Each instance may provision an additional unmanaged network interface. This interface is bound to a private network segment shared only with your other instances. Currently, a single private network per zone can be provisioned.

The private network is a classic layer 2 segment: it is as if your instances were attached to a dedicated switch. This means:

  • You can use any Ethernet-compatible protocol (IPv4, IPv6, NetBIOS).
  • Security group rules do not apply to traffic inside private networks.
  • Multicast and broadcast are authorized.
  • Only your instances are attached to the segment.
  • No encryption is performed but your packets do not leave our datacenter.
  • Private networks are unmanaged: there is no DHCP server to distribute IPv4 address.
  • Private networks do not span across several zones.

However, there is a small difference: unknown MAC addresses cannot be used. Do not create a bridge including the private interface.

To attach one instance to your private network, go to the instance details and click on the Add private network button:

Activate private network for an instance

Once the instance is attached to the private network, you will see the MAC address of the additional interface:

MAC address of additional interface

If you log into your instance, a new interface should have appeared! Repeat the operation for each instance you want to join the private network. Some operating systems, such as OpenBSD, will require a reboot for the interface to appear.


There is no DHCP listening on your private network. You can put one yourself if you want. Meanwhile, let’s see how to use your private network with a static IP configuration on each instance.

You need to choose a subnet and to keep track of the IP assigned to each of your instances. For example, assume you chose the network and as the IP address of your first instance. You can use any IP address in this network (from to


Create a new file /etc/network/interfaces.d/01-privnet.cfg. For Debian, uses this stanza:

auto eth1
iface eth1 inet static

On Ubuntu, the new interface name is ens7:

auto ens7
iface ens7 inet static

Then, use ifup eth1 or ifup ens7 to bring up the interface.


On CentOS, create /etc/sysconfig/network-scripts/ifcfg-eth1 with the following content:


Then, use ifup eth1 to bring the interface up.


On Windows, go to the Network and sharing center. You should see the additional network interface:

Network and sharing center

Click on the name of the new interface (“Ethernet 2” in our screenshot). You should get the following dialog box:

Ethernet 2 status

Click on the Properties button. You will get the following dialog box:

Ethernet 2 properties

Click on Internet Protocol Version 4, then on Properties. You’ll get a new dialog box. Click on Use the following IP address and complete with the IP address you assigned for the instance ( and use for the subnet mask. You should get something like this:

IPv4 properties


OpenBSD needs to be rebooted for the new interface to show up. Once rebooted, create the interface configuration file:

echo 'inet' > /etc/hostname.vio1
sh /etc/netstart vio1

Using the API

There are three API endpoints related to the private network feature: