Each instance may provision one or more additional unmanaged and managed network interfaces. This interface is bound to a private network segment shared only with your other instances.

The private network is a classic layer 2 segment: it is as if your instances were attached to a dedicated switch. This means:

  • You can use any Ethernet-compatible protocol (IPv4, IPv6, NetBIOS).
  • Security group rules do not apply to traffic inside private networks.
  • Multicast and broadcast are authorized.
  • Only your instances are attached to the segment.
  • No encryption is performed but your packets do not leave our datacenter.
  • Private networks can be managed.
  • Private networks do not span across several zones.

However, there is a small difference: unknown MAC addresses cannot be used. Do not create a bridge including the private interface.

To attach one instance to your private network, go to the instance details and click on the Add private network button:

Activate private network for an instance

Once the instance is attached to the private network, you will see the MAC address of the additional interface:

MAC address of additional interface

If you log into your instance, a new interface should have appeared! Repeat the operation for each instance you want to join the private network. Some operating systems, such as OpenBSD, will require a reboot for the interface to appear.

Configuration

By default, there is no DHCP listening on your private network. If you want a DHCP server attached to your private network, you should create a managed private network.

Managed private networks

Managed private networks allows you to create private networks with a DHCP server managed by Exoscale, in order to automatically configure the IP addresses of your private network interfaces.

You can also assign specific IP addresses to private network interfaces.

You can create a managed private networks through the portal or using tools like Terraform or the CLI. In this example, we will use the CLI.

Prerequisites

In order to use managed private networks, you should install (if it’s not already done) on your virtual machine Cloud Init version 19.3 or later and to use the Exoscale datasource.

You can find more informations about Cloud Init in our Documentation.

Create a managed private network

The startip, endip and netmask parameters allows you to define the IP range of your private network:

exo privnet create managed-privnet --zone ch-gva-2 --startip 10.0.0.20 --endip 10.0.0.200 --netmask 255.255.255.0

Some values are forbidden:

  • the startip must be lower than the endip, and cannot be the network address.
  • the endip cannot be the network broadcast address or the last IP of the network, because this IP will be the IP address of the DHCP server.
  • you cannot shrink the network range, you can only increase it. For example, exo privnet update --endip 10.0.0.230 will increase the network range.

In this example, the DHCP server will assign IP addresses between 10.0.0.20 and 10.0.0.200 to the network interfaces. This means that you can only have at most 180 machines in this network.

Static IP addresses

You can assign static IP addresses to private interfaces. The IP address must be in the network range, but not necessarily in the network IP range.

For example, you will be able to assign static IP addresses between 10.0.0.1 and 10.0.0.253 for the network defined above. the IP address must not be already used by a network interface.

You have two ways to configure a static IP on your private network interface:

  • By specifying the IP address when your virtual machine is associated to a managed private network. You can do this wih the exo privnet associate <privnet> <machine> <ip> command.
  • By using the updateVmNicIp API call, which corresponds to the exo vm updateip <privnet> <machine> <ip> command in the CLI.

Interfaces configuration

On Debian and Ubuntu, you will need to configure the corresponding network interface(s) - e.g. eth1 - for DHCP.

Ubuntu >= 18.04 (Bionic) [netplan]

In /etc/netplan/eth1.yaml:

network:
  version: 2
  ethernets:
    eth1:
      dhcp4: true

Followed by sudo netplan apply to bring the interface up.

Debian and Ubuntu < 18.04 [ifconfig]

In /etc/network/interfaces.d/eth1.conf:

allow-hotplug eth1
iface eth1 inet dhcp

Followed by ifup eth1 to bring the interface up.

Using cloud-init (for Debian or Ubuntu)

To automate your private network setup, you may include the ad-hoc configuration in your Compute instance’s user-data, e.g. for netplan (Ubuntu 18.04):

#cloud-config
write_files:
  - path: /etc/netplan/eth1.yaml
    content: |
      network:
        version: 2
        ethernets:
          eth1:
            dhcp4: true

runcmd:
  - [ netplan, apply ]

Unmanaged private networks

To use your private network with a static IP configuration on each instance, you need to choose a subnet and to keep track of the IP assigned to each of your instances. For example, assume you chose the 10.3.4.0/24 network and 10.3.4.10 as the IP address of your first instance. You can use any IP address in this network (from 10.3.4.1 to 10.3.4.254).

Interfaces configuration

You will need to configure the corresponding network interface(s) - e.g. eth1 - with their static IP parameters.

Ubuntu >= 18.04 (Bionic) [netplan]

In /etc/netplan/eth1.yaml:

network:
  version: 2
  ethernets:
    eth1:
      addresses:
        - 10.3.4.10/24

Followed by sudo netplan apply to bring the interface up.

Find more configuration examples about netplan on their website.

Debian and Ubuntu < 18.04 [ifconfig]

In /etc/network/interfaces.d/eth1.conf:

auto eth1
iface eth1 inet static
  address 10.3.4.10/24

Followed by ifup eth1 to bring the interface up.

Using cloud-init (for Debian or Ubuntu)

To automate your private network setup, you may include the ad-hoc configuration in your instance’s user-data, e.g. for netplan (Ubuntu 18.04):

#cloud-config
write_files:
  - path: /etc/netplan/eth1.yaml
    content: |
      network:
        version: 2
        ethernets:
          eth1:
            addresses:
              - 10.3.4.10/24

runcmd:
  - [ netplan, apply ]

CentOS

In /etc/sysconfig/network-scripts/ifcfg-eth1:

DEVICE=eth1
IPADDR=10.3.4.10
NETMASK=255.255.255.0
ONBOOT=yes

Followed by ifup eth1 to bring the interface up.

Windows

On Windows, go to the Network and sharing center. You should see the additional network interface:

Network and sharing center

Click on the name of the new interface (“Ethernet 2” in our screenshot). You should get the following dialog box:

Ethernet 2 status

Click on the Properties button. You will get the following dialog box:

Ethernet 2 properties

Click on Internet Protocol Version 4, then on Properties. You’ll get a new dialog box. Click on Use the following IP address and complete with the IP address you assigned for the instance (10.3.4.10) and use 255.255.255.0 for the subnet mask. You should get something like this:

IPv4 properties

OpenBSD

OpenBSD needs to be rebooted for the new interface to show up. Once rebooted, create the interface configuration file:

echo 'inet 10.3.4.10/24' > /etc/hostname.vio1
sh /etc/netstart vio1

Using the API

There are seven API endpoints related to the private network feature:

  • listNetworkOfferings to fetch the network offering id for private networking, named PrivNet.
  • listNetworks with parameter type=Isolated to get the list of private network you can use. There is one for each zone by default.
  • createNetwork to create additional private networks in a zone, using the networkofferingid retrieved with the listNetworkOfferings call.
  • addNicToVirtualMachine to add private network to an instance. You need to use the appropriate networkid retrieved with the listNetworks call.
  • removeNicFromVirtualMachine to remove the private network from an instance.
  • updateNetwork to change the name or displaytext of a network given its id.
  • deleteNetwork to delete a network, which requires to have previously removed all instances from that network.