Configuring Instances manually on a Private Network
Reviewed on 12 August 2024
Important
DHCP is activated by default on all newly-created Private Networks, and cannot be deactivated.
If you have a Private Network created before July 12 2023, check our migration documentation to find out if DHCP has been automatically activated on your network.
We recommend activating DHCP and letting us take care of the automatic IP address management of all resources on your Private Networks, including Instances, to ensure they are fully compatible with managed products and integrated with our internal IPAM.
The steps outlined in this document are intended for advanced users only and are not supported by Scaleway.
Once you have added your Instances to a Private Network, you can manually configure the virtual network interface on each one. You will also need to turn off the automatic DHCP scripts found on the Instance for Private Network, so that they do not conflict with the manual configuration you are creating. These steps are explained below.
Note
We recommend not using publicly routed IP subnets within your Private Network.
While the configuration may work for your Instances to communicate with each other, it could lead to connectivity issues to machines on the public internet within these ranges.
We advise you to configure your Private Network using IPs from the following private IP ranges:
192.168.0.0 - 192.168.255.255 (65,536 IP addresses) and
172.16.0.0 - 172.31.255.255 (1,048,576 IP addresses).
You can use any subnet mask allowed by these ranges. The only constraint is that all interfaces in the same Private Network must be configured with the same subnet mask. If you are not sure, use /24 for your Private Network.
Using the 10.0.0.0/8 private IP range is not recommended, as this block is used for the Instances’ own private IPs and infrastructure services.
The Private Network interface can be identified by its associated MAC address, which always begins with 02:00:00:xx:yy:zz.
Note
The network interface names may be different, depending on the operating system and the release you use.
Important
The network interface name is not guaranteed to be stable and may change across reboot or poweroff and poweron actions, similarily to the rest of the PCI hierarchy.
For convenience, you can give a more significant name (e.g. priv0) to the Private Network interface. Configure the new interface name as follows:
root@virtual-instance:~# ip link set down dev ens5
root@virtual-instance:~# ip link set name priv0 dev ens5
root@virtual-instance:~# ip link set up dev priv0
Note
This renaming action will not persist across reboots. See below for a solution.
Make these changes persistent at reboot to ensure the Private Networks interface always gets the same name based on its MAC address. This is done by adding the following rule to the /etc/udev/rules.d/75-persistent-net-generator.rules file. Make sure that you replace the address with the correct MAC address for your case:
If you want to attach a server to multiple Private Networks, create a rule for each network by replacing the MAC address and the interface name priv0 by priv1, priv2 and so on.
Once you have brought up the Private Network via the previous steps, you can configure its IP address. The steps required to configure the IP address change depending on your Linux distribution:
To configure a static IP address on the Private Network interface (previously named priv0), open the Netplan configuration file and configure the interface as follows:
Note
The location of the Netplan configuration file varies depending on the Ubuntu release:
In this example, the IP subnet 192.168.42.0/24 is being used.
Once the interface is configured, save the file and exit the editor.
Bring the interface up using the command netplan apply.
Repeat these steps on the other Instances that will communicate within the Private Network.
Open the file /etc/sysconfig/network-scripts/ifcfg-priv0 (replace priv0 with the name of the private interface) and configure the virtual network interface as follows:
DEVICE=priv0
BOOTPROTO=none
ONBOOT=yes
USERCTL=no
IPV6INIT=no
TYPE=Ethernet
# configure the IPADDR and NETMASK towards the parameters of your Private Network
NETMASK=255.255.255.0
IPADDR=192.168.43.4
ARP=yes
# replace HWADDR with the MAC address assoicated to the interface
HWADDR=02:00:00:00:1a:ae
In this example the IP subnet 192.168.42.0/24 is being used. The interface uses the MAC address (02:00:00:00:1a:b0) assigned to the Instance as it was attached to the Private Network.
Once the interface is configured, save the file and exit the text editor.
Restart the network service to bring the configured interface up:
By default, Instances are configured with a default route on their public interface that allows them to reach the Scaleway Metadata API. When an Instance is on a Private Network attached to a Public Gateway, it ends up with two default routes: one towards the gateway on the Private Network and the other towards the Scaleway Metadata API on the public interface. It is necessary to adjust the metric of the default route through the gateway to make it the preferred one, and to configure the route to the Scaleway Metadata API manually.
Note
If your Instance supports autoconfiguration, and you want to configure manually, make sure that you disable autoconfiguration as follows:
The endpoint for the Scaleway Metadata API is 169.254.42.42/32, and the gateway depends on your Instance. You can retrieve it with the following command:
# ip route show
default via 10.68.2.114 dev eth0 proto dhcp metric 100
10.68.2.114/31 dev eth0 proto kernel scope link src 10.68.2.115 metric 100
The address of the gateway to the Scaleway Metadata API is 10.68.2.114. Now, add a specific route to the API as follows:
# ip route add 169.254.42.42/32 via 10.68.2.114
Configure DHCP on the Instance, adjusting the metric of the default route.