Jump toUpdate content
How to use Private Networks with your Instances
Private Networks allow your Instances to communicate in an isolated and secure network without needing to be connected to the public Internet. Each Instance can be connected to one or several Private Networks, letting you build your own network topologies.
Private Networks are LAN-like layer 2 ethernet networks. A new network interface with a unique media access control address (MAC address) is configured on each Instance in a Private Network.
You may need certain IAM permissions to carry out some actions described on this page. This means:
- you are the Owner of the Scaleway Organization in which the actions will be carried out, or
- you are an IAM user of the Organization, with a policy granting you the necessary permission sets
- You have an account and are logged into the Scaleway console
- You have created an Instance
How to create a Private Network
- Click Instances (A) in the Compute section of the side menu. The Instances page displays.
- Click the Instance you want to add a Private Network to.
- Click the Private Networks tab.
- Click the Create a Private Network button (C). The creation wizard displays.
- Select Create and attach a new Private Network
- Enter a Name for your Private Network, or leave the randomly-generated name in place.
- Click Create a Private Network to finish. Your Private Network is created. You are taken back to the Private Networks tab, where your new Private Network is now displayed in the list.
How to attach Instances to a Private Network
-
Navigate to the Private Networks tab (click Instances in the Compute section of the side menu, then click Private Networks)
-
Click the Private Network you want to add Instances to (A). Alternatively, click the … icon next to the Private Network in question and select More Info from the dropdown list (B).
You are taken to the Overview page for that network.
-
Click the Instances tab (A).
-
Use the drop down menu to select an Instance to add to your Private Network (B), then click Add Instance.
Note:Only Instances from the same Availability Zone as your Private Network will be available in the drop down menu.
You are taken back to the Instance tab, where the Instance you just added displays in the list along with its associated MAC address.
How to detach Instances from a Private Network
-
Navigate to the Instances tab of the Private Network in question (see steps 1-3 above). The list of Instances attached to this Private Network displays.
-
Click the unlink button next to the Instance you wish to detach from the Private Network. A pop up displays, asking you to confirm.
-
Click Detach this Instance.
You are taken back to the Instances tab, where the Instance you just detached is now removed from the list.
How to configure the Private Network interface on your Instances
Once you have added all the required Instances to a Private Network, you should configure the virtual network interface on each one.
While it is theoretically possible to use any IP range within your Private Network, it is not recommended to use any IP subnets that are publicly routed. Whilst the configuration may work for your Instances to communicate with each other, you might experience connectivity issues to machines on the public Internet within these ranges. It is therefore recommended that you configure your Private Network using IPs from the following private IP ranges:
192.168.0.0
-192.168.255.255
(65,536 IP addresses) and172.16.0.0
-172.31.255.255
(1,048,576 IP addresses)
You can use any subnet mask allowed by these ranges. The only constraint is that all interfaces in the same Private Network must be configured with the same subnet mask. If you are not sure, use/24
for your Private Network. Using the10.0.0.0/8
private IP range is not recommended, as this block is used for Instances’ own private IPs and infrastructure services. This is only recommended for expert users.
-
Connect to the Instance using SSH.
-
Find the virtual interface corresponding to the Private Network using the
ip link show
command:root@virtual-instance:~# ip link show1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:002: ens2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000link/ether de:1c:94:64:20:44 brd ff:ff:ff:ff:ff:ff3: ens5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000link/ether 02:00:00:00:1a:ae brd ff:ff:ff:ff:ff:ffThe Private Network interface can be identified by its associated MAC address, which always begins with
02:00:00:xx:yy:zz
.Note:The network interface names may be different, depending on the operating system and the release you use.
-
For convenience, give a more significant name (e.g.
priv0
) to the Private Network interface. Configure the new interface name as follows:root@virtual-instance:~# ip link set down dev ens5root@virtual-instance:~# ip link set name priv0 dev ens5root@virtual-instance:~# ip link set up dev priv0 -
Make these changes persistent at reboot to ensure the Private Networks interface always gets the same name based on its MAC address. This is done by adding the following rule to the
/etc/udev/rules.d/75-persistent-net-generator.rules
file:SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="02:00:00:00:1a:ae", NAME="priv0"Note:If you want to attach a server to multiple Private Networks, create a rule for each network by replacing the MAC address and the interface name
priv0
bypriv1
,priv2
and so on.
How to configure the Private Networks IP address
Once you have brought up the Private Network via the previous steps, you need to configure its IP address. The steps required to configure the IP address change depending on your Linux distribution:
IP Configuration on Debian & Ubuntu (up to 16.04) Distributions
-
On one of the Instances attached to the Private Network, open the file
/etc/network/interfaces
in a text editor and add an interface configuration for the Private Network interface (calledpriv0
) as follows:# interfaces(5) file used by ifup(8) and ifdown(8)# from Scaleway# The loopback network interfaceauto loiface lo inet loopback# Network configuration for Private Network "pvn-hungry-albattani":auto priv0iface priv0 inet staticaddress 192.168.42.2netmask 255.255.255.0# Include all other interfaces from /etc/network/interfaces.d:source /etc/network/interfaces.d/*.cfgIn this example the IP subnet
192.168.42.0/24
is being used. The IP address of the Instance is set to192.168.42.2
and the corresponding netmaks is configured as255.255.255.0
.Once the interface is configured, save the file and exit the text editor.
-
Restart the network service using the following command to bring the configured network up:
root@virtual-instance:~# systemctl restart network.service -
Repeat these steps on the other Instances attached to the Private Network.
IP Configuration on Ubuntu (18.04 and 20.04) Distributions using Netplan
-
To configure a static IP address on the Private Network interface (previously named
priv0
), open the Netplan configuration file and configure the interface as follows:Note:The location of the Netplan configuration file varies depending on the Ubuntu release:
- Ubuntu 20.04:
/etc/netplan/00-installer-config.yaml
- Ubuntu 18.04:
/etc/netplan/01-netcfg.yaml
network:version: 2renderer: networkdethernets:priv0:addresses: [192.168.42.2/24]In this example the IP subnet
192.168.42.0/24
is being used.Once the interface is configured, save the file and exit the editor.
- Ubuntu 20.04:
-
Bring the interface up using the command
netplan apply
. -
Repeat these steps on the other Instances that will communicate within the Private Network.
IP Configuration on CentOS
-
Open the file
/etc/sysconfig/network-scripts/ifcfg-priv0
(replacepriv0
with the name of the private interface) and configure the virtual network interface as follows:DEVICE=priv0BOOTPROTO=noneONBOOT=yesUSERCTL=noIPV6INIT=noTYPE=Ethernet# configure the IPADDR and NETMASK towards the parameters of your Private NetworkNETMASK=255.255.255.0IPADDR=192.168.43.4ARP=yes# replace HWADDR with the MAC address assoicated to the interfaceHWADDR=02:00:00:00:1a:aeIn this example the IP subnet
192.168.42.0/24
is being used. The interface uses the MAC address (02:00:00:00:1a:b0
) assigned to the Instance as it was attached to the Private Network.Once the interface is configured, save the file and exit the text editor.
-
Restart the network service to bring the configured interface up:
- On CentOS 7 use the following command:
root@virtual-instance:~# systemctl restart network.service- On CentOS 8 use the following command:
root@virtual-instance:~# systemctl restart NetworkManager.service -
Repeat these steps on the other Instances that will communicate within the Private Network.
How to test your Private Network configuration
After you followed the steps above, you can test the connection between the Instances.
Enter the ping
command, pinging the relevant IP address for your Instances/Private Network.
root@virtual-instance:~# ping 192.168.42.3PING 192.168.42.3 (192.168.42.3): 56 data bytes64 bytes from 192.168.42.3: icmp_seq=0 ttl=64 time=0.824 ms64 bytes from 192.168.42.3: icmp_seq=1 ttl=64 time=1.180 ms64 bytes from 192.168.42.3: icmp_seq=2 ttl=64 time=0.852 ms64 bytes from 192.168.42.3: icmp_seq=3 ttl=64 time=0.871 ms--- 192.168.42.3 ping statistics ---4 packets transmitted, 4 packets received, 0% packet lossround-trip min/avg/max/stddev = 0.824/0.932/1.180/0.144 ms
When configured properly, the Instance should reply to the ping
command. The Private Network is working and you can start to configure your services.
How to delete a Private Network
Prior to deleting a Private Network, all Instances attached to the network have to be detached.
-
Navigate to the Private Networks tab (click Instances in the Compute section of the side menu, then click Private Networks)
-
Click … next to the Private Network you wish to delete, and select Delete. A pop up displays asking you to confirm the action
-
Confirm by typing DELETE in the box, and clicking Delete this Private Network
You are taken back to the Private Networks tab, where the network you just deleted no longer displays.