Jump toUpdate content
Private Networks are a managed cloud service allowing you to create layer 2 ethernet-switched domains. These domains can also be called a virtual LAN (VLAN). They are virtual but completely private local networks that securely connect your Scaleway resources together without necessarily exposing them publicly. Scaleway resources including Instances, Elastic Metal servers, Load Balancers and Managed Databases are all compatible with Private Networks.
Yes, you can configure multiple Private Networks on the same Scaleway resource. For example, in the case of Instances, you can connect multiple Private Networks to the same Instance. A virtual network interface is created for each Private Network the Instance is attached to. You can then bring up each of them as indicated in our documentation. For Elastic Metal, check out our documentation on configuring the network interface.
You can configure:
- Up to 8 Private Networks per Scaleway resource
- Up to 255 Private Networks per Organization
- Up to 255 Scaleway resources per Private Network
No, Private Network interfaces will appear on your resources without any reboot.
Yes, you can configure IPv6 within Private Networks. To use it, the netmask should always be
/64 and we recommend to use
fc00::/7 unique local address (ULA) range. ULA IPv6 address generators are widely available to generate a personalized range.
No, they do not require a public IPv4 address.
Yes. You can attach a Public Gateway to your Private Network and enable NAT to provide Internet access to your Instances, Elastic Metal servers and other Scaleway resources.
Technically, any ethernet payload should work over Private Networks. However, only IPv4 and IPv6 are officially supported. If you have real use cases for other protocols, let us know.
Yes. You can attach a Public Gateway to your Private Network and enable DHCP to provide IP auto-configuration for your resources.
Public Gateways sit at the border of Private Networks. They provide services to automate the allocation of private IP addresses (DHCP) and deal with traffic entering and exiting the network (NAT). A Public Gateway can be attached to up to 8 Private Networks and up to 50 Public Gateways are supported per Organization.
The Public Gateway can be configured through the console or the API.
No. A public IPv4 address (aka. flexible IP) must be assigned to the Public Gateway at creation time, but you can detach it and delete it afterwards if you do not want to use the NAT feature.
No. Resources in a Private Network for which autoconfiguration (DHCP) is enabled will automatically benefit from the services provided by the Public Gateway. Autoconfiguration is automatically enabled in recent Instances. If your Instance is too old, you may have to update it or enable autoconfiguration by hand. For more details about configuring Instances, see here.
Yes. With NAT enabled, the Public Gateway shares its public IPv4 address (aka. flexible IP) with the Instances and other resources attached to the Private Network, so that they can access the Internet. Moreover, the Public Gateway supports static NAT (aka. port forwarding), so that ingress traffic from the public Internet can reach Instances on the private network. This works by mapping pre-defined ports of the public IP address of the gateway to specific ports and IP addresses on the private network.
Yes. The Public Gateway provides a local DNS service so that your Instances and other resources can resolve each other’s names into their IP address on the Private Network.