Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: removed WAN Optimization references



Describes how outbound traffic from a Cloud Network works in MCP 1.0, including Public IP Traffic, Private IP traffic, and Global SNAT address translation , and WAN Optimization technology in place between data centers.

NOTE: This article applies only to MCP 1.0 locations. For details on MCP 2.0 behavior, see Introduction to Routing, Network Domain Static Routes, and SNAT in MCP 2.0 Locations.


  1. Traffic between Private IP addresses in different data centers is automatically encrypted as it travels across a private VPN connection established between each Cloud data center. These connections are in place both between data centers in the same Geographic region (i.e between US-East and US-West) and data centers in different Geographic regions (i.e. between US-East and Amsterdam). In addition, such private IP traffic between Public Data Center Locations also uses WAN Optimization technology to improve performance of private IP traffic. For most types of unencrypted traffic, this means you will see faster performance for traffic routed between private IP addresses than between public IP addresses. However, to take full advantage of this capability, make sure you're sending data using unencrypted protocols. The site-to-site VPN will already provides encryption and the WAN optimization functionality works best with unencrypted traffic, as it optimizes the traffic prior to the encryption.The only data center locations currently without this enhanced functionality are the non-public locations EU3, EU4, ID1, and IN1. Private IP traffic involving these locations remains encrypted but is not accelerated.
  2. Traffic destined for a Private IP address of any other Cloud Network does not go through a SNAT as it leaves the source Cloud Network. Instead, the traffic will appear to the destination Cloud Network as coming from the source private IP address rather than a public SNAT. 
  3. Default ACL Rules governing such behavior are in the process of changing - The current default ACL rules will allow such traffic on the standard HTTP, HTTPS, and PING ports, meaning that unless you establish changes to the ACL rules, these ports are available from any private IPv4 address space in the MCP 1.0 universe - even from other clients. However, at some future date, this behavior is changing and all private IPv4 traffic will be denied on newly deployed MCP 1.0 Cloud Networks. A notification with further details will be sent out well before any changes are made. 

NOTE: For networks deployed prior to September 29, 2010, the notes listed above about private IP traffic do NOT apply. Instead, the default behavior is identical to traffic destined for the Public Internet as described above. That means the traffic leaves the network as public traffic , and is neither encrypted or accelerated. If you need to know whether you deployed a specific network prior to this date, contact Support and we will verify for you.


Content by Label
cqllabel in ("intro-mcp-2-0","overview","intro-mcp-1-0")
labelsintro-mcp-1-0, intro-mcp-2-0, overview,

Page properties

Related issues