Network Planning Best Practices

⏱️ Estimated reading time: 5–7 minutes

Effective network planning is essential when deploying and managing infrastructure on platforms like Webberstop Cloud Portal A well-structured network strategy ensures performance, scalability, security, and long-term maintainability.

1. Understand Network Models in Webberstop Cloud Portal

Webberstop Cloud Portal supports multiple network models. When planning your environment, consider the following:

Basic Networking: Flat, shared network—suitable for small or development environments.
Advanced Networking: Offers layered networking with public, guest, and isolated networks—ideal for production and multi-tenant setups.
Isolated vs Shared Networks: Use isolated networks for tenant-level separation and shared networks for common services or DMZs.

2. Choose the Right Network Offering

Design and configure network offerings based on workload needs:

Define if source NAT, static NAT, load balancing, or VPN is required.
Match offerings to project types—e.g., isolated network offering with firewall rules for private applications, shared public IP for public-facing apps.
Keep naming conventions clear for ease of selection in Webberstop Cloud Portal.

3. Use Projects to Isolate Tenants or Teams

In Webberstop Cloud Portal, Projects are essential for segmenting:

Resources (instances, networks, IPs)
Billing and usage
User permissions and access control

Each project should have its own isolated networks and public IP pools where applicable.

4. Plan for Scalability with VPCs

Use VPCs (Virtual Private Clouds) for scalable, isolated networking:

Enable multi-tier application architecture (Web, App, DB) with tiered subnets.
Apply ACLs between tiers to control traffic (e.g., only allow DB traffic from App subnet).
Use custom CIDRs to avoid conflicts when connecting to on-prem or third-party networks.

5. Leverage L2 Networks for Specialized Use Cases

L2 (Layer 2) networks allow you to:

Extend VLANs from on-prem environments
Use your own DHCP, firewall, or routing appliances

Only use L2 where Layer 3 routing by Webberstop Cloud Portal is not desirable.

6. Assign and Secure Public IPs Wisely

Assign Public IPs only where absolutely needed (e.g., frontend apps, SSH bastions).
Use firewall rules in Webberstop Cloud Portal to restrict access by IP and port.
Consider static NAT for predictable access.

7. Define Firewall and ACL Standards

Implement a consistent security model:

Define default firewall rules (deny-all or allow essential ports only).
Use Network ACLs within VPCs for tiered traffic control.
Document port requirements for each type of workload.

8. Monitor Network Usage and Logs

Use Webberstop Cloud Portal’s built-in network usage graphs for traffic monitoring.
Enable logging of firewall and NAT actions where applicable for auditing and troubleshooting.

9. Consider High Availability (HA) in Network Design

Use redundant virtual routers where HA is supported.
Distribute workloads across multiple zones and subnets.
Avoid single points of failure (e.g., don't route all traffic through a single VM).

10. Document Your Network Layout

Maintain updated documentation for:

IP ranges and CIDRs
VLAN and subnet mappings
Network offerings and their purposes
ACLs and firewall policies

Well-documented networks reduce downtime and simplify onboarding and support.

Need help mapping this to your specific setup?

Reach out to your platform administrator or contact support for tailored assistance.

1. Understand Network Models in Webberstop Cloud Portal​

2. Choose the Right Network Offering​

3. Use Projects to Isolate Tenants or Teams​

4. Plan for Scalability with VPCs​

5. Leverage L2 Networks for Specialized Use Cases​

6. Assign and Secure Public IPs Wisely​

7. Define Firewall and ACL Standards​

8. Monitor Network Usage and Logs​

9. Consider High Availability (HA) in Network Design​

10. Document Your Network Layout​