Jump toUpdate content
Private Networks are a managed cloud service allowing you to create layer 2 ethernet-switched domains. These domains can also be called a virtual LAN (VLAN). They are virtual but completely private local networks that securely connect your instances together without necessarily exposing them publicly.
Yes, you can configure multiple private networks on the same instances. A virtual network interface is created for each private network to which the instance is attached to. You can bring up each of them as indicated in our documentation.
You can configure:
- Up to 8 private networks per instance
- Up to 255 private networks per organization
- Up to 255 instances per private network
No, Instances are hot plugged to Private Networks. This means private network interfaces will appear on your instances without any reboot.
Yes, you can configure IPv6 within Private Networks. To use it, the netmask should always be
/64 and we recommend to use
fc00::/7 unique local address (ULA) range. ULA IPv6 address generators are widely available to generate a personalized range.
No, they do not require a public IPv4 address.
Technically, any ethernet payload should work over Private Networks. However, only IPv4 and IPv6 are officially supported. If you have real use cases for other protocols, let us know.
Yes. You can attach a Public Gateway to your Private Network and enable NAT to provide Internet access to your Instances.
Yes. You can attach a Public Gateway to your Private Network and enable DHCP to provide IP auto-configuration for your Instances.
Public Gateways sit at the border of private networks. They provide services to automate the allocation of private IP addresses (DHCP) and deal with traffic entering and exiting the network (NAT). A Public Gateway can be attached to up to 8 Private Networks and up to 50 Public Gateways are supported per organization.
The Public Gateway can be configured through the console or the API.
No. A public IPv4 address (aka. Flexible IP) must be assigned to the Public Gateway at creation time, but you can detach it and delete it afterward if you do not want to use the NAT feature.
No. Instances in a Private Network for which autoconfiguration (DHCP) is enabled will automatically benefit from the services provided by the Public Gateway. Autoconfiguration is automatically enabled in recent Instances. If your Instance is too old, you may have to update it or enable autoconfiguration by hand. For more details about configuring Instances, see here.
Yes. With NAT enabled, the Public Gateway shares its public IPv4 address (aka. Flexible IP) with the Instances attached to the Private Network, so that they can access the Internet. Moreover, the Public Gateway supports static NAT (aka. port forwarding), so that ingress traffic from the public Internet can reach Instances on the private network. This works by mapping pre-defined ports of the public IP address of the gateway to specific ports and IP addresses on the private network.
Yes. The Public Gateway provides a local DNS service so that your Instances can resolve each other’s names into their IP address on the Private Network.