Jump toUpdate content

How to use Private Networks with Elastic Metal servers

Reviewed on 11 September 2023Published on 17 January 2022

Private Networks allow your Elastic Metal servers to communicate in an isolated and secure network without needing to be connected to the public Internet. This is an optional-billed feature, available with our Elastic Metal server ranges.

Each server can be connected to one or several Private Networks, letting you build your own network topologies. Private Networks’ built-in DHCP server manages the allocation of private IP addresses for Elastic Metal servers (and other resources) when they are attached to the network.

Private Networks allow your Elastic Metal servers to communicate with other Scaleway resources in an isolated and secure network, without the need of being connected to the public Internet.

Security & Identity (IAM):

You may need certain IAM permissions to carry out some actions described on this page. This means:

  • you are the Owner of the Scaleway Organization in which the actions will be carried out, or
  • you are an IAM user of the Organization, with a policy granting you the necessary permission sets
Requirements:

How to enable and disable the Private Networks feature

The Private Networks feature must be enabled on a per-server basis. Note that only Aluminium, Beryllium, and Lithium Elastic Metal servers are compatible with Private Networks.

You can enable/disable Private Networks on compatible Elastic Metal servers either during creation of the server, or afterward.

During the creation of your Elastic Metal server

You can choose to enable the Private Networks feature during the creation of your Elastic Metal server. Simply use the toggle icon «Toogle Icon» when prompted by the creation wizard to enable the feature. If you do not enable the feature, it remains disabled by default.

After the creation of your Elastic Metal server

  1. Navigate to the Elastic Metal servers page of the Scaleway console. A list of your Elastic Metal servers displays.
  2. Click the server for which you want to enable/disable the Private Networks feature. The server’s Overview page displays.
  3. Scroll to the Private Networks feature panel.
  4. Click Enable or Disable to enable/disable the Private Networks feature as required.
  5. Confirm the action when prompted.
    Note:

    Private Networks for Elastic Metal servers is a billable feature, and will be billed hourly or monthly depending on the type of Elastic Metal server you chose. If your Elastic Metal server is billed monthly and you disable the Private Networks feature after previously enabling it, you will still be billed for the feature for the current calendar month.

How to attach and detach Elastic Metal servers to a Private Network

You can attach/detach Elastic Metal servers to a Private Network from either the Elastic Metal section of the console, or the VPC section.

From the Elastic Metal section of the console

  1. Navigate to the Elastic Metal page of the Scaleway console. A list of your Elastic Metal servers displays.
  2. Click the server you want to attach/detach from a Private Network.
  3. Click the Private Networks tab.
  4. Click Attach to a Private Network and continue to step 5. Otherwise, to detach your server from a Private Network, click the icon next to the Private Network and confirm the action when prompted.
  5. Either:
    • Select Attach to an existing Private Network, and choose a network from the drop-down list to attach your server to. Remember, only Private Networks in the same region as your server will be displayed.
    • Select Attach to a new Private Network, and enter a name for the new Private Network you wish to create.
    Note:

    The Private Network will have default settings, meaning:

    • It is created in your default VPC for the region
    • It has an auto-generated CIDR block used to allocate private IP addresses to servers attached to the network. Each attached Elastic Metal server will get an IPv4 and an IPv6 address on the Private Network.
  6. Click Attach Private Network to confirm.

From the VPC section of the console

Creating a new Private Network from the VPC section of the console allows you to control which VPC you create it in, and to optionally create a custom CIDR block for the network.

See our dedicated documentation how to create a Private Network and how to attach resources from the VPC section of the console.

How to configure the network interface on your Elastic Metal server for Private Networks

You must configure the virtual network interface on each Elastic Metal server you have added to a Private Network. Traffic from the public Internet and traffic from a Private Network will pass through the same network interface of the Elastic Metal server. We must therefore separate the traffic by adding a VLAN interface.

Important:

The following commands show how to configure the network interface on an Elastic Metal server running Ubuntu. For other operating systems, check the distributor’s documentation.

  1. Make a note of your Elastic Metal server’s VLAN ID. You can view this in the Private Networks tab of the Elastic Metal server in question.

  2. Connect to your Elastic Metal server via SSH.

  3. Find the network interface using the ip link show command:

    ip link show

    The output will vary depending on the server, but here is an example:

    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 9c:b6:54:bb:6c:64 brd ff:ff:ff:ff:ff:ff
    3: eno2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether 9c:b6:54:bb:6c:65 brd ff:ff:ff:ff:ff:ff

    In this case, the network interface is identified by eno1.

  4. Enter the following command to add a virtual link to the network interface. Replace 1234 with the VLAN ID you noted down in step 1 and eno1 (if necessary) with the relevant network interface name identified in step 3.

    sudo ip link add link eno1 name eno1.1234 type vlan id 1234
  5. Enter the following command to bring up the virtual link. Make the necessary replacements for eno1 and 1234 as you did previously.

    sudo ip link set eno1.1234 up

    If DHCP is activated on your Private Network and you are using a DHCP client, you do not need to continue to the next step. Your Elastic Metal server should be assigned an IP address which is compatible with our internal IPAM.

    If you have not activated DHCP or do not have a DHCP client, proceed to the next step to manually configure an IP address.

    Important:

    If you are running multiple virtual machines on an Elastic Metal server, our managed DHCP is not currently able to distribute IP addresses to your virtual machines. We recommend that you use the Public Gateway API or other devtools for Public Gateway, to make static DHCP reservations for your virtual machines on Elastic Metal.

  6. Enter the following command to assign an IP address. Make the necessary replacements for eno1 and 1234 as you did previously.

    sudo ip addr add 10.10.10.10/24 dev eno1.1234

How to configure the Private Network on Windows Server 2019

  1. Log into your server as Administrateur using the Remote Desktop client.

    Note:

    The default language of Windows Server installations is French. Make sure to use the user Administrateur when connecting to your server. If required you can change the language of the operating system.

  2. Launch the Server Manager application.

  3. Click Local Server in the menu on the left. Then click NIC Teaming in the Properties section.

  4. Click Tasks > New Team. Enter a team name of your choice (e.g. default) and tick the checkbox NIC1. Then click OK.

  5. Select the Team interfaces tab in the Adapters and Interfaces section. Click Tasks > Add interface. A pop-up displays.

  6. Enter a name for the new interface (e.g. default - VLAN 1234 if your VLAN ID is 1234). Select Specific VLAN and enter the ID of your VLAN (e.g. 1234). Click OK to confirm.

    Important:

    Two network interfaces display: Your VLAN and default. Make sure to keep the default network, otherwise you will lose access to your server via the public Internet.

  7. Click Start > Execute and type ncpa.cpl. Then click OK to open the network connection manager.

  8. Click on your VLAN network connection and right-click on it to open the menu. Click Properties to display the connection properties.

  9. Select Internet Protocol version 4 (TCP/IPv4) and click Properties. A pop-up displays.

  10. Click Use the following IP address and configure the IPv4 configuration of your Private Network. Then click OK to save your configuration.

  11. Click Close to close the network interface properties.

    You completed the configuration of your Private Network on Windows Server 2019.

    Tip:

    You can use the ipconfig command to verify your IP configuration from a command prompt.

How to test your Private Network configuration

See our instructions for testing an Instance Private Network configuration.

How to delete a Private Network

Note:

Prior to deleting a Private Network, all resources attached to the network must be detached.

See our dedicated documentation how to delete a Private Network.

See Also