> ## Documentation Index > Fetch the complete documentation index at: https://docs.nebius.com/llms.txt > Use this file to discover all available pages before exploring further. # How to create a fixed set of public IP addresses for a node group When you enable public IP addresses for nodes in a node group, the IP addresses are dynamically assigned from the general pool of public IP addresses managed by Nebius AI Cloud. The assigned addresses may change when nodes are recreated or updated. If you need a fixed set of public IP addresses—for example, to configure firewall rules, define an allowlist, register DNS records or integrate external systems—create a subnet with a dedicated public IP address range. While individual node IP addresses may still change, they will always be selected from the range defined in this subnet. ## Prerequisites 1. [Install and configure the Nebius AI Cloud CLI](../../cli/quickstart). 2. Make sure you are in a [group](/iam/authorization/groups/index) that has at least the `editor` role within your tenant; for example, the default `editors` group. You can check this in the [Administration → IAM](https://console.nebius.com/iam) section of the web console. 3. Make sure that you have enough quota on IP addresses to support your node group [deployment strategy](../node-groups/manage#node-group-parameters). You can check the quota on the [Administration → Limits → Quotas](https://console.nebius.com/quota) page of the web console. By default, node groups use the update strategy with `.spec.strategy.max_surge: 1`. Reserve at least one more public IP address than the total number of nodes in the group. Otherwise, updates or upgrades stop when trying to create a new node. ## How to create a fixed set of IP addresses To create a fixed set of public IP addresses for a node group, create a subnet with dedicated public IP address pool and configure the node group to use this subnet: 1. Create a subnet with public IP address CIDRs: ```bash theme={null} nebius vpc subnet create \ --name \ --network-id \ --ipv4-public-pools-use-network-pools=false \ --ipv4-public-pools-pools='[ { "cidrs": [ {"cidr": "/32"}, {"cidr": "/32"}, {"cidr": "/32"} ] }]' ``` Specify the following parameters: * `name`: Name of the subnet with a dedicated IP addresses set. * `network-id`: [Network ID](../../vpc/networking/resources#how-to-get-a-network-id). * `ipv4-public-pools-pools.cidrs`: One or more IPv4 [CIDR blocks](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing#CIDR_blocks). The number of these blocks define how many public IP addresses the subnet has. The nodes in the node group receive these addresses randomly. In the example, three CIDR blocks are defined, each with one public IP address. In the output, copy the `metadata.id` value — this is the subnet ID. 2. [Create a node group](../node-groups/manage) with the `--template-network-interfaces` parameter. Specify the new subnet ID in it: ```bash theme={null} nebius mk8s node-group create \ ... \ --template-network-interfaces "[{\"public_ip_address\": {}, \"subnet_id\": \"\"}]" ``` This configuration assigns random public IP addresses from the CIDR blocks defined in the subnet. Now, the nodes in the node group get public IP addresses from the dedicated set. This enables you to predefine a fixed range of IP addresses for use in an allowlist or for DNS mapping, even if individual IP addresses are reassigned across nodes.