NavigationContentFooter
Jump toSuggest an edit

How to use Private Networks with Elastic Metal servers

Reviewed on 30 September 2024Published on 17 January 2022

Private Networks allow your Elastic Metal servers to communicate in an isolated and secure network without needing to be connected to the public internet. This is an optional-billed feature, available with our Elastic Metal server ranges.

Each server can be connected to one or several Private Networks, letting you build your own network topologies. Private Networks’ built-in DHCP server manages the allocation of private IP addresses for Elastic Metal servers (and other resources) when they are attached to the network.

Private Networks allow your Elastic Metal servers to communicate with other Scaleway resources in an isolated and secure network, without the need of being connected to the public internet.

Before you start

To complete the actions presented below, you must have:

  • A Scaleway account logged into the console
  • Owner status or IAM permissions allowing you to perform actions in the intended Organization
  • An Instance

How to enable and disable the Private Networks feature

Important

The Private Networks feature must be enabled on a per-server basis.

You can enable/disable Private Networks on compatible Elastic Metal servers either during creation of the server, or afterward.

During the creation of your Elastic Metal server

You can choose to enable the Private Networks feature during the creation of your Elastic Metal server. Simply use the toggle icon «Toogle Icon» when prompted by the creation wizard to enable the feature. If you do not enable the feature, it remains disabled by default.

After the creation of your Elastic Metal server

  1. Navigate to the Elastic Metal servers page of the Scaleway console. A list of your Elastic Metal servers displays.
  2. Click the server for which you want to enable/disable the Private Networks feature. The server’s Overview page displays.
  3. Scroll to the Private Networks feature panel.
  4. Click Enable or Disable to enable/disable the Private Networks feature as required.
  5. Confirm the action when prompted.
    Note

    Private Networks for Elastic Metal servers is a billable feature, and will be billed hourly or monthly depending on the type of Elastic Metal server you chose. If your Elastic Metal server is billed monthly and you disable the Private Networks feature after previously enabling it, you will still be billed for the feature for the current calendar month.

How to attach and detach Elastic Metal servers to a Private Network

You can attach/detach Elastic Metal servers to a Private Network from either the Elastic Metal section of the console, or the VPC section.

You can also reserve IP addresses with IPAM and attach them to specific MAC addresses, to facilitate the attachment of virtual machines hosted on your server, to Private Networks. See the IPAM documentation on reserving a private IP with an attached MAC address for more information.

From the Elastic Metal section of the console

  1. Navigate to the Elastic Metal page of the Scaleway console. A list of your Elastic Metal servers displays.
  2. Click the server you want to attach/detach from a Private Network.
  3. Click the Private Networks tab.
  4. Click Attach to a Private Network and continue to step 5. Otherwise, to detach your server from a Private Network, click the icon next to the Private Network and confirm the action when prompted.
  5. Either:
    • Select Attach to an existing Private Network, and choose a network from the drop-down list to attach your server to. Remember, only Private Networks in the same region as your server will be displayed.
    • Select Attach to a new Private Network, and enter a name for the new Private Network you wish to create.
    Note

    The Private Network will have default settings, meaning:

    • It is created in your default VPC for the region
    • It has an auto-generated CIDR block used to allocate private IP addresses to servers attached to the network. Each attached Elastic Metal server will get an IPv4 and an IPv6 address on the Private Network.
  6. Choose whether to auto-allocate an available IP from the pool (the CIDR block defined at the time of creating the Private Network), or use a reserved IP address for the attachment. You must make this choice for both the IPv4 and IPv6 address that the Elastic Metal server will have on this Private Network.
  7. Click Attach to Private Network to confirm.

From the VPC section of the console

Creating a new Private Network from the VPC section of the console allows you to control which VPC you create it in, and to optionally create a custom CIDR block for the network.

See our dedicated documentation how to create a Private Network and how to attach resources from the VPC section of the console.

How to configure the network interface on your Elastic Metal server for Private Networks

You must configure the virtual network interface on each Elastic Metal server you have added to a Private Network. Traffic from the public internet and traffic from a Private Network will pass through the same network interface of the Elastic Metal server. We must therefore separate the traffic by adding a VLAN interface.

Important

The following commands show how to configure the network interface on an Elastic Metal server running Ubuntu. For other operating systems, check the distributor’s documentation.

  1. Make a note of your Elastic Metal server’s VLAN ID. You can view this in the Private Networks tab of the Elastic Metal server in question.

  2. Connect to your Elastic Metal server via SSH.

  3. Find the network interface using the ip link show command:

    ip link show

    The output will vary depending on the server, but here is an example:

    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 9c:b6:54:bb:6c:64 brd ff:ff:ff:ff:ff:ff
    3: eno2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether 9c:b6:54:bb:6c:65 brd ff:ff:ff:ff:ff:ff

    In this case, the network interface is identified by eno1.

  4. Enter the following command to add a virtual link to the network interface. Replace 1234 with the VLAN ID you noted down in step 1 and eno1 (if necessary) with the relevant network interface name identified in step 3.

    sudo ip link add link eno1 name eno1.1234 type vlan id 1234
  5. Enter the following command to bring up the virtual link. Make the necessary replacements for eno1 and 1234 as you did previously.

    sudo ip link set eno1.1234 up

    If DHCP is activated on your Private Network and you are using a DHCP client, you do not need to continue to the next step. Your Elastic Metal server should be assigned an IP address which is compatible with our internal IPAM.

    If you have not activated DHCP or do not have a DHCP client, proceed to the next step to manually configure an IP address.

    Important

    If you are running multiple virtual machines on an Elastic Metal server, our managed DHCP is not currently able to distribute IP addresses to your virtual machines. We recommend that you use the IPAM API to book IP addresses for your virtual machines, and assign them manually.

  6. Enter the following command to assign an IP address. Make the necessary replacements for eno1 and 1234 as you did previously.

    sudo ip addr add 10.10.10.10/24 dev eno1.1234
  7. Optionally persist this configuration across reboots by creating a new netplan configuration. Make the necessary replacements for eno1 and 1234 as you did previously.

    # e.g.: /etc/netplan/51-private-networks.yaml
    network:
    version: 2
    vlans:
    eno1.1234:
    id: 1234
    link: eno1
    addresses:
    - 10.10.10.10/24
    Tip
    • To test your configuration before applying it, use the sudo netplan try command. Once tested, apply the configuration with sudo netplan apply.
    • Ensure that you have defined the same adapter name (eno1) for the default network interface in the default Netplan configuration file (/etc/netplan/50-cloud-init.yaml) before applying the new configuration.

How to configure the Private Network on Windows Server 2019

  1. Log into your server as Administrateur using the Remote Desktop client.

    Note

    The default language of Windows Server installations is French. Make sure to use the user Administrateur when connecting to your server. If required, you can change the language of the operating system.

  2. Launch the Server Manager application.

  3. Click Local Server in the menu on the left. Then click NIC Teaming in the Properties section.

  4. Click Tasks > New Team. Enter a team name of your choice (e.g. default) and tick the checkbox NIC1. Then click OK.

  5. Select the Team interfaces tab in the Adapters and Interfaces section. Click Tasks > Add interface. A pop-up displays.

  6. Enter a name for the new interface (e.g. default - VLAN 1234 if your VLAN ID is 1234). Select Specific VLAN and enter the ID of your VLAN (e.g. 1234). Click OK to confirm.

    Important

    Two network interfaces display: Your VLAN and default. Make sure to keep the default network, otherwise you will lose access to your server via the public internet.

  7. Click Start > Execute and type ncpa.cpl. Then click OK to open the network connection manager.

  8. Click on your VLAN network connection and right-click on it to open the menu. Click Properties to display the connection properties.

  9. Select Internet Protocol version 4 (TCP/IPv4) and click Properties. A pop-up displays.

  10. Click Use the following IP address and configure the IPv4 configuration of your Private Network. Then click OK to save your configuration.

  11. Click Close to close the network interface properties.

    You completed the configuration of your Private Network on Windows Server 2019.

    Tip

    You can use the ipconfig command to verify your IP configuration from a command prompt.

How to delete a Private Network

Note

Before deleting a Private Network, you must detach all resources attached to it.

See our dedicated documentation how to delete a Private Network.

See also
How to configure reverse DNS of a flexible IPHow to enable SMTP
Was this page helpful?
API DocsScaleway consoleDedibox consoleScaleway LearningScaleway.comPricingBlogCareers
© 2023-2024 – Scaleway