Jump toUpdate content
VPC - Concepts
An Availability Zone refers to the geographical location in which your Private Network or Public Gateway will be created. To connect resources to Private Networks, or Private Networks to Public Gateways, they must be within the same Availability Zone. Find below the list of Availability Zones by region:
- France - Paris (
- The Netherlands - Amsterdam (
- Poland - Warsaw (
Dynamic Host Configuration Protocol (DHCP) is a network management protocol for dynamically assigning IP addresses and other configuration parameters to devices in a Private Network. DHCP is a feature of a Public Gateway, which can take a pool of available IP addresses (range) and dynamically share them between devices in the attached Private Networks. This eliminates the need for users to manually assign private IP addresses to their devices as they join or leave the network. Static associations can also be configured to assign specific IP addresses to specific devices, according to their MAC addresses.
The Domain Name System (DNS) is a naming system for devices connected to the Internet or Private Networks. Most prominently, DNS servers translate text-based domain names (eg www.scaleway.com) to numerical IP addresses eg (18.104.22.168). In terms of VPC, the Public Gateway acts as a local DNS server for the devices within a Private Network, resolving the devices’ IP addresses into their hostname.
Flexible IP addresses are public IP addresses associated with your account, which you can hold independently of any specific Instance, Elastic Metal server or Public Gateway. When you create one of these resources, it receives a flexible (public) IP address by default, which is added to your account’s pool of flexible IPs. You can detach, reattach and migrate your flexible IPs between your different resources of that type at your convenience. Note however that each of these sets of flexible IPs is independent, and usable only with that product, so Instance flexible IPs cannot be attached to Elastic Metal servers or Public Gateways, and vice versa. In the case of Public Gateways, each Public Gateway must have a public IP attached to it, so if you detach one flexible IP from the Public Gateway you must attach another. When you delete a flexible IP address, it is disassociated from your account to be used by other users.
Network Address Translation maps private IP addresses in a Private Network to the public IP address of the Public Gateway. Private IP addresses are not routable on the public Internet, so NAT makes it possible for them to securely communicate with the internet via the gateway. There are two types of NAT:
Dynamic NAT enables egress traffic from a Private Network to the public Internet by dynamically, automatically mapping the outgoing traffic IP addresses and ports with the public IP address and ports of the Public Gateway.
Static NAT enables ingress traffic from the public Internet towards devices on a Private Network by mapping pre-defined ports of the public IP address of the gateway to specific ports and IP addresses on the Private Network.
See our documentation on reviewing and configuring NAT for more information.
Private IP Address
Private IP addresses identify devices on local/Private Networks. They are not routed on the Internet - if you enter the private IP address of an Instance into a random browser connected to the Internet, it will not connect to anything. This is because a private IP address is only relevant within a particular local network. Devices within a local network can communicate securely between themselves via their private IP addresses.
Scaleway’s Private Networks feature allows you to create a LAN-like layer 2 ethernet network between your Scaleway resources. When you connect an Instance to a Private Network, a new network interface is configured on the that Instance, with a unique media access control address (MAC address). When connecting an Elastic Metal server to a Private Network, a new VLAN is allocated on the public interface. Private Networks thus allow your Scaleway resources to communicate in an isolated and secure network without the need of being connected to the public Internet. Each resource can be connected to one or several Private Networks. You can also opt to attach a Public Gateway to your Private Networks, for extra functionality.
Public IP Address
Public IP addresses identify devices on the Internet. You can enter the public IP address of an Instance into any browser connected to the Internet, and access content being served from that Instance. You can think of public IP addresses like postal addresses for buildings - they are unique, and tell the routers directing traffic through the Internet where to find a particular server.
SSH bastion is a server dedicated to managing connections to the infrastructure behind your Public Gateway. When you activate SSH bastion on your Public Gateway, all the SSH keys held in your Project credentials are imported to the SSH bastion, providing a single point of entry. This makes management of your infrastructure easier and more secure.
Tags let you organize your Private Networks and Public Gateways. You can assign as many tags as you want to each network and/or gateway, and use this feature to identify, sort and filter your VPC products.