Reviewed on 04 October 2024 • Published on 06 February 2022
VPC allows you to build your own Virtual Private Cloud on top of Scaleway’s shared public cloud. One default VPC per region is automatically created per Scaleway Project, and you can create more if you wish. Within each VPC, you can create Private Networks and attach Scaleway resources (Instances, Elastic Metal servers, Load Balancers etc.) to them, as long as the resources are within the network’s region. Attached resources can then communicate between themselves in an isolated and secure virtual layer 2 network, away from the public internet. More features and resources will be coming to the VPC product in the future.
One default VPC per region is automatically created per Scaleway Project. You can create more if you wish, but it is not necessary for basic use cases.
Click VPC in the Network section of the Scaleway console side menu. Your VPC dashboard displays:
You see three default VPCs, one for each of the following regions:
Paris PAR
Amsterdam AMS
Warsaw WAW
Any new Private Networks that you create will be added to the default VPC for their region, unless you override this by specifying a different VPC.
Click VPC in the Network section of the side menu. The list of your VPCs displays:
Each Private Network must be created within a VPC.
Click the VPC you wish to create your Private Network in.
If you already have existing Private Networks in this VPC, a list of these displays. Otherwise, you see a welcome screen.
Click + Create Private Network. The creation screen displays.
Enter a name for the network, or leave the randomly-generated name in place. Optionally, you can also add tags to help organize your Private Networks. Each tag should be separated by a space.
Note
Avoid using a Top Level Domain as your Private Network name, as this can cause addressing conflicts. For example, do not call your Private Network dev, cloud or com. For a complete reference of TLDs to avoid, see the full list provided by IANA. Read more about this issue in our dedicated documentation.
Leave the Advanced Settings at default values, to create a network with an auto-generated CIDR block. IP addresses for attached resources will come from this block.
Click Create Private Network to finish. Your Private Network is created.
Click VPC in the Network section of the side menu. Your VPC dashboard displays:
Click the VPC containing the Private Network to which you want to attach a resource.
A list of Private Networks in this VPC displays.
Click the Private Network to which you want to attach a resource.
The Private Network’s dashboard displays.
Click the Attached resources tab.
If you already have resources attached to the Private Network, a list of these displays. Otherwise, you see a welcome screen.
Click +Attach resource. The following screen displays.
Select the type of resource (Instance, Elastic Metal server etc.) that you want to attach. Then select the specific resource to attach. Only resources within the same region (or one of its Availability Zones) as the Private Network will be displayed.
Tip
When attaching Instances, Load Balancers and Public Gateways, you have the option to either auto-allocate an available IP from the pool of addresses for the Private Network, or to specify an IP that you have already reserved via IPAM. For Instances, which support both IPv4 and IPv6 for private IP addresses, you can also choose to auto-allocate or specify a reserved IP for each address type.
Support for using reserved IPs to attach Elastic Metal servers and Managed Databases to Private Networks will be coming soon.
Click Attach to Private Network to finish.
You are returned to the list of attached resources, where the newly-attached resource now displays.
Tip
Viewing the resource’s private IP: When you attach a resource to a Private Network, it gets a private IPv4 address on that network (and also an IPv6 address, if supported by the resource). Private IPs are assigned from the CIDR block defined at the time of the Private Network’s creation, either via auto-assignment or specification of a particular reserved IP. You can view a resource’s IPv4 or v6 address in the Attached Resources tab of the Private Network itself (follow steps 1 - 4 above). It can also be viewed via the Private Networks tab of the resource’s own dashboard.
Routing is used to manage and control the flow of traffic within a VPC. It tells the VPC where to send traffic trying to get to a specific destination IP address. Notably, it allows traffic to be automatically routed between resources attached to different Private Networks within the VPC, using their private IP addresses. You can also create your own custom routes.
Your VPC’s route table can be found in its Routing tab. The route table shows all the existing routes for the VPC.
Click VPC in the Network section of the side menu. The list of your VPCs displays.
Click a VPC, and click the Routing tab.
Routes are automatically generated and added to the route table when you:
Create a Private Network in the VPC (this generates a local subnet route, which allows the VPC to automatically route traffic between Private Networks), or
Attach a Public Gateway to a Private Network and set it to advertise a default route. This generates a default route to the internet.