Establishing Private Connect with Exoscale

Private connect lets you connect your on-premises or hosted infrastructure with one or more private networks from a single Exoscale Organization. This guide will walk you through setting up private connect.

Choosing Location and Connectivity:

Private connect is available in Exoscale Zones that have the Private Connect capability as listed in the Datacenter list. In each zone where Private Connect is listed as available you have several options to establish a connection:

  • if your infrastructure is colocated in the same datacenter:
    • the connection to Private Connect can be established via cross connections between Exoscale and your racks/cage within the datacenter. The cross connections setup and costs are your responsibility. Exoscale will provide a location, circuit-ID and letter of agreement (LOA) upon subscribing to Private Connect which enable you to order the cross connections to the datacenter operator.
    • the connection in Equinix based Zones can be established using Equinix Cloud Exchange to reduce cross connections costs and Private Connect costs. Upon subscription to Private Connect, Exoscale will provide the ECX information for interconnection.
  • if your infrastructure is not located in the same datacenter:
    • but located in the same datacenter campus, then you can follow the instructions above.
    • a WAN or MAN connection will be required. If you need help identifying a provider for your transport, contact Exoscale sales team, they will be able to assist you with Exoscale carrier partners. In any case, no carrier termination equipment can be hosted by Exoscale on your behalf. The connection from your MAN or WAN link to Exoscale from the carrier needs to be established via a carrier to carrier cross connection. Exoscale will provide a location, circuit-ID and letter of agreement (LOA) upon subscribing to Private Connect.

Physical Infrastructure Overview

When setting up the network connection you have the choice between creating a single, non-redundant link or a dual link for redundancy. You can also add two additional links for more capacity.

When choosing a dual-link option the link can be aggregated using LACP, or a failover can be done by using HSRP/VRRP on your router(s) to fail over the IP address.

Network Setup

When sending data to the Exoscale network you have a limit of 3 MAC addresses. That means that any traffic coming from your network cannot originate from more than 3 MAC addresses.

Therefore, it is recommended that you set up routing on your end instead of using a layer 2 connection. This means that your servers must route your Exoscale IP range (10.0.0.0/24 in the example above) through the routers connected to Exoscale. This is especially important if your Exoscale-connected routers are not your default gateway.

Also note that from a networking perspective the Exoscale networking equipment will not be visible; it will appear as if your Exoscale private network was connected to your router on a layer 2 network without any additional routers in-between. The routing on your end is only needed to ensure compatibility and that there are never more than 3 MAC addresses visible on the Private Connect link.

As mentioned before you can opt to use LACP for link aggregation or you can use HSRP/VRRP to fail over the IP address between the two links. It is important to note that the IP must never be visible on both links at the same time with this option as this might cause a loop or bad performance.

Routing Configuration

Once your connection to Exoscale is established you still need to configure your instances correctly. If your servers use the same router for Internet access and Exoscale connectivity you do not have to do anything. However, if you use different routers you will need to set up a route on each server to reach your Exoscale instances. On Linux this route configuration would look as follows:

ip route add 10.0.0.0/24 via 192.168.1.1

Note: the command above will not store the route permanently and the command is specific to your Linux distribution. Please look up your Linux distribution’s manual on how to store this route permanently.

On the Exoscale side you have two options. If you send your traffic to the Internet over the public Exoscale network, you will have to set up a separate route to reach your servers:

ip route add 192.168.0.0/24 via 10.0.0.1

If you send all Internet traffic over your own router, the route is already in place, and you don’t need to do anything.

Frequently Asked Questions

You can use a maximum of 4 10 GBit/s links in a single LACP group, or in two LACP groups if you are using VRRP/HSRP.

How much is the maximum bandwidth I can reach?

The maximum bandwidth we provide over private connect is 20 GBit/s.

How many MAC addresses can I use to send traffic over Private Connect?

Your routers can send packets originating from a maximum of 3 MAC addresses. Using more MAC addresses will cause connectivity issues.

Can I use a switch instead of a router on my end?

No, we only support the routing scenario.

Can I terminate Private Connect directly on my server?

Yes, as long as that server is configured as a router.

Can I use Spanning Tree over Private Connect?

No! In fact, using Spanning Tree over Private Connect will immediately disable the network port for stability reasons.

Can Exoscale advertise my IP range to my router(s) over BGP/ISIS/OSPF?

No, Private Connect is a pure Layer 2 connection to your router and no routing is being done inside of Exoscale. In fact, Exoscale doesn’t even know the IP range you use in the Private Network.

Can Exoscale host my server inside the Exoscale racks?

No, unfortunately we cannot.

Can Exoscale host my networking equipment inside the Exoscale racks?

No, unfortunately we cannot. Please see above.