Jump toUpdate content

Private Networks on Scaleway Dedibox and Scaleway Elements

Private Networking - Overview

When deploying infrastructure on the Internet, network connectivity will play a crucial part in your success in terms of both performance and security. You want your services to run quickly, smoothly and with minimum latency, while also ensuring that sensitive data is fully protected even as it is being transferred over a public network like the Internet.

The Internet was initially designed to enable a small number of academics and researchers to share data between themselves. As such, security was not a paramount concern. Of course, over time the Internet grew, with more and more private companies and personal users taking it up, until today it has become the omnipresent global network we all know, linking billions of machines and people worldwide. While technologies have evolved and data-protection mechanisms to secure our connections have become more sophisticated, we should never forget that the Internet remains essentially a public network. This means that infrastructure attacks like Distributed Denial-of-Service or Bruteforce can always stand to pose a threat to your infrastructure and your data.

Scaleway provides a range of solutions to help you protect against such attacks and secure your infrastructure. Besides DDoS protection, we also offer several ways to create private networks, fully compliant with RFC 1918. These networks can add extra protection for your data, since they are entirely isolated, and completely separate from the Internet or any public network.

Understanding Private Network Types Available on the Scaleway Platform

Scaleway’s Public Cloud Ecosystem Scaleway Elements offers a comprehensive range of public cloud services, enabling you to build your infrastructure within the cloud. Alternatively (or in tandem), Scaleway Dedibox provides dedicated, reliable, high-end servers designed for demanding workloads. In each of these two product categories, different private network offers are available:

Using the RPN feature on Scaleway Dedibox

Scaleway Dedibox provides the RPN feature. RPN is an acronym for Real Private Network. An RPN is a physical network in a data center, using the second network card installed in Dedibox servers. Therefore, the RPN feature allows you to make a “real” physical network directly between your servers. ​ Currently, Scaleway offers two variants of the RPN feature, depending on the commercial specifications of your chosen server/s:

  • RPNv1 is our basic RPN service.

  • RPNv2 is our most advanced RPN service, providing full VLAN capacity and up to 25GBit/s bandwidth. ​

RPNv1 offers you a static private IP address and allows you to create a private network between your Dedibox machines. Network speeds reach up to 1GBit/s with Business service level. ​ In practice, let us assume that you have six dedicated servers. You can create RPN groups between them, as shown in the following example: ​

  RPN-group-1 = server 1 and 2            the servers 1 and 2 can communicate between each other  RPN-group-2 = server 1, 6 and 3         the servers 1, 6 and 3 can communicate between each other  RPN-group-3 = server 1 ,4 and 5         the servers 1, 4 and 5 can communicate between each other

​ It is also possible to add servers from other Scaleway Dedibox accounts to the RPN, if their owner gives permission to do so. ​ With the RPNv2 feature, available on our best-selling Dedibox servers, you get a real VLAN for your private network and up to 25GBit/s of available bandwidth, making it an ideal solution for latency-critical and bandwidth-intense applications such as network attached storage, large databases or load balancing. You can configure any network setup you have in mind using the RPNv2 network and even use it for communications between your virtual machines on several Dedibox servers. We also have a gateway for communications between RPNv1 and RPNv2 networks, enabling the two types to “talk” to each other. ​

​ ### Building Private Networks on Scaleway Elements

The Private Networks feature is available for all Virtual Instance types in the Scaleway Elements Ecosystem. It allows instances within an availability zone to communicate safely in an isolated and secured network, inaccessible from the Internet. Private Networks are a LAN-like layer 2 Ethernet network. ​

Each instance assigned to a private network instantly gets a virtual network interface connected to the private network (without needing a reboot). You can think of this as a virtual version of the second network card installed in the Dedibox servers. This interface allows the Instance to reach other Instances in the same private network. ​

Several private networks can be assigned to each virtual instance and you can configure the IP ranges of your choice to use them. All of this allows you to create complex networking scenarios and keep control of your data.

Private Networks are also the first brick for creating a VPC, or Virtual Private Cloud. We currently have a number of new VPC features under development, including VPC Direct Connect and VPC Public Gateway. For more information, see our Betas & Previews page. ​ Take a look at our documentation to learn more about Private Networks.

Interconnecting Scaleway Elements and Scaleway Dedibox with Virtual Private Networks

To interconnect your Scaleway Dedibox dedicated servers and your Scaleway Elements instances, you can choose to configure a VPN: a Virtual Private Network. Here, the public Internet interface is used to create an anonymous and encrypted private network. In essence, a VPN creates an encrypted tunnel between you and the internet, routing all your internet traffic through this tunnel and masking your IP address and data as it travels. Since your internet activity is hidden by the VPN, you have enhanced privacy and anonymity. With VPNs, you can create hybrid infrastructures across all of Scaleway’s product ranges, even if instances or servers are not in the same availability (geographic) zone.

You could, for example, configure a Dedibox dedicated server as a load-balancing front end that forwards traffic through a VPN to virtual Instances which serve the requests of your users, allowing you to scale your application depending on the load. These virtual Instances can then communicate over the VPN with a database, running on a Bare Metal Cloud Server for performance and reliability. Endless options are possible and can be realized using techniques such as [W/tutorials/wireguard-mesh-vpn/) or using a GRE Tunnel.

Conclusion

Whether you want to create secure networks between your Dedibox servers, your Virtual Instances or both, there is a solution for you. Do not hesitate to browse through our documentation using the links in this article to find out more about what you can do with Dedibox RPNs, Elements Private Networks and VPNs.