Each instance may provision an additional unmanaged network interface. This interface is bound to a private network segment shared only with your other instances. Currently, a single private network per zone can be provisioned.

The private network is a classic layer 2 segment: it is as if your instances were attached to a dedicated switch. This means:

  • You can use any Ethernet-compatible protocol (IPv4, IPv6, NetBIOS).
  • Security group rules do not apply to traffic inside private networks.
  • Multicast and broadcast are authorized.
  • Only your instances are attached to the segment.
  • No encryption is performed but your packets do not leave our datacenter.
  • Private networks are unmanaged: there is no DHCP server to distribute IPv4 address.
  • Private networks do not span across several zones.

However, there is a small difference: unknown MAC addresses cannot be used. Do not create a bridge including the private interface.

To attach one instance to your private network, go to the instance details and click on the Add private network button:

Activate private network for an instance

Once the instance is attached to the private network, you will see the MAC address of the additional interface:

MAC address of additional interface

If you log into your instance, a new interface should have appeared! Repeat the operation for each instance you want to join the private network. Some operating systems, such as OpenBSD, will require a reboot for the interface to appear.

Configuration

There is no DHCP listening on your private network. You can put one yourself if you want. Meanwhile, let’s see how to use your private network with a static IP configuration on each instance.

You need to choose a subnet and to keep track of the IP assigned to each of your instances. For example, assume you chose the 10.3.4.0/24 network and 10.3.4.10 as the IP address of your first instance. You can use any IP address in this network (from 10.3.4.1 to 10.3.4.254).

Debian/Ubuntu

Create a new file /etc/network/interfaces.d/01-privnet.cfg. For Debian, uses this stanza:

auto eth1
iface eth1 inet static
   address 10.3.4.10/24

On Ubuntu, the new interface name is ens7:

auto ens7
iface ens7 inet static
   address 10.3.4.10/24

Then, use ifup eth1 or ifup ens7 to bring up the interface.

CentOS

On CentOS, create /etc/sysconfig/network-scripts/ifcfg-eth1 with the following content:

DEVICE=eth1
IPADDR=10.3.4.10
NETMASK=255.255.255.0
ONBOOT=yes

Then, use ifup eth1 to bring the interface up.

Windows

On Windows, go to the Network and sharing center. You should see the additional network interface:

Network and sharing center

Click on the name of the new interface (“Ethernet 2” in our screenshot). You should get the following dialog box:

Ethernet 2 status

Click on the Properties button. You will get the following dialog box:

Ethernet 2 properties

Click on Internet Protocol Version 4, then on Properties. You’ll get a new dialog box. Click on Use the following IP address and complete with the IP address you assigned for the instance (10.3.4.10) and use 255.255.255.0 for the subnet mask. You should get something like this:

IPv4 properties

OpenBSD

OpenBSD needs to be rebooted for the new interface to show up. Once rebooted, create the interface configuration file:

echo 'inet 10.3.4.10/24' > /etc/hostname.vio1
sh /etc/netstart vio1

Using the API

There are three API endpoints related to the private network feature: