How to configure Instances attached to a Public Gateway
This page explains how to configure Instances plugged into a Private Network attached to a Public Gateway.
You may need certain IAM permissions to carry out some actions described on this page. This means:
- you are the Owner of the Scaleway Organization in which the actions will be carried out, or
- you are an IAM user of the Organization, with a policy granting you the necessary permission sets
- You have an account and are logged into the Scaleway console
- You have created a Public Gateway
- You have created an Instance
- You have created a Private Network
- Your Instance(s) is/are attached to a Private Network which is attached to a Public Gateway
How to take advantage of auto-configuration
Default Instance images for Ubuntu, Debian and CentOS support autoconfiguration of interfaces plugged into a Private Network attached to a Public Gateway.
They leverage helper scripts provided by the scaleway-ecosystem package. These scripts:
- enable DHCP on the interfaces plugged into a Private Network
- make the default route received by DHCP the primary route for all traffic on the Instance
- keep the route to the Scaleway Metadata API more specific (see below).
If your Instance does not get autoconfigured, it may be that you are using an old version of the scaleway-ecosystem package. scaleway-ecosystem 0.0.4 or later is required. Use the following command to update it:
On Ubuntu (Focal, Bionic and Xenial) or Debian (Stretch and Buster):# apt update && apt install scaleway-ecosystem# apt list scaleway-ecosystemListing... Donescaleway-ecosystem/bionic,now 0.0.5 all [installed]
On CentOS 8 or Fedora 32, get the link to the latest release’s rpm on this page and install it as follows:# rpm -vUh https://github.com/scaleway/scaleway-packages/releases/download/v0.0.4/scaleway-ecosystem-0.0.5.noarch.rpm
Security Groups rules are applied to public Internet connections only. The security group rules do not apply to Private Network connections. See our Limitations and Troubleshooting documentation for further help.
How to carry out manual configuration
If you cannot or do not want to rely on the automatic configuration mechanism, you can configure your Instance manually.
If your Instance supports autoconfiguration and you want to configure manually, make sure to disable autoconfiguration as follows:
# mv /lib/udev/rules.d/72-scw-vpc-iface.rules /lib/udev/rules.d/.72-scw-vpc-iface.rules# reboot
By default, Instances are configured with a default route on their public interface that allows them to reach the Scaleway Metadata API. When an Instance is autoconfigured using DHCP and learns its default route through the gateway, it ends up with two default routes: one towards the gateway on the Private Network and the other towards the Scaleway Metadata API on the public interface. It is necessary to adjust the metric of the default route through the gateway to make it the preferred one and to configure the route to the Scaleway Metadata API manually.
Update the route to the Scaleway Metadata API.
The endpoint for the Scaleway Metadata API is
169.254.42.42/32and the gateway depends on your Instance. You can retrieve it with the following command:# ip route showdefault via 10.68.2.114 dev eth0 proto dhcp metric 10010.68.2.114/31 dev eth0 proto kernel scope link src 10.68.2.115 metric 100
The address of the gateway to the Scaleway Metadata API is
10.68.2.114. Now, add a specific route to the API as follows:# ip route add 169.254.42.42/32 via 10.68.2.114
Configure DHCP on the Instance, adjusting the metric of the default route.
Example using netplan:network:version: 2ethernets:ens4:dhcp4: truedhcp4-overrides:route-metric: 50
and using ifupdown:auto ens4iface ens4 inet dhcpmetric 50
How to troubleshoot any problems
See our Public Gateways troubleshooting documentation