Jump toSuggest an edit

Configuring Instances manually on a Private Network

Reviewed on 05 February 2024
  • DHCP is activated by default on all newly-created Private Networks, and cannot be deactivated.
  • If you have a Private Network created before July 12 2023, check our migration documentation to find out if DHCP has been automatically activated on your network.
  • We recommend activating DHCP and letting us take care of the automatic IP address management of all resources on your Private Networks, including Instances, to ensure they are fully compatible with managed products and integrated with our internal IPAM.

The steps outlined in this document are intended for advanced users only and are not supported by Scaleway.

How to configure the Private Network interface on your Instances

Once you have added your Instances to a Private Network, you can manually configure the virtual network interface on each one. You will also need to turn off the automatic DHCP scripts found on the Instance for Private Network, so that they do not conflict with the manual configuration you are creating. These steps are explained below.

  • We recommend not using publicly routed IP subnets within your Private Network. While the configuration may work for your Instances to communicate with each other, it could lead to connectivity issues to machines on the public internet within these ranges.

  • We advise you to configure your Private Network using IPs from the following private IP ranges:

    • - (65,536 IP addresses) and
    • - (1,048,576 IP addresses).
  • You can use any subnet mask allowed by these ranges. The only constraint is that all interfaces in the same Private Network must be configured with the same subnet mask. If you are not sure, use /24 for your Private Network.

  • Using the private IP range is not recommended, as this block is used for the Instances’ own private IPs and infrastructure services.

  • This is only recommended for expert users.

  1. Connect to the Instance using SSH.

  2. Delete the file /lib/udev/rules.d/72-scw-vpc-iface.rules to disable the automatic DHCP scripts:

    rm /lib/udev/rules.d/72-scw-vpc-iface.rules

    If a Private Network was previously plugged into this Instance, you also need to delete the following files, according to your distribution:


  3. Find the virtual interface corresponding to the Private Network using the ip link show command:

    root@virtual-instance:~# ip link show
    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    2: ens2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether de:1c:94:64:20:44 brd ff:ff:ff:ff:ff:ff
    3: ens5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 02:00:00:00:1a:ae brd ff:ff:ff:ff:ff:ff

    The Private Network interface can be identified by its associated MAC address, which always begins with 02:00:00:xx:yy:zz.


    The network interface names may be different, depending on the operating system and the release you use.


    The network interface name is not guaranteed to be stable and may change across reboot or poweroff and poweron actions, similarily to the rest of the PCI hierarchy.

  4. For convenience, you can give a more significant name (e.g. priv0) to the Private Network interface. Configure the new interface name as follows:

    root@virtual-instance:~# ip link set down dev ens5
    root@virtual-instance:~# ip link set name priv0 dev ens5
    root@virtual-instance:~# ip link set up dev priv0

    This renaming action will not persist across reboots. See below for a solution.

  5. Make these changes persistent at reboot to ensure the Private Networks interface always gets the same name based on its MAC address. This is done by adding the following rule to the /etc/udev/rules.d/75-persistent-net-generator.rules file. Make sure that you replace the address with the correct MAC address for your case:

    SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="02:00:00:00:1a:ae", NAME="priv0"

    If you want to attach a server to multiple Private Networks, create a rule for each network by replacing the MAC address and the interface name priv0 by priv1, priv2 and so on.

How to configure the Private Network’s IP address

Once you have brought up the Private Network via the previous steps, you can configure its IP address. The steps required to configure the IP address change depending on your Linux distribution:

  1. To configure a static IP address on the Private Network interface (previously named priv0), open the Netplan configuration file and configure the interface as follows:


    The location of the Netplan configuration file varies depending on the Ubuntu release:

    • Ubuntu 20.04: /etc/netplan/00-installer-config.yaml
    • Ubuntu 18.04: /etc/netplan/01-netcfg.yaml
    version: 2
    renderer: networkd
    addresses: []

    In this example, the IP subnet is being used.

    Once the interface is configured, save the file and exit the editor.

  2. Bring the interface up using the command netplan apply.

  3. Repeat these steps on the other Instances that will communicate within the Private Network.

How to test your Private Network configuration

After you followed the steps above, you can test the connection between the Instances.

Enter the ping command, pinging the relevant IP address for your Instances/Private Network.

root@virtual-instance:~# ping
PING ( 56 data bytes
64 bytes from icmp_seq=0 ttl=64 time=0.824 ms
64 bytes from icmp_seq=1 ttl=64 time=1.180 ms
64 bytes from icmp_seq=2 ttl=64 time=0.852 ms
64 bytes from icmp_seq=3 ttl=64 time=0.871 ms
--- ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.824/0.932/1.180/0.144 ms

When configured properly, the Instance should reply to the ping command. The Private Network is working and you can start to configure your services.

How to carry out manual configuration of the default route (if Private Network is attached to a Public Gateway)

By default, Instances are configured with a default route on their public interface that allows them to reach the Scaleway Metadata API. When an Instance is on a Private Network attached to a Public Gateway, it ends up with two default routes: one towards the gateway on the Private Network and the other towards the Scaleway Metadata API on the public interface. It is necessary to adjust the metric of the default route through the gateway to make it the preferred one, and to configure the route to the Scaleway Metadata API manually.


If your Instance supports autoconfiguration, and you want to configure manually, make sure that you disable autoconfiguration as follows:

# mv /lib/udev/rules.d/72-scw-vpc-iface.rules /lib/udev/rules.d/.72-scw-vpc-iface.rules
# reboot
  1. Update the route to the Scaleway Metadata API.

    The endpoint for the Scaleway Metadata API is, and the gateway depends on your Instance. You can retrieve it with the following command:

    # ip route show
    default via dev eth0 proto dhcp metric 100 dev eth0 proto kernel scope link src metric 100

    The address of the gateway to the Scaleway Metadata API is Now, add a specific route to the API as follows:

    # ip route add via
  2. Configure DHCP on the Instance, adjusting the metric of the default route.

    Example using netplan:

    version: 2
    dhcp4: true
    route-metric: 50

    and using ifupdown:

    auto ens4
    iface ens4 inet dhcp
    metric 50
Docs APIScaleway consoleDedibox consoleScaleway LearningScaleway.comPricingBlogCarreer
© 2023-2024 – Scaleway