Each instance may provision one or more additional unmanaged network interfaces. This interface is bound to a private network segment shared only with your other instances. Currently, a single private network per zone is automatically provisioned.

The private network is a classic layer 2 segment: it is as if your instances were attached to a dedicated switch. This means:

  • You can use any Ethernet-compatible protocol (IPv4, IPv6, NetBIOS).
  • Security group rules do not apply to traffic inside private networks.
  • Multicast and broadcast are authorized.
  • Only your instances are attached to the segment.
  • No encryption is performed but your packets do not leave our datacenter.
  • Private networks are unmanaged: there is no DHCP server to distribute IPv4 address.
  • Private networks do not span across several zones.

However, there is a small difference: unknown MAC addresses cannot be used. Do not create a bridge including the private interface.

Currently, on the portal interface, you can only attach your instance to the default private network. If you require to create more than one, you’ll have to do so through the API.

To attach one instance to your private network, go to the instance details and click on the Add private network button:

Activate private network for an instance

Once the instance is attached to the private network, you will see the MAC address of the additional interface:

MAC address of additional interface

If you log into your instance, a new interface should have appeared! Repeat the operation for each instance you want to join the private network. Some operating systems, such as OpenBSD, will require a reboot for the interface to appear.


There is no DHCP listening on your private network. You can put one yourself if you want. Meanwhile, let’s see how to use your private network with a static IP configuration on each instance.

You need to choose a subnet and to keep track of the IP assigned to each of your instances. For example, assume you chose the network and as the IP address of your first instance. You can use any IP address in this network (from to


Create a new file /etc/network/interfaces.d/01-privnet.cfg. For Debian, uses this stanza:

auto eth1
iface eth1 inet static

On Ubuntu, the new interface name is eth1 (on old template, you might have ens7):

auto eth1
iface eth1 inet static

Then, use ifup eth1 or ifup ens7 to bring up the interface.


On CentOS, create /etc/sysconfig/network-scripts/ifcfg-eth1 with the following content:


Then, use ifup eth1 to bring the interface up.


On Windows, go to the Network and sharing center. You should see the additional network interface:

Network and sharing center

Click on the name of the new interface (“Ethernet 2” in our screenshot). You should get the following dialog box:

Ethernet 2 status

Click on the Properties button. You will get the following dialog box:

Ethernet 2 properties

Click on Internet Protocol Version 4, then on Properties. You’ll get a new dialog box. Click on Use the following IP address and complete with the IP address you assigned for the instance ( and use for the subnet mask. You should get something like this:

IPv4 properties


OpenBSD needs to be rebooted for the new interface to show up. Once rebooted, create the interface configuration file:

echo 'inet' > /etc/hostname.vio1
sh /etc/netstart vio1

Using the API

There are seven API endpoints related to the private network feature:

  • listNetworkOfferings to fetch the network offering id for private networking, named PrivNet.
  • listNetworks with parameter type=Isolated to get the list of private network you can use. There is one for each zone by default.
  • createNetwork to create additional private networks in a zone, using the networkofferingid retrieved with the listNetworkOfferings call.
  • addNicToVirtualMachine to add private network to an instance. You need to use the appropriate networkid retrieved with the listNetworks call.
  • removeNicFromVirtualMachine to remove the private network from an instance.
  • updateNetwork to change the name or displaytext of a network given its id.
  • deleteNetwork to delete a network, which requires to have previously removed all instances from that network.