The Private Networks feature must be enabled on a per-server basis.
How to use Private Networks with Elastic Metal servers
Private Networks allow your Elastic Metal servers to communicate in an isolated and secure network without needing to be connected to the public internet. This is an optional-billed feature, available with our Elastic Metal server ranges.
Each server can be connected to one or several Private Networks, letting you build your own network topologies. Private Networks’ built-in DHCP server manages the allocation of private IP addresses for Elastic Metal servers (and other resources) when they are attached to the network.
Private Networks allow your Elastic Metal servers to communicate with other Scaleway resources in an isolated and secure network, without the need of being connected to the public internet.
Before you start
To complete the actions presented below, you must have:
- A Scaleway account logged into the console
- Owner status or IAM permissions allowing you to perform actions in the intended Organization
- An Instance
How to enable and disable the Private Networks feature
You can enable/disable Private Networks on compatible Elastic Metal servers either during creation of the server, or afterward.
During the creation of your Elastic Metal server
You can choose to enable the Private Networks feature during the creation of your Elastic Metal server. Simply use the toggle icon «Toogle Icon» when prompted by the creation wizard to enable the feature. If you do not enable the feature, it remains disabled by default.
After the creation of your Elastic Metal server
- Navigate to the Elastic Metal servers page of the Scaleway console. A list of your Elastic Metal servers displays.
- Click the server for which you want to enable/disable the Private Networks feature. The server’s Overview page displays.
- Scroll to the Private Networks feature panel.
- Click Enable or Disable to enable/disable the Private Networks feature as required.
- Confirm the action when prompted.
Note
Private Networks for Elastic Metal servers is a billable feature, and will be billed hourly or monthly depending on the type of Elastic Metal server you chose. If your Elastic Metal server is billed monthly and you disable the Private Networks feature after previously enabling it, you will still be billed for the feature for the current calendar month.
How to attach and detach Elastic Metal servers to a Private Network
You can attach/detach Elastic Metal servers to a Private Network from either the Elastic Metal section of the console, or the VPC section.
You can also reserve IP addresses with IPAM and attach them to specific MAC addresses, to facilitate the attachment of virtual machines hosted on your server, to Private Networks. See the IPAM documentation on reserving a private IP with an attached MAC address for more information.
From the Elastic Metal section of the console
- Navigate to the Elastic Metal page of the Scaleway console. A list of your Elastic Metal servers displays.
- Click the server you want to attach/detach from a Private Network.
- Click the Private Networks tab.
- Click Attach to a Private Network and continue to step 5. Otherwise, to detach your server from a Private Network, click the icon next to the Private Network and confirm the action when prompted.
- Either:
- Select Attach to an existing Private Network, and choose a network from the drop-down list to attach your server to. Remember, only Private Networks in the same region as your server will be displayed.
- Select Attach to a new Private Network, and enter a name for the new Private Network you wish to create.
NoteThe Private Network will have default settings, meaning:
- It is created in your default VPC for the region
- It has an auto-generated CIDR block used to allocate private IP addresses to servers attached to the network. Each attached Elastic Metal server will get an IPv4 and an IPv6 address on the Private Network.
- Choose whether to auto-allocate an available IP from the pool (the CIDR block defined at the time of creating the Private Network), or use a reserved IP address for the attachment. You must make this choice for both the IPv4 and IPv6 address that the Elastic Metal server will have on this Private Network.
- Click Attach to Private Network to confirm.
From the VPC section of the console
Creating a new Private Network from the VPC section of the console allows you to control which VPC you create it in, and to optionally create a custom CIDR block for the network.
See our dedicated documentation how to create a Private Network and how to attach resources from the VPC section of the console.
How to configure the network interface on your Elastic Metal server for Private Networks
You must configure the virtual network interface on each Elastic Metal server you have added to a Private Network. Traffic from the public internet and traffic from a Private Network will pass through the same network interface of the Elastic Metal server. We must therefore separate the traffic by adding a VLAN interface.
The following commands show how to configure the network interface on an Elastic Metal server running Ubuntu. For other operating systems, check the distributor’s documentation.
-
Make a note of your Elastic Metal server’s VLAN ID. You can view this in the Private Networks tab of the Elastic Metal server in question.
-
Find the network interface using the
ip link show
command:ip link showThe output will vary depending on the server, but here is an example:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:002: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000link/ether 9c:b6:54:bb:6c:64 brd ff:ff:ff:ff:ff:ff3: eno2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000link/ether 9c:b6:54:bb:6c:65 brd ff:ff:ff:ff:ff:ffIn this case, the network interface is identified by
eno1
. -
Enter the following command to add a virtual link to the network interface. Replace
1234
with the VLAN ID you noted down in step 1 andeno1
(if necessary) with the relevant network interface name identified in step 3.sudo ip link add link eno1 name eno1.1234 type vlan id 1234 -
Enter the following command to bring up the virtual link. Make the necessary replacements for
eno1
and1234
as you did previously.sudo ip link set eno1.1234 upIf DHCP is activated on your Private Network and you are using a DHCP client, you do not need to continue to the next step. Your Elastic Metal server should be assigned an IP address which is compatible with our internal IPAM.
If you have not activated DHCP or do not have a DHCP client, proceed to the next step to manually configure an IP address.
ImportantIf you are running multiple virtual machines on an Elastic Metal server, our managed DHCP is not currently able to distribute IP addresses to your virtual machines. We recommend that you use the IPAM API to book IP addresses for your virtual machines, and assign them manually.
-
Enter the following command to assign an IP address. Make the necessary replacements for
eno1
and1234
as you did previously.sudo ip addr add 10.10.10.10/24 dev eno1.1234 -
Optionally persist this configuration across reboots by creating a new netplan configuration. Make the necessary replacements for
eno1
and1234
as you did previously.# e.g.: /etc/netplan/51-private-networks.yamlnetwork:version: 2vlans:eno1.1234:id: 1234link: eno1addresses:- 10.10.10.10/24Tip- To test your configuration before applying it, use the
sudo netplan try
command. Once tested, apply the configuration withsudo netplan apply
. - Ensure that you have defined the same adapter name (
eno1
) for the default network interface in the default Netplan configuration file (/etc/netplan/50-cloud-init.yaml
) before applying the new configuration.
- To test your configuration before applying it, use the
How to configure the Private Network on Windows Server 2019
-
Log into your server as
Administrateur
using the Remote Desktop client.NoteThe default language of Windows Server installations is French. Make sure to use the user
Administrateur
when connecting to your server. If required, you can change the language of the operating system. -
Launch the Server Manager application.
-
Click Local Server in the menu on the left. Then click NIC Teaming in the Properties section.
-
Click Tasks > New Team. Enter a team name of your choice (e.g.
default
) and tick the checkbox NIC1. Then click OK. -
Select the Team interfaces tab in the Adapters and Interfaces section. Click Tasks > Add interface. A pop-up displays.
-
Enter a name for the new interface (e.g.
default - VLAN 1234
if your VLAN ID is 1234). Select Specific VLAN and enter the ID of your VLAN (e.g. 1234). Click OK to confirm.ImportantTwo network interfaces display: Your VLAN and
default
. Make sure to keep the default network, otherwise you will lose access to your server via the public internet. -
Click Start > Execute and type
ncpa.cpl
. Then click OK to open the network connection manager. -
Click on your VLAN network connection and right-click on it to open the menu. Click Properties to display the connection properties.
-
Select Internet Protocol version 4 (TCP/IPv4) and click Properties. A pop-up displays.
-
Click Use the following IP address and configure the IPv4 configuration of your Private Network. Then click OK to save your configuration.
-
Click Close to close the network interface properties.
You completed the configuration of your Private Network on Windows Server 2019.
TipYou can use the
ipconfig
command to verify your IP configuration from a command prompt.
How to delete a Private Network
Before deleting a Private Network, you must detach all resources attached to it.
See our dedicated documentation how to delete a Private Network.