Jump toUpdate content

Public Gateways - Concepts


Dynamic Host Configuration Protocol (DHCP) is a network management protocol for dynamically assigning IP addresses and other configuration parameters to devices in a Private Network. DHCP is a feature of a Public Gateway, which can take a pool of available IP addresses (range) and dynamically share them between devices in the attached Private Networks. This eliminates the need for users to manually assign private IP addresses to their devices as they join or leave the network. Static associations can also be configured to assign specific IP addresses to specific devices, according to their MAC addresses.


The Domain Name System (DNS) is a naming system for devices connected to the Internet or Private Networks. Most prominently, DNS servers translate text-based domain names (e.g. www.scaleway.com) to numerical IP addresses (e.g.

A Public Gateway acts as a local DNS server for the devices within a Private Network, resolving the devices’ IP hostnames into their IP addresses. The hostname for a given device is generally the name defined when creating the resource (and which in the case of an Instance, for example, displays in the shell when connected to that resource by SSH).

Flexible IP

Flexible IP addresses are public IP addresses associated with your account, which you can hold independently of any created resource. When you create a Public Gateway, it receives a flexible (public) IP address by default. You can detach, reattach and migrate your flexible IPs between your Public Gateways at your convenience. Note however that each Public Gateway must have a public IP attached to it, so if you detach one flexible IP from the Public Gateway you must attach another.

Flexible IPs exist for many resources (Instances, Elastic Metal servers, Load Balancers etc). Note however that each of these sets of flexible IPs is independent, and usable only with that product. Instance flexible IPs cannot be attached to Elastic Metal servers or Public Gateways, and vice versa.

When you delete a flexible IP address, it is disassociated from your account to be used by other users.

IP address

An Internet Protocol address is a unique address that identifies a device on the Internet or a local network. Written in human-readable notations, an IP address is generally shown as 4 octets of numbers, e.g. IP addresses can be public or private.


Network Address Translation (NAT) maps private IP addresses in a Private Network to the public IP address of the Public Gateway. Private IP addresses are not routable on the public Internet, so NAT makes it possible for them to securely communicate with the Internet via the gateway. There are two types of NAT:

  • Dynamic NAT enables egress traffic from a Private Network to the public Internet by dynamically, automatically mapping the outgoing traffic IP addresses and ports with the public IP address and ports of the Public Gateway.

  • Static NAT enables ingress traffic from the public Internet towards devices on a Private Network by mapping pre-defined ports of the public IP address of the gateway to specific ports and IP addresses on the Private Network.

See our documentation on reviewing and configuring NAT for more information.

Private IP address

Private IP addresses identify devices on local/Private Networks. They are not routed on the Internet - if you enter the private IP address of an Instance into a random browser connected to the Internet, it will not connect to anything. This is because a private IP address is only relevant within a particular local network. Devices within a local network can communicate securely between themselves via their private IP addresses.

Private Network

Scaleway’s Private Networks feature allows you to create a LAN-like layer 2 ethernet network between your Scaleway resources. When you connect an Instance to a Private Network, a new network interface is configured on the that Instance, with a unique media access control address (MAC address). When connecting an Elastic Metal server to a Private Network, a new VLAN is allocated on the public interface. Private Networks thus allow your Scaleway resources to communicate in an isolated and secure network without the need of being connected to the public Internet. Each resource can be connected to one or several Private Networks. You can also opt to attach a Public Gateway to your Private Networks, for extra functionality.

Classic Private Networks are scoped to a single Availability Zone, but our regional Private Networks product is currently available in Public Beta.

Public Gateway

Public Gateways sit at the border of Private Networks and provide extra functionality. They provide services to automate the allocation of private IP addresses (DHCP), and deal with traffic entering and exiting the network (NAT). You can add a Public Gateway to each of your Private Networks.

Public IP address

Public IP addresses identify devices on the Internet. You can enter the public IP address of an Instance into any browser connected to the Internet, and access content being served from that Instance. You can think of public IP addresses like postal addresses for buildings - they are unique, and tell the routers directing traffic through the Internet where to find a particular server.

Region and Availability Zone

A Region is as a Geographical area such as France (Paris: fr-par) or the Netherlands (Amsterdam: nl-ams) in which Scaleway products and resources are located. It can contain multiple Availability Zones.

An Availability Zone refers to the geographical location in which your Scaleway resource will be created. The latency between multiple AZs of the same region is low, as they have a common network layer.

For an extensive list of which regions and AZ a resource is available in, refer to our Products availability guide

SSH bastion

SSH bastion is a server dedicated to managing connections to the infrastructure behind your Public Gateway. When you activate SSH bastion on your Public Gateway, all the SSH keys held in your Project credentials are imported to the SSH bastion, providing a single point of entry. This makes management of your infrastructure easier and more secure.


Tags let you organize your Public Gateways. You can assign as many tags as you want to each gateway, and use this feature to identify, sort and filter them.