NavigationContentFooter

Public Gateways API

Introduction

Scaleway Public Gateways are building blocks for your infrastructure on Scaleway's public cloud. They sit at the border of Private Networks and provide access to/from other networks or the Internet. As well as this, Public Gateways offer a host of managed features and services to facilitate the management of resources in your Private Network, including DHCP to dynamically assign IP addresses, and NAT to map private IP addresses in the Private Network to the public IP address of the Public Gateway.

Tip

To create and manage your Private Networks, check out our Private Networks API.

Concepts

Refer to our dedicated concepts page to find definitions of all terminology related to Public Gateways, including DHCP, NAT, SSH bastion and more.

Quickstart

  1. Configure your environment variables.

    Note

    This is an optional step that seeks to simplify your usage of the Public Gateways API.

    export SCW_SECRET_KEY="<API secret key>"
    export SCW_DEFAULT_ZONE="<Scaleway default Availability Zone>"
    export SCW_PROJECT_ID="<Scaleway Project ID>"
  2. Choose a Public Gateway type: Public Gateways come in different shapes and sizes, with different network capabilities and pricing. When you create your Public Gateway, you need to include the required Public Gateway type in the request. Use the following call to get a list of available Public Gateway offer types and their details:

    curl -X GET \
    -H "X-Auth-Token: $SCW_SECRET_KEY" \
    -H "Content-Type: application/json" \
    "https://api.scaleway.com/vpc-gw/v1/zones/$SCW_DEFAULT_ZONE/gateway-types"
  3. Create a Public Gateway: run the following command to create a Public Gateway. You can customize the details in the payload (name, description, tags, etc) to your needs: use the information below to adjust the payload as necessary.

    curl -X POST \
    -H "X-Auth-Token: $SCW_SECRET_KEY" \
    -H "Content-Type: application/json" \
    "https://api.scaleway.com/vpc-gw/v1/zones/$SCW_DEFAULT_ZONE/gateways" \
    -d '{
    "type": "VPC-GW-S",
    "name": "my-new-gateway",
    "tags": ["my-first-tag", "my-second-tag"],
    "project_id": "'"$SCW_PROJECT_ID"'"
    }'
    ParameterDescriptionValid values
    typeThe type of Public Gateway (commercial offer type) to create. Use the Gateway Types endpoint to get a list of offer types.Any valid offer type string, e.g. VPC-GW-S
    nameA name of your choice for the Public GatewayAny string containing only alphanumeric characters and dashes, e.g. my-new-gateway.
    tagsA list of tags to describe your Public Gateway. These can help you manage and filter your gateways.A list of alphanumeric strings, e.g. ["my-first-tag, my-second-tag
    project_idThe Scaleway Project ID to create the Public Gateway in.A valid Scaleway Project ID, e.g. f5fe13a0-b9c7-11ed-afa1-0242ac120002

    Note: Further parameters are available, but for the purposes of this quickstart we have included only the essentials. See the Create a Public Gateway endpoint documentation below for full details of all possible parameters.

  4. Get a list of your Public Gateways: run the following command to get a list of all your Public Gateways.

    curl -X GET \
    -H "X-Auth-Token: $SCW_SECRET_KEY" \
    -H "Content-Type: application/json" \
    "https://api.scaleway.com/vpc-gw/v1/zones/$SCW_DEFAULT_ZONE/gateways"
  5. Attach a Private Network to a Public Gateway: run the following command to attach a Private Network to your Public Gateway, and make all the Gateway's services such as DHCP and NAT available to the Private Network. You can customize the details in the payload to your needs: use the information below to adjust the payload as necessary.

    Tip

    If you haven't created a Private Network yet, see the Private Networks documentation to learn how to do so. Ensure you retain the ID of the Private Network.

    curl -X POST \
    -H "X-Auth-Token: $SCW_SECRET_KEY" \
    -H "Content-Type: application/json" \
    "https://api.scaleway.com/vpc-gw/v1/zones/$SCW_DEFAULT_ZONE/gateway-networks" \
    -d '{
    "gateway_id": "b1b2edda-9364-422d-93f2-ad04e6a054dc",
    "private_network_id": "548dbcc3-8b78-486f-a79a-c3f5a17642f9",
    "enable_masquerade": true,
    "dhcp": {
    "project_id": "'"$SCW_PROJECT_ID"'",
    "subnet": "192.168.1.0/24"
    }
    }'

    This configuration will set up the Public Gateway as a NAT gateway, masquerading traffic sent to it to the outer internet to provide internet access to resources in the Private Network, and serving IP addresses through DHCP to said instances, in the subnet 192.168.1.0/24.

    ParameterDescriptionValid values
    gateway_idThe Public Gateway ID of an existing Public GatewayAny valid Public Gateway ID, e.g. b1b2edda-9364-422d-93f2-ad04e6a054dc
    private_network_idThe Private Network ID of an existing Private NetworkAny valid Private Network ID in the same Availability Zone as the Public Gateway, e.g. 548dbcc3-8b78-486f-a79a-c3f5a17642f9
    enable_masqueradeDefines whether the gateway should masquerade traffic for the attached Private Network (i.e. whether to enable dynamic NAT)A boolean value, e.g. true
    dhcpAn DHCP object (see object definition in the DHCP endpoint documentation below), which defines DHCP configuration.An object which includes the Scaleway Project ID of the Public Gateway/Private Network, and the subnet to use for the Private Network e.g. {"project_id": "'$SCW_PROJECT_ID'", "subnet": "192.168.1.0/24"}
    Note

    Further parameters are available, but for the purposes of this quickstart we have included only the essentials. See the Attach a gateway to a Private Network documentation below for full details of all possible parameters.

  6. Delete a Public Gateway: run the following call to delete your Public Gateway. Ensure that you replace <PUBLIC-GATEWAY-ID> in the URL with the ID of the Public Gateway you want to delete.

    curl -X DELETE \
    -H "X-Auth-Token: $SCW_SECRET_KEY" \
    -H "Content-Type: application/json" \
    "https://api.scaleway.com/vpc-gw/v1/zones/$SCW_DEFAULT_ZONE/gateways/<PUBLIC-GATEWAY-ID>"

    The expected successful response is empty.

Requirements
  • You have a Scaleway account
  • You have created an API key and that the API key has sufficient IAM permissions to perform the actions described on this page
  • You have installed curl

Technical limitations

The following limitations apply to Public Gateways:

  • A maximum of eight (8) Private Networks can be plugged into a single Public Gateway
  • Note that the Public Gateway takes some time to start up, and actions on it are impossible unless it is in the running state. To check the current state of a Public Gateway, use the Get a Public Gateway endpoint to get information for your gateway: the status field of the response will tell you if it is running or in another state.
  • For further information about Public Gateway limitations see our dedicated documentation.

Technical information

Availability Zones

Public Gateways can be deployed in the following Availability Zones:

NameAPI ID
Parisfr-par-1 fr-par-2
Amsterdamnl-ams-1 nl-ams-2
Warsawpl-waw-1 pl-waw-2

The Scaleway Public Gateways API is a zoned API, meaning that each call must specify in its path parameters the Availability Zone for the resources concerned by the call.

Going further

For more help using Scaleway Public Gateways, check out the following resources:

  • Our main documentation
  • The #public-gateway channel on our Slack Community
  • Our support ticketing system.

Gateways

Public Gateways are building blocks for your infrastructure on Scaleway's shared public cloud. They provide a set of managed network services and features for Scaleway's Private Networks such as DHCP, NAT and routing.

GET
/vpc-gw/v1/zones/{zone}/gateways
POST
/vpc-gw/v1/zones/{zone}/gateways
GET
/vpc-gw/v1/zones/{zone}/gateways/{gateway_id}
PATCH
/vpc-gw/v1/zones/{zone}/gateways/{gateway_id}
DELETE
/vpc-gw/v1/zones/{zone}/gateways/{gateway_id}
POST
/vpc-gw/v1/zones/{zone}/gateways/{gateway_id}/enable-ip-mobility
POST
/vpc-gw/v1/zones/{zone}/gateways/{gateway_id}/refresh-ssh-keys
POST
/vpc-gw/v1/zones/{zone}/gateways/{gateway_id}/upgrade

Gateway Networks

A Gateway Network represents the connection of a Private Network to a Public Gateway. It holds configuration options relative to this specific connection, such as the DHCP configuration.

GET
/vpc-gw/v1/zones/{zone}/gateway-networks
POST
/vpc-gw/v1/zones/{zone}/gateway-networks
GET
/vpc-gw/v1/zones/{zone}/gateway-networks/{gateway_network_id}
PATCH
/vpc-gw/v1/zones/{zone}/gateway-networks/{gateway_network_id}
DELETE
/vpc-gw/v1/zones/{zone}/gateway-networks/{gateway_network_id}

DHCP

These objects define a DHCP configuration, i.e. how IP addresses should be assigned to devices on a Private Network attached to a Public Gateway. Definable parameters include the subnet for the DHCP server, the validity period for DHCP entries, whether to use dynamic pooling, and more. A DHCP configuration object has a DHCP ID, which can then be used as part of a call to create or update a Gateway Network. This lets you attach an existing DHCP configuration to a Public Gateway attached to a Private Network. Similarly, you can use a DHCP ID as a query parameter to list Gateway Networks which use this DHCP configuration object.

GET
/vpc-gw/v1/zones/{zone}/dhcps
POST
/vpc-gw/v1/zones/{zone}/dhcps
GET
/vpc-gw/v1/zones/{zone}/dhcps/{dhcp_id}
PATCH
/vpc-gw/v1/zones/{zone}/dhcps/{dhcp_id}
DELETE
/vpc-gw/v1/zones/{zone}/dhcps/{dhcp_id}

DHCP Entries

DHCP entries belong to a specified Gateway Network (Public Gateway / Private Network connection). A DHCP entry can hold either a dynamic DHCP lease (an IP address dynamically assigned by the Public Gateway to a device) or a static, user-created DHCP reservation.

GET
/vpc-gw/v1/zones/{zone}/dhcp-entries
POST
/vpc-gw/v1/zones/{zone}/dhcp-entries
PUT
/vpc-gw/v1/zones/{zone}/dhcp-entries
GET
/vpc-gw/v1/zones/{zone}/dhcp-entries/{dhcp_entry_id}
PATCH
/vpc-gw/v1/zones/{zone}/dhcp-entries/{dhcp_entry_id}
DELETE
/vpc-gw/v1/zones/{zone}/dhcp-entries/{dhcp_entry_id}

PAT Rules

PAT (Port Address Translation) rules, aka static NAT rules, belong to a specified Public Gateway. They define the forwarding of a public port to a specific device on a Private Network, enabling enables ingress traffic from the public Internet to reach the correct device in the Private Network.

GET
/vpc-gw/v1/zones/{zone}/pat-rules
POST
/vpc-gw/v1/zones/{zone}/pat-rules
PUT
/vpc-gw/v1/zones/{zone}/pat-rules
GET
/vpc-gw/v1/zones/{zone}/pat-rules/{pat_rule_id}
PATCH
/vpc-gw/v1/zones/{zone}/pat-rules/{pat_rule_id}
DELETE
/vpc-gw/v1/zones/{zone}/pat-rules/{pat_rule_id}

IPs

Public, flexible IP addresses for Public Gateways, allowing the gateway to reach the public internet, as well as forward (masquerade) traffic from member devices of attached Private Networks.

GET
/vpc-gw/v1/zones/{zone}/ips
POST
/vpc-gw/v1/zones/{zone}/ips
GET
/vpc-gw/v1/zones/{zone}/ips/{ip_id}
PATCH
/vpc-gw/v1/zones/{zone}/ips/{ip_id}
DELETE
/vpc-gw/v1/zones/{zone}/ips/{ip_id}

Gateway Types

Public Gateways come in various shapes, sizes and prices, which are described by gateway types. They represent the different commercial offer types for Public Gateways available at Scaleway.

GET
/vpc-gw/v1/zones/{zone}/gateway-types
API DocsScaleway consoleDedibox consoleScaleway LearningScaleway.comPricingBlogCareers
© 2023-2024 – Scaleway