How to use Private Networks with Elastic Metal servers

Reviewed on April 07, 2025

Private Networks allow your Elastic Metal servers to communicate in an isolated and secure network without needing to be connected to the public internet. This is an optional-billed feature, available with our Elastic Metal server ranges.

Each server can be connected to one or several Private Networks, letting you build your own network topologies. Private Networks' built-in DHCP server manages the allocation of private IP addresses for Elastic Metal servers (and other resources) when they are attached to the network.

Private Networks allow your Elastic Metal servers to communicate with other Scaleway resources in an isolated and secure network, without the need of being connected to the public internet.

Before you start

To complete the actions presented below, you must have:

A Scaleway account logged into the console
Owner status or IAM permissions allowing you to perform actions in the intended Organization
An Instance

How to enable and disable the Private Networks feature

Important

The Private Networks feature must be enabled on a per-server basis.

You can enable/disable Private Networks on compatible Elastic Metal servers either during creation of the server, or afterward.

During the creation of your Elastic Metal server

You can choose to enable the Private Networks feature during the creation of your Elastic Metal server. Simply use the toggle icon toggle icon when prompted by the creation wizard to enable the feature. If you do not enable the feature, it remains disabled by default.

After the creation of your Elastic Metal server

Navigate to the Elastic Metal servers page of the Scaleway console. A list of your Elastic Metal servers displays.
Click the server for which you want to enable/disable the Private Networks feature. The server's Overview page displays.
Scroll to the Private Networks feature panel.
Click Enable or Disable to enable/disable the Private Networks feature as required.
Confirm the action when prompted.
Note
Private Networks for Elastic Metal servers is a billable feature, and will be billed hourly or monthly depending on the type of Elastic Metal server you chose. If your Elastic Metal server is billed monthly and you disable the Private Networks feature after previously enabling it, you will still be billed for the feature for the current calendar month.

How to attach and detach Elastic Metal servers to a Private Network

You can attach/detach Elastic Metal servers to a Private Network from either the Elastic Metal section of the console, or the VPC section.

You can also attach custom resources, such as virtual machines hosted on your Elastic Metal server, to Private Networks, by specifying their MAC addresses upon attachment. Follow the instructions for attaching such a resource in the Private Networks documentation.

From the Elastic Metal section of the console

Navigate to the Elastic Metal page of the Scaleway console. A list of your Elastic Metal servers displays.
Click the server you want to attach/detach from a Private Network.
Click the Private Networks tab.
Click Attach to a Private Network and continue to step 5. Otherwise, to detach your server from a Private Network, click the icon next to the Private Network and confirm the action when prompted.
Either:
- Select Attach to an existing Private Network, and choose a network from the drop-down list to attach your server to. Remember, only Private Networks in the same region as your server will be displayed.
- Select Attach to a new Private Network, and enter a name for the new Private Network you wish to create.
Note
The Private Network will have default settings, meaning:

It is created in your default VPC for the region, if you have one. If you do not have an existing VPC for the appropriate region, you must create one first.

It has an auto-generated CIDR block used to allocate private IP addresses to servers attached to the network. Each attached Elastic Metal server will get an IPv4 and an IPv6 address on the Private Network.
Choose whether to auto-allocate an available IP from the pool (the CIDR block defined at the time of creating the Private Network), or use a reserved IP address for the attachment. You must make this choice for both the IPv4 and IPv6 address that the Elastic Metal server will have on this Private Network.
Click Attach to Private Network to confirm.

From the VPC section of the console

Creating a new Private Network from the VPC section of the console allows you to control which VPC you create it in, and to optionally create a custom CIDR block for the network.

See our dedicated documentation how to create a Private Network and how to attach resources from the VPC section of the console.

How to configure the network interface on your Elastic Metal server for Private Networks

You must configure the virtual network interface on each Elastic Metal server you have added to a Private Network. Traffic from the public internet and traffic from a Private Network will pass through the same network interface of the Elastic Metal server. We must therefore separate the traffic by adding a VLAN interface.

Important

The following commands show how to configure the network interface on an Elastic Metal server running Ubuntu. For other operating systems, check the distributor's documentation.

Make a note of your Elastic Metal server's VLAN ID. You can view this in the Private Networks tab of the Elastic Metal server in question.
Connect to your Elastic Metal server via SSH.

Find the network interface using the ip link show command:

ip link show

The output will vary depending on the server, but here is an example:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
  link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 9c:b6:54:bb:6c:64 brd ff:ff:ff:ff:ff:ff
3: eno2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether 9c:b6:54:bb:6c:65 brd ff:ff:ff:ff:ff:ff

In this case, the network interface is identified by eno1.

Enter the following command to add a virtual link to the network interface. Replace 1234 with the VLAN ID you noted down in step 1 and eno1 (if necessary) with the relevant network interface name identified in step 3.
```
sudo ip link add link eno1 name eno1.1234 type vlan id 1234
```
Enter the following command to bring up the virtual link. Make the necessary replacements for eno1 and 1234 as you did previously.
```
sudo ip link set eno1.1234 up
```
If DHCP is activated on your Private Network and you are using a DHCP client, you do not need to continue to the next step. Your Elastic Metal server should be assigned an IP address which is compatible with our internal IPAM.

If you have not activated DHCP or do not have a DHCP client, proceed to the next step to manually configure an IP address.

Important
If you are running multiple virtual machines on an Elastic Metal server, our managed DHCP is not currently able to distribute IP addresses to your virtual machines. We recommend that you use the IPAM API to book IP addresses for your virtual machines, and assign them manually.
Enter the following command to assign an IP address. Make the necessary replacements for eno1 and 1234 as you did previously.
```
sudo ip addr add 10.10.10.10/24 dev eno1.1234
```
Optionally persist this configuration across reboots by creating a new netplan configuration. Make the necessary replacements for eno1 and 1234 as you did previously.
```
# e.g.: /etc/netplan/51-private-networks.yaml
network:
  version: 2
  vlans:
    eno1.1234:
      id: 1234
      link: eno1
      addresses:
        - 10.10.10.10/24
```
Tip

To test your configuration before applying it, use the sudo netplan try command. Once tested, apply the configuration with sudo netplan apply.

Ensure that you have defined the same adapter name (eno1) for the default network interface in the default Netplan configuration file (/etc/netplan/50-cloud-init.yaml) before applying the new configuration.

How to configure the Private Network on Windows Server 2019 and 2022

Log into your server as Administrateur using the Remote Desktop client.
Note
The default language of Windows Server installations is French. Make sure to use the user Administrateur when connecting to your server. If required, you can change the language of the operating system.
Launch the Server Manager application.
Click Local Server in the menu on the left. Then click NIC Teaming in the Properties section.
Click Tasks > New Team. Enter a team name of your choice (e.g. default) and tick the checkbox NIC1. Then click OK.
Select the Team interfaces tab in the Adapters and Interfaces section. Click Tasks > Add interface. A pop-up displays.
Enter a name for the new interface (e.g. default - VLAN 1234 if your VLAN ID is 1234). Select Specific VLAN and enter the ID of your VLAN (e.g. 1234). Click OK to confirm.
Important
Two network interfaces display: Your VLAN and default. Make sure to keep the default network, otherwise you will lose access to your server via the public internet.

Static IP configuration (optional)

Important

If you are running multiple virtual machines on an Elastic Metal server, our managed DHCP is not currently able to distribute IP addresses to your virtual machines. We recommend that you use the IPAM API to book IP addresses for your virtual machines, and assign them manually.

Click Start > Run and type ncpa.cpl. Then click OK to open the network connection manager.
Click on your VLAN network connection and right-click on it to open the menu. Click Properties to display the connection properties.
Select Internet Protocol version 4 (TCP/IPv4) and click Properties. A pop-up displays.
Click Use the following IP address and configure the IPv4 configuration of your Private Network. Then click OK to save your configuration.

Tip
To know what netmask and IP address to configure, refer to the Private Network menu for your Elastic Metal server in the Scaleway console.
Click Close to close the network interface properties.

Tip
You can use the ipconfig command to verify your IP configuration from a command prompt.

Additional configuration for virtual machines running on Hyper-V

If you are running virtual machines with Hyper-V, refer to the Microsoft documentation regarding Hyper-V and VLANs.

Note

Since Windows Server 2022 came out, the procedure differs from Windows 2019. LBFO (a Hyper-V switch related to NIC teaming) has been deprecated and replaced by SET (Switch Embedded Teaming). This change may introduce limitations regarding VLAN assignment for multiple VMs on clusters of Elastic Metal servers.

Below is an example of how to connect one Private Network to a virtual machine created by Hyper-V on a Windows Server 2022 host (the Elastic Metal server's operating system).

Open a PowerShell terminal and run the following command:
```
Get-NetAdapter
```
Important
Do not enable NIC Teaming on the host.

This command will display the network interface names. Copy the name of the interface that is "Up".

Create a new VMSwitch:

New-VMSwitch -Name "SET Team" -NetAdapterName "<NAME OF THE NETWORK INTERFACE>" -EnableEmbeddedTeaming $true

Create a "custom" resource in the Private Network.
When creating the VM, select the SET switch in the networking creation menu.
Copy the MAC address of the VM from the Network adapter section of the VM settings, under the Advanced features subsection.
Change the Virtual Machine settings:
- Go to the "Network adapter" section of the VM in Hyper-V.
- Set the VLAN ID (copy it from the Private Network menu in the Elastic Metal server console).

How to delete a Private Network

Note

Before deleting a Private Network, you must detach all resources attached to it.

See our dedicated documentation how to delete a Private Network.