How to use Private Networks with Elastic Metal servers
Private Networks allow your Elastic Metal servers to communicate in an isolated and secure network without needing to be connected to the public Internet. This is an optional-billed feature, available with our Elastic Metal server ranges.
Each server can be connected to one or several Private Networks, letting you build your own network topologies. Private Networks’ built-in DHCP server manages the allocation of private IP addresses for Elastic Metal servers (and other resources) when they are attached to the network.
Private Networks allow your Elastic Metal servers to communicate with other Scaleway resources in an isolated and secure network, without the need of being connected to the public Internet.
You may need certain IAM permissions to carry out some actions described on this page. This means:
The Private Networks feature must be enabled on a per-server basis. Note that only Aluminium, Beryllium, and Lithium Elastic Metal servers are compatible with Private Networks.
You can enable/disable Private Networks on compatible Elastic Metal servers either during creation of the server, or afterward.
You can choose to enable the Private Networks feature during the creation of your Elastic Metal server. Simply use the toggle icon «Toogle Icon» when prompted by the creation wizard to enable the feature. If you do not enable the feature, it remains disabled by default.
- Navigate to the Elastic Metal servers page of the Scaleway console. A list of your Elastic Metal servers displays.
- Click the server for which you want to enable/disable the Private Networks feature. The server’s Overview page displays.
- Scroll to the Private Networks feature panel.
- Click Enable or Disable to enable/disable the Private Networks feature as required.
- Confirm the action when prompted.
Private Networks for Elastic Metal servers is a billable feature, and will be billed hourly or monthly depending on the type of Elastic Metal server you chose. If your Elastic Metal server is billed monthly and you disable the Private Networks feature after previously enabling it, you will still be billed for the feature for the current calendar month.
You can attach/detach Elastic Metal servers to a Private Network from either the Elastic Metal section of the console, or the VPC section.
- Navigate to the Elastic Metal page of the Scaleway console. A list of your Elastic Metal servers displays.
- Click the server you want to attach/detach from a Private Network.
- Click the Private Networks tab.
- Click Attach to a Private Network and continue to step 5. Otherwise, to detach your server from a Private Network, click the icon next to the Private Network and confirm the action when prompted.
- Select Attach to an existing Private Network, and choose a network from the drop-down list to attach your server to. Remember, only Private Networks in the same region as your server will be displayed.
- Select Attach to a new Private Network, and enter a name for the new Private Network you wish to create.
The Private Network will have default settings, meaning:
- Click Attach Private Network to confirm.
Creating a new Private Network from the VPC section of the console allows you to control which VPC you create it in, and to optionally create a custom CIDR block for the network.
You must configure the virtual network interface on each Elastic Metal server you have added to a Private Network. Traffic from the public Internet and traffic from a Private Network will pass through the same network interface of the Elastic Metal server. We must therefore separate the traffic by adding a VLAN interface.
The following commands show how to configure the network interface on an Elastic Metal server running Ubuntu. For other operating systems, check the distributor’s documentation.
Make a note of your Elastic Metal server’s VLAN ID. You can view this in the Private Networks tab of the Elastic Metal server in question.
Find the network interface using the
ip link showcommand:ip link show
The output will vary depending on the server, but here is an example:1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:002: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000link/ether 9c:b6:54:bb:6c:64 brd ff:ff:ff:ff:ff:ff3: eno2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000link/ether 9c:b6:54:bb:6c:65 brd ff:ff:ff:ff:ff:ff
In this case, the network interface is identified by
Enter the following command to add a virtual link to the network interface. Replace
1234with the VLAN ID you noted down in step 1 and
eno1(if necessary) with the relevant network interface name identified in step 3.sudo ip link add link eno1 name eno1.1234 type vlan id 1234
Enter the following command to bring up the virtual link. Make the necessary replacements for
1234as you did previously.sudo ip link set eno1.1234 up
If DHCP is activated on your Private Network and you are using a DHCP client, you do not need to continue to the next step. Your Elastic Metal server should be assigned an IP address which is compatible with our internal IPAM.
If you have not activated DHCP or do not have a DHCP client, proceed to the next step to manually configure an IP address.Important:
If you are running multiple virtual machines on an Elastic Metal server, our managed DHCP is not currently able to distribute IP addresses to your virtual machines. We recommend that you use the Public Gateway API or other devtools for Public Gateway, to make static DHCP reservations for your virtual machines on Elastic Metal.
Enter the following command to assign an IP address. Make the necessary replacements for
1234as you did previously.sudo ip addr add 10.10.10.10/24 dev eno1.1234
Log into your server as
Administrateurusing the Remote Desktop client.Note:
The default language of Windows Server installations is French. Make sure to use the user
Administrateurwhen connecting to your server. If required you can change the language of the operating system.
Launch the Server Manager application.
Click Local Server in the menu on the left. Then click NIC Teaming in the Properties section.
Click Tasks > New Team. Enter a team name of your choice (e.g.
default) and tick the checkbox NIC1. Then click OK.
Select the Team interfaces tab in the Adapters and Interfaces section. Click Tasks > Add interface. A pop-up displays.
Enter a name for the new interface (e.g.
default - VLAN 1234if your VLAN ID is 1234). Select Specific VLAN and enter the ID of your VLAN (e.g. 1234). Click OK to confirm.Important:
Two network interfaces display: Your VLAN and
default. Make sure to keep the default network, otherwise you will lose access to your server via the public Internet.
Click Start > Execute and type
ncpa.cpl. Then click OK to open the network connection manager.
Click on your VLAN network connection and right-click on it to open the menu. Click Properties to display the connection properties.
Select Internet Protocol version 4 (TCP/IPv4) and click Properties. A pop-up displays.
Click Use the following IP address and configure the IPv4 configuration of your Private Network. Then click OK to save your configuration.
Click Close to close the network interface properties.
You completed the configuration of your Private Network on Windows Server 2019.Tip:
You can use the
ipconfigcommand to verify your IP configuration from a command prompt.
Prior to deleting a Private Network, all resources attached to the network must be detached.
See our dedicated documentation how to delete a Private Network.