Network Restrictions, Isolation & Abuse Policy

Overview

To ensure stability, IP reputation and infrastructure integrity, UP-NETWORK applies structured and transparent network policies across all VPS services.

Our philosophy:

• Maximum operational freedom

• No artificial port blocking

• Strong tenant isolation

• Strict abuse enforcement

This document explains:

• Port policy

• TCP rate limits

• Automatic restriction behavior

• Network isolation (L2/L3)

• Abuse monitoring & suspension process

Port Policy

No Default Port Blocking

By default:

• ✅ No inbound ports are blocked

• ✅ No outbound ports are blocked

• ✅ SMTP (port 25) is open

You are free to operate:

• Mail servers

• APIs

• Game servers

• Reverse proxies

• Custom applications

We do not impose arbitrary filtering under normal conditions.

Reserved Right to Restrict Ports

UP-NETWORK reserves the right to restrict ports without prior notice if:

• Spam activity increases

• IP reputation is threatened

• Infrastructure stability is impacted

• Abuse originates from the VPS

This may include:

• Blocking outbound SMTP (port 25)

• Temporary filtering of specific ports

• Requiring identity verification (KYC)

Restrictions may be applied immediately if necessary to protect the network.

TCP Connection Limits

To prevent abuse scenarios and protect shared infrastructure, per-IP rate limits are enforced.

Default Limits (All VPS)

• 50,000 concurrent TCP connections

• 250 new TCP connections per second (CPS)

These limits are sufficient for:

• Web platforms

• SaaS applications

• APIs

• Reverse proxies

• Mail servers

• Game servers

Increased CPS Limit (VPS PRO and Above)

For high-throughput workloads:

• CPS limit can be increased up to 500 new connections per second

• Available from VPS PRO range and above

• No additional cost

• Requires technical justification

To request an increase:

1. Open a support ticket

2. Provide workload explanation

3. Specify expected traffic behavior

Each request is reviewed individually.

Automatic Enforcement When Limits Are Exceeded

If the TCP rate limit is exceeded:

• 🚫 Outbound traffic is automatically restricted or temporarily blocked

• ✅ Inbound traffic remains fully operational

This means:

• Your services remain reachable

• Clients can still connect to your VPS

• Only outgoing connection bursts are limited

The restriction is:

• Automatic

• Temporary

• Self-recovering after cooldown

This mechanism protects:

• Infrastructure stability

• IP reputation

• Other customers

Repeated excessive violations may trigger manual review.

Network Isolation Model (L2 & L3 Separation)

Default Isolation

All VPS instances are:

• Fully isolated at Layer 2

• Fully isolated at Layer 3

• Strictly segmented per tenant

By default:

• ❌ You cannot see other VPS

• ❌ You cannot communicate with other customers

• ❌ You cannot access internal infrastructure services

• ❌ No east-west traffic is allowed

Each VPS operates in a completely isolated network environment.

Your VPS can:

• Communicate with the public Internet

• Receive inbound traffic on its assigned IP

But it cannot communicate with other UP-NETWORK services internally.

This prevents:

• Lateral movement attacks

• ARP spoofing

• Broadcast abuse

• Cross-tenant reconnaissance

Isolation is enforced at infrastructure level.

Private Communication Between Your Services

If you need communication between multiple VPS:

Free Private VXLAN Network

We provide:

• Private Layer 2 environment

• Dedicated /24 internal subnet

• High-speed internal communication

• Complete isolation from public network

This service is:

• ✅ Free of charge

• ✅ Available on request

• ✅ Secure and isolated

And yes, at UP-NETWORK, we do not charge for unnecessary add-ons.

To request:

1. Open a support ticket

2. Specify the VPS involved

3. Our team deploys your private network

Abuse Monitoring & Blacklist Surveillance

We actively monitor IP reputation.

Automatic monitoring includes:

• Spamhaus

• Spamcop

• Direct abuse reports via email (with evidence)

Monitoring is continuous and automated.

Abuse Handling Procedure

If abusive activity is detected:

1. A support ticket is automatically opened

2. The customer is notified

3. The customer has 24 hours to provide justification and remediation

If no response is received within 24 hours:

• The VPS is automatically suspended

• No prior warning is required

• No refund is issued

This is considered a violation of our General Terms and Conditions.

Repeated abuse may result in permanent termination.

Customer Responsibilities

Customers are responsible for:

• Securing their VPS

• Preventing compromise

• Monitoring outgoing traffic

• Keeping software updated

• Ensuring lawful use

If a VPS is compromised and generates abuse traffic, responsibility remains with the customer.

Summary

UP-NETWORK provides:

• Full port freedom

• Transparent TCP limits

• Automatic outbound-only restriction when limits are exceeded

• Strong L2/L3 isolation

• Free private networking on request

• Strict abuse enforcement

Our goal is to offer secure, high-performance infrastructure with maximum operational freedom — while protecting network integrity.

Need Assistance?

[email protected] Client Area: https://manager.up-network.ch

Our team is available for limit adjustments or technical clarification.