Jump toUpdate content

VPC - Concepts

Reviewed on 16 August 2023Published on 06 February 2023

CIDR block

A Classless Inter-Domain Routing (CIDR) block represents a range of IP addresses. They all share the same network prefix. An example of an IPv4 CIDR block is, while an IPv6 CIDR block looks like fd12:3456:789a:1::/64.

The two parts of a CIDR block are:

  • The prefix, which represents an IP address.
  • The suffix, which consists of a slash and a number that represents the network size. This is also known as the prefix length or subnet mask bit size. It states how many bits of the prefix/IP address are used to designate the network itself, with the remaining bits therefore being available to designate specific hosts on the network.

An IPv4 CIDR block and an IPv6 CIDR block are defined for each Scaleway Private Network at the time of creation. When you attach a resource (e.g. an Instance, an Elastic Metal server or a Load Balancer) to the network, DHCP will assign one IPv4 and one IPv6 address from the designated blocks to that resource. This way, each resource automatically gets a private IPv4 and IPv6 address on the Private Network.

IP addresses from within a given subnet (that is to say, allocated from a certain CIDR block that is used for a certain Private Network) display with a slash at the end. In the case of an IPv4 address, this could look like This format encapsulates information both about the IP address itself, and which subnet it is from. If you configure an Instance manually with this address, it sets both the correct IP and a route to the correct subnet.

Default VPC

Scaleway currently has three regions: Paris, Amsterdam and Warsaw. One default VPC is automatically created for each region, in each Scaleway Project. Any new Private Networks that you create will be added to the default VPC for their region, unless you override this by specifying a different VPC.


Dynamic Host Configuration Protocol (DHCP) is a network management protocol for dynamically assigning IP addresses and other configuration parameters to devices in a Private Network.

Managed DHCP was previously a feature of Scaleway’s Public Gateway, but is now built into Private Networks. A CIDR block representing a range of available IP addresses is defined when creating the Private Network, and when you attach a resource to the network it is assigned a static, private IP address from this subnet. These IP addresses are managed by our internal IPAM, which acts a single source of truth and ensures full consistency. There is no need for users to manually assign private IP addresses to their resources as they join or leave the network.

With managed DHCP, a resource’s IP address will never change as long as that resource is not detached from the Private Network. It remains stable across reboots and long poweroffs. The IP is allocated when the resource is attached, and released only when the resource is detached or deleted.

The IPv4 address of Private Networks’ DHCP server is The IPv6 address is fe80:200:22ff:fe05:ca1e.


While DHCP is built into all new Private Networks, it may not be automatically activated for older Private Networks. Check our migration documentation for more information.


The Domain Name System (DNS) is a naming system for devices connected to the Internet or Private Networks. Most prominently, DNS servers translate text-based domain names (e.g. www.scaleway.com) to numerical IP addresses (e.g.

Private Networks benefit from managed DNS, which resolves the hostnames of attached resources into their IP addresses. The hostname for a given device is generally the name defined when creating the resource (and which in the case of an Instance, for example, displays in the shell when connected to that resource by SSH). When a Private Network is attached to a Public Gateway however, the gateway’s DNS takes priority over that of the Private Network, to allow host name resolution across different Private Networks.


IP Address Management (IPAM) is a method for planning, tracking and managing the IP address space of a network. Scaleway’s internal IPAM acts as a single source of truth for the IP addresses of Scaleway resources. Managed products, such as Databases and Load Balancer, are fully integrated into IPAM, and Private Networks’ DHCP server uses IPAM to assign static IP addresses to attached resources such as Instances and Elastic Metal server. These IP addresses are fixed, and (for now) cannot be defined by the user. Watch this space for future developments in terms of Scaleway’s IPAM and the public functionality, such as IP reservation (be aware that at the time of writing there is no ETA for this).


Internet Protocol Version 4 is the standard protocol used for IP addresses, and routes most Internet traffic as of today. Each IPv4 address has 32 bits. Written in human-readable form, an IPv4 address is generally shown as four octets of numbers separated by periods, e.g.

Scaleway Private Networks’ DHCP functionality assigns both an IPv4 and an IPv6 address to its attached resources. Note that IPv4 addresses defined in this way display with a slash at the end, e.g., to encapsulate information both about the IP address itself and which subnet it is from. See the CIDR concept for more information.


Internet Protocol Version 6 is the most recent version of the IP protocol used for IP addresses. Each IPv6 address has 128 bits. Written in human-readable form, an IPv6 address can be shown as eight groups of four hexadecimal digits, each group representing 16 bits and separated by a colon, e.g. 2001:0DB8:0000:0003:0000:01FF:0000:002E. This can also be notated as 2001:DB8::3:0:1FF:0:2E.

Scaleway Private Networks’ DHCP functionality assigns both an IPv4 and an IPv6 address to its attached resources. See the CIDR concept for more information.

Private Networks

Private Networks let you connect Scaleway resources across multiple AZs within the same region. Attached resources can then communicate between themselves in an isolated and secure layer 2 network, away from the public Internet.

Dynamic Host Configuration Protocol (DHCP) is built into each Private Network, making it easy to manage the private IP addresses of your resources on the network.

Read our dedicated documentation on creating a Private Network.


Previously, Private Networks at Scaleway were zoned. Only resources from within one defined AZ could be attached to each network. Now, all Private Networks are regional, and resources from any AZ within that network’s region can be attached. “Old” zoned Private Networks have all been automatically migrated to become regional.

While DHCP is built into all new Private Networks, it may not be automatically activated for older Private Networks. Check our migration documentation for more information.

Region and Availability Zone

A Region is as a geographical area such as France (Paris: fr-par) or the Netherlands (Amsterdam: nl-ams) in which Scaleway products and resources are located. It can contain multiple Availability Zones.

An Availability Zone refers to the geographical location within a region, such as waw-1(Warsaw, Poland), in which your Scaleway resource will be created. The latency between multiple AZs of the same region is low, as they have a common network layer.

For an extensive list of which regions and AZ a resource is available in, refer to our Products availability guide


VPC allows you to build your own Virtual Private Cloud on top of Scaleway’s shared public cloud. Within each VPC, you can create Private Networks and attach Scaleway resources to them, as long as the resources are in an AZ within the network’s region.

One default VPC for every available region is automatically created in each Scaleway Project.

VPC currently comprises the Private Networks product. Layer 2 Private Networks sit inside the layer 3 VPC.

More features and resources will be coming to VPC in the future.