Creating a Private Network between Scaleway’s Virtual Instances

Private Networks Overview

Private Networks allow your virtual instances to communicate in an isolated and secure network without the need of being connected to the public Internet. Each instance can be connected to one or several Private Networks, letting you build your own network topologies.

Private Networks are a LAN-like layer 2 ethernet network. A new network interface with a unique media access control address (MAC address) is configured on each instance in a Private Network. Use this interface to communicate in a secure and isolated network, using private IP addresses of your choice.

Creating a Private Network

1 . Click on Instances in the side menu of the Scaleway Console to enter the instances section.

2 . The list of your Virtual Instances displays. Click on the Private Network tab to enter the Private Network configuration.

Note: In case the tab does not display in your console, click More and choose Private Networks from the drop down menu.

3 . Click Create a Private Network to launch the creation wizard.

4 . Enter the details of the Private Network:

  • Name: A friendly name to identify your Private Network in the Scaleway Console
  • Tags: (optional) You may specify optional tags for the Private Network
  • Available Zone (AZ): Choose the Available Zone (AZ) in which your network will be created. It must be identical to the AZ of the instances that will be attached to the network.

5 . Click Create a Private Network to launch its creation.

Attaching Instances to a Private Network

1 . The newly created Private Network displays in the Private Network tab of the Instances section. Click on More Info in the drop-down menu to enter the network configuration section:

2 . Click on the Instances tab to add virtual instances to the Private Network.

3 . Choose the instances to attach to the Private Network from the search bar:

4 . The added instances display in a list, together with the associated MAC address of the virtual interface:

Note: To add newly created virtual instances to a Private Network, you have to add them to the network after instance creation.

Configuring a Private Network

Once all instances that should be able to communicate in the Private Network are added, it is required to configure the virtual network interface on them.

Note: While it is theoretically possible to use any IP range within your Private Network, it is not recommended to use any IP subnets that are publicly routed. Whilst the configuration may work for your instances to communicate with each other, you might experience connectivity issues to machines on the public Internet within these ranges. It is recommended to configure your Private Network using IPs from the following private IP ranges:

  • 192.168.0.0 - 192.168.255.255 (65,536 IP addresses) and
  • 172.16.0.0 - 172.31.255.255 (1,048,576 IP addresses)
    You can use any subnet mask allowed by these ranges. The only constrain is that all interfaces in the same Private Network must be configured with the same subnet mask. If you are not sure, use /24 for your Private Network.

Note: Using the 10.0.0.0/8 private IP range is not recommended, as this block is used for Instances own private IPs and infrastructure services. Do not do this, unless you known what you are doing.

1 . Connect to the instance using SSH.

2 . Find the virtual interface corresponding to the Private Network using the ip link show command:

root@virtual-instance:~# ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether de:1c:94:64:20:44 brd ff:ff:ff:ff:ff:ff
3: ens5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 02:00:00:00:1a:ae brd ff:ff:ff:ff:ff:ff

The Private Network interface can be identified by its associated MAC address, which always begins with 02:00:00:xx:yy:zz.

Note: The network interface names may be different, depending on the operating system and the release you use.

3 . It is convenient to give a more significant name (e.g. priv0) to the Private Network interface. Configure the new interface name as follows:

root@virtual-instance:~# ip link set down dev ens5
root@virtual-instance:~# ip link set name priv0 dev ens5
root@virtual-instance:~# ip link set up dev priv0

4 . Make these changes persistent at reboot to ensure the Private Networks interface always gets the same name based on its MAC address. This can be done by adding the following rule to the /etc/udev/rules.d/75-persistent-net-generator.rules file:

SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="02:00:00:00:1a:ae", NAME="priv0"

Note: In case you want to attach a server to multiple Private Networks, create a rule for each network by replacing the MAC address and the interface name priv0 by priv1, priv2 and so on.

IP Configuration

Once the private network is brought up, you need to configure it’s IP address. The steps required to configure the IP address are depending on your Linux distribution:

IP Configuration on Debian & Ubuntu (up to 16.04) Distributions

1 . Open the file /etc/network/interfaces in a text editor and add an interface configuration for the Private Network interface (called priv0) as follows:

# interfaces(5) file used by ifup(8) and ifdown(8)
# from Scaleway
# The loopback network interface
auto lo
iface lo inet loopback

# Network configuration for Private Network "pvn-hungry-albattani":
auto priv0
iface priv0 inet static
        address 192.168.42.2
        netmask 255.255.255.0

# Include all other interfaces from /etc/network/interfaces.d:
source /etc/network/interfaces.d/*.cfg

In this example the IP subnet 192.168.42.0/24 is being used. The IP address of the instance is set to 192.168.42.2 and the corresponding netmaks is configured as 255.255.255.0.

Once the interface is configured, save the file and exit the text editor.

2 . Restart the network service using the following command to bring the configured network up:

root@virtual-instance:~# systemctl restart network.service

3 . Repeat these steps on the other instances that shall communicate within the Private Network.

IP Configuration on Ubuntu (18.04 and 20.04) Distributions using Netplan

1 . To configure a static IP address on the Private Network interface (previously named priv0), open the Netplan configuration file and configure the interface as follows:

Note: The location of the Netplan configuration file varies depending on the Ubuntu release.

  • Ubuntu 20.04: /etc/netplan/00-installer-config.yaml
  • Ubuntu 18.04: /etc/netplan/01-netcfg.yaml
network:
  version: 2
  renderer: networkd
  ethernets:
    priv0:
      addresses: [192.168.42.2/24]

In this example the IP subnet 192.168.42.0/24 is being used.

Once the interface is configured, save the file and exit the editor.

2 . Bring the interface up using the command netplan apply.

3 . Repeat these steps on the other instances that shall communicate within the Private Network.

IP Configuration on CentOS

1 . Open the file /etc/sysconfig/network-scripts/ifcfg-priv0 (replace priv0 with the name of the private interface) and configure the virtual network interface as follows:

DEVICE=priv0
BOOTPROTO=none
ONBOOT=yes
USERCTL=no
IPV6INIT=no
TYPE=Ethernet
# configure the IPADDR and NETMASK towards the parameters of your Private Network
NETMASK=255.255.255.0
IPADDR=192.168.43.4
ARP=yes
# replace HWADDR with the MAC address assoicated to the interface
HWADDR=02:00:00:00:1a:ae

In this example the IP subnet 192.168.42.0/24 is being used. The interface uses the MAC address (02:00:00:00:1a:b0) assigned to the instance as it was attached to the Private Network.

Once the interface is configured, save the file and exit the text editor.

2 . Restart the network service to bring the configured interface up:

  • On CentOS 7 use the following command:
root@virtual-instance:~# systemctl restart network.service
  • On CentOS 8 use the following command:
root@virtual-instance:~# systemctl restart NetworkManager.service

3 . Repeat these steps on the other instances that shall communicate within the Private Network.

Testing the Private Network

1 . To test the connection between the instances once the network is configured on all of them using the ping command:

root@virtual-instance:~# ping 192.168.42.3
PING 192.168.42.3 (192.168.42.3): 56 data bytes
64 bytes from 192.168.42.3: icmp_seq=0 ttl=64 time=0.824 ms
64 bytes from 192.168.42.3: icmp_seq=1 ttl=64 time=1.180 ms
64 bytes from 192.168.42.3: icmp_seq=2 ttl=64 time=0.852 ms
64 bytes from 192.168.42.3: icmp_seq=3 ttl=64 time=0.871 ms
--- 192.168.42.3 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.824/0.932/1.180/0.144 ms

2 . When configured properly, the instance should reply to the ping command. The Private Network is working and you can start to configure your services.

Detaching Instances from a Private Network

1 . From the Private Network tab of the Instances section in the Scaleway console, click on More Info in the drop-down menu to enter the network configuration section:

2 . Click on the Instances tab to retrieve a list of all virtual instances attached to this network.

3 . Click on the Detach button next to the instance you want to detach:

4 . Confirm by clicking on Detach this instance in the pop-up screen.

5 . The instance is being detached from the Private Network. The Private Network interface is being removed instantly from the instance.

Deleting a Private Network

1 . From the Private Network tab of the Instances section in the Scaleway console, click on More Info in the drown menu to enter the network configuration section:

2 . Click on Delete Private Network on the network overview page:

Note: Prior to deleting a Private Network, all instances attached to the network have to be detached.

3 . Confirm the Private Network deletion by typing DELETE in the pop-up screen. Then click Delete this Private Network to delete the network irreversibly from your account.

Discover the Cloud That Makes Sense