access by country or region

Next Steps