IBM Cloud Docs
FAQ for virtual private endpoints

FAQ for virtual private endpoints

You might encounter the following frequently asked questions when you use IBM Cloud Virtual Private Endpoints (VPE) for VPC.

Can I map IBM Cloud services to a VPE from the service catalog?

IBM Cloud services cannot be mapped to a VPE from the service catalog during the time of purchase.

Can I map an IBM Cloud service to a Public endpoint?

Public endpoints of IBM Cloud services are not eligible for VPE. VPE can be mapped only to a private endpoint of IBM Cloud services.

Is a VPE created in high-availability mode?

A VPE is not created in high-availability (HA) mode, by default. HA comes primarily from the IBM Cloud service.

Can I access an IBM Cloud service by using a private service endpoint IP address?

When an IBM Cloud service is created, IBM Cloud DNS Services are automatically set up to resolve the IBM Cloud service FQDN to the IBM Cloud private service address.

When a VPE is created, VPE assigns a reserved IP with which you can access the IBM Cloud service. It is recommended to use the reserved IP instead of the IBM Cloud private service endpoint.

Does mapping an IBM Cloud service to an IP address on a VPC network make the service private?

Mapping an IBM Cloud service to an IP address on a VPC network does not make the service private. For example, if a service has a public endpoint, you can still access the public endpoint after the service is mapped.

Does controlling access to an IP on a VPC network that is mapped to a service control access to the mapped service?

Controlling access to an IP address on a VPC network that is mapped to an IBM Cloud service does not control the access to the mapped service itself.

Is there a limit to the total number of concurrent active connections to an endpoint gateway?

Connections to a reserved IP address that is bound to the endpoint gateway are source NATed at the VPE gateway. The source IP becomes the reserved IP bound to the endpoint gateway, and a UDP/TCP source port is allocated for each connection. The total number of TCP/UDP ports is limited, and since every active TCP/UDP connection might consume a source port, the total number of active connections through a VPE gateway is limited.

To avoid port exhaustion, consider techniques such as long-running connections and connection-pooling to reduce the total number of active connections to a VPE.

How many IP addresses can I use for NAT operations on the VPC gateway?

A finite pool of IP addresses is used for NAT operations on the VPC gateway. One IP address is required per VPC per zone.