diff --git a/pkg/ibmvpc/implicit_routing.go b/pkg/ibmvpc/implicit_routing.go
index 23795dcc5..e96b844d0 100644
--- a/pkg/ibmvpc/implicit_routing.go
+++ b/pkg/ibmvpc/implicit_routing.go
@@ -94,9 +94,9 @@ func isDestPublicInternet(dest *netset.IPBlock) bool {
 	return dest.IsSubset(publicRange)
 }
 
-func isDestServiceNetwork(dest *ipblock.IPBlock) bool {
+func isDestServiceNetwork(dest *netset.IPBlock) bool {
 	_, serviceNetworkRange, _ := vpcmodel.GetNetworkAddressList().GetServiceNetworkIPblocksList()
-	return dest.ContainedIn(serviceNetworkRange)
+	return dest.IsSubset(serviceNetworkRange)
 }
 
 func fipHasSource(src vpcmodel.Node, fip *FloatingIP) bool {
diff --git a/pkg/ibmvpc/parser.go b/pkg/ibmvpc/parser.go
index 8e75f5653..ab093174e 100644
--- a/pkg/ibmvpc/parser.go
+++ b/pkg/ibmvpc/parser.go
@@ -562,7 +562,7 @@ func (rc *IBMresourcesContainer) getPgwConfig(
 	return nil
 }
 
-func newSGW(sgwName string, cidr *ipblock.IPBlock) *ServiceNetworkGateway {
+func newSGW(sgwName string, cidr *netset.IPBlock) *ServiceNetworkGateway {
 	return &ServiceNetworkGateway{
 		VPCResource: vpcmodel.VPCResource{
 			ResourceName: sgwName,
diff --git a/pkg/ibmvpc/vpc.go b/pkg/ibmvpc/vpc.go
index 55d0b16ef..28645d0ea 100644
--- a/pkg/ibmvpc/vpc.go
+++ b/pkg/ibmvpc/vpc.go
@@ -287,10 +287,10 @@ func (fip *FloatingIP) IsMultipleVPCs() bool {
 // we add it for convenience - it is not a resource that appears in the input configuration file.
 type ServiceNetworkGateway struct {
 	vpcmodel.VPCResource
-	cidr *ipblock.IPBlock
+	cidr *netset.IPBlock
 }
 
-func (sgw *ServiceNetworkGateway) Cidr() *ipblock.IPBlock {
+func (sgw *ServiceNetworkGateway) Cidr() *netset.IPBlock {
 	return sgw.cidr
 }
 func (sgw *ServiceNetworkGateway) Sources() []vpcmodel.Node {
@@ -306,12 +306,12 @@ func (sgw *ServiceNetworkGateway) Destinations() []vpcmodel.Node {
 func (sgw *ServiceNetworkGateway) SetExternalDestinations(destinations []vpcmodel.Node) {
 }
 
-func (sgw *ServiceNetworkGateway) AllowedConnectivity(src, dst vpcmodel.VPCResourceIntf) (*connection.Set, error) {
+func (sgw *ServiceNetworkGateway) AllowedConnectivity(src, dst vpcmodel.VPCResourceIntf) (*netset.TransportSet, error) {
 	if areNodes, _, dst1 := isNodesPair(src, dst); areNodes {
 		if dst1.IsExternal() && !dst1.IsPublicInternet() {
-			return connection.All(), nil
+			return netset.AllTransports(), nil
 		}
-		return connection.None(), nil
+		return netset.NoTransports(), nil
 	}
 	return nil, errors.New("ServiceNetworkGateway.AllowedConnectivity unexpected src/dst types")
 }
@@ -387,7 +387,7 @@ func (pgw *PublicGateway) AllowedConnectivity(src, dst vpcmodel.VPCResourceIntf)
 		srcSubnet := src.(*commonvpc.Subnet)
 		if dstNode, ok := dst.(vpcmodel.Node); ok {
 			if dstNode.IsExternal() && dstNode.IsPublicInternet() && hasSubnet(pgw.srcSubnets, srcSubnet) {
-				netset.AllTransports(), nil
+				return netset.AllTransports(), nil
 			}
 			return netset.NoTransports(), nil
 		}
diff --git a/pkg/vpcmodel/explainabilityInput.go b/pkg/vpcmodel/explainabilityInput.go
index d82642ac6..764df34f8 100644
--- a/pkg/vpcmodel/explainabilityInput.go
+++ b/pkg/vpcmodel/explainabilityInput.go
@@ -467,7 +467,7 @@ func (c *VPCConfig) getCidrExternalNodes(inputIPBlock *netset.IPBlock) (cidrNode
 		externalType := publicInternetNodeName
 		isPublicInternet := true
 		_, ip, _ := GetNetworkAddressList().GetServiceNetworkIPblocksList()
-		if block.ContainedIn(ip) {
+		if block.IsSubset(ip) {
 			externalType = serviceNetworkNodeName
 			isPublicInternet = false
 		}
diff --git a/pkg/vpcmodel/externalNetwork.go b/pkg/vpcmodel/externalNetwork.go
index 5b8639a68..c4b8708a1 100644
--- a/pkg/vpcmodel/externalNetwork.go
+++ b/pkg/vpcmodel/externalNetwork.go
@@ -66,16 +66,16 @@ func GetDefaultPublicInternetAddressList() []string {
 	}
 }
 
-func (n *NetworkAddressLists) GetPublicInternetIPblocksList() (internetIPblocksList []*ipblock.IPBlock,
-	allInternetRagnes *ipblock.IPBlock, err error) {
+func (n *NetworkAddressLists) GetPublicInternetIPblocksList() (internetIPblocksList []*netset.IPBlock,
+	allInternetRagnes *netset.IPBlock, err error) {
 	if len(n.publicInternetAddressList) == 0 {
 		return ipStringsToIPblocks(GetDefaultPublicInternetAddressList())
 	}
 	return ipStringsToIPblocks(n.publicInternetAddressList)
 }
 
-func (n *NetworkAddressLists) GetServiceNetworkIPblocksList() (serviceNetworkIPblocksList []*ipblock.IPBlock,
-	serviceNetworkRagnes *ipblock.IPBlock, err error) {
+func (n *NetworkAddressLists) GetServiceNetworkIPblocksList() (serviceNetworkIPblocksList []*netset.IPBlock,
+	serviceNetworkRagnes *netset.IPBlock, err error) {
 	return ipStringsToIPblocks(n.serviceNetworkAddressList)
 }
 
@@ -219,14 +219,14 @@ func GetExternalNetworkNodes(disjointRefExternalIPBlocks []*netset.IPBlock) ([]N
 	}
 	for _, ipb := range disjointRefExternalIPBlocksServiceNetwork {
 		var isPublicInternet bool
-		if ipb.ContainedIn(serviceNetworkRagnes) {
+		if ipb.IsSubset(serviceNetworkRagnes) {
 			isPublicInternet = false
 		} else {
 			continue
 		}
 		cidrs := ipb.ToCidrList()
 		for _, cidr := range cidrs {
-			nodeIPBlock, err := ipblock.FromCidr(cidr)
+			nodeIPBlock, err := netset.IPBlockFromCidr(cidr)
 			if err != nil {
 				return nil, err
 			}