Establishing Private Connect with Exoscale

Private connect lets you connect your on-premises or hosted infrastructure with one or more private networks from a single Exoscale organization. This guide will show you how to set upPrivate Connect.

Choosing Location and Connectivity

Private connect is available in Exoscale zones that have the Private Connect capability as listed in the datacenter list. Your situation to start with Private Connect can differ depending on where you store your infrastructure.

If your infrastructure is collocated in the same datacenter or datacenter campus as the Exoscale zone:

  • The connection to Private Connect can be established via cross connections between Exoscale and your racks/cage within the datacenter. You are responsible for the cross connections setup and costs. Exoscale will provide a location, circuit-ID and letter of agreement (LOA) upon subscribing to Private Connect which let you order the cross connections to the datacenter operator.
  • The connection in Equinix-based zones can be established using Equinix Cloud Exchange to reduce cross-connection costs and Private Connect costs. After you subscribe to Private Connect, Exoscale will provide the ECX information for interconnection.

If your infrastructure is located in a separate datacenter from the Exoscale zone: * a WAN or MAN connection is required. You can contact our Sales team for information on Exoscale carrier partners. The connection from your WAN or MAN link to Exoscale from the carrier needs to be established via a carrier-to-carrier cross connection. Exoscale will provide a location, circuit-ID and letter of agreement (LOA) upon subscribing to Private Connect. * Note that no carrier termination equipment can be hosted by Exoscale on your behalf.

Physical Infrastructure Overview

When you set up the network connection, you can choose to create a single non-redundant link, or a dual link for redundancy. You can also add two additional links for more capacity.

When you choose the dual-link option, the link can be aggregated using LACP, or a failover can be done by using HSRP/VRRP on your routers to fail over the IP address.

Network Setup

When you send data to the Exoscale network, you have a limit of 3 MAC addresses. Any traffic coming from your network cannot originate from more than 3 MAC addresses.

Therefore, it is recommended that you set up routing on your end instead of using a layer 2 connection. When you set up routing, your servers must route your Exoscale IP range (10.0.0.0/24 in the example above) through the routers connected to Exoscale. This is especially important if your Exoscale-connected routers are not your default gateway.

Also note that from a networking perspective, the Exoscale networking equipment will not be visible; it will appear as if your Exoscale private network was connected to your router on a layer 2 network without any additional routers in-between. The routing on your end is only needed to ensure compatibility and that there are never more than 3 MAC addresses visible on the Private Connect link.

As mentioned before, you can opt to use LACP for link aggregation, or you can use HSRP/VRRP to fail over the IP address between the two links. It is important to note that the IP must never be visible on both links at the same time with this option as this might cause a loop or bad performance.

Routing Configuration

Once your connection to Exoscale is established, you need to configure your instances. If your servers use the same router for internet access and Exoscale connectivity, you do not have to do anything. However, if you use different routers, you will need to set up a route on each server to reach your Exoscale instances. On Linux, this route configuration would look as follows:

ip route add 10.0.0.0/24 via 192.168.1.1

Note: the command above will not store the route permanently and the command is specific to your Linux distribution. Please consult your Linux distribution’s manual on how to store this route permanently.

On the Exoscale side you have two options.

One option is if you send your traffic to the internet over the public Exoscale network, you will have to set up a separate route to reach your servers:

ip route add 192.168.0.0/24 via 10.0.0.1

The other option is if you send all internet traffic over your own router, the route is already in place. No further action is necessary.

Frequently Asked Questions

You can use a maximum of 4 links at 10 Gbit/s in a single LACP group, or in two LACP groups if you use VRRP/HSRP.

How much is the maximum bandwidth I can reach?

The maximum bandwidth we provide over private connect is 20 Gbit/s.

How many MAC addresses can I use to send traffic over Private Connect?

Your routers can send packets originating from a maximum of 3 MAC addresses. If you use more MAC addresses, it will cause connectivity issues.

Can I use a switch instead of a router on my end?

Unfortunately, we only support the routing scenario at this time.

Can I terminate Private Connect directly on my server?

Yes, as long as that server is configured as a router.

Can I use Spanning Tree over Private Connect?

No, and be aware that Spanning Tree over Private Connect will immediately disable the network port for stability reasons.

Can Exoscale advertise my IP range to my routers over BGP/ISIS/OSPF?

No, Private Connect is a pure Layer 2 connection to your router. No routing is done inside of Exoscale. In fact, Exoscale doesn’t even know the IP range you use in the Private Network.

Can Exoscale host my server or networking equipment inside the Exoscale racks?

Sorry, no. We cannot do this due to space concerns.