Each instance may provision an additional unmanaged network interface. This interface is bound to a private network segment shared only with your other instances. Currently, a single private network per zone can be provisioned.
The private network is a classic layer 2 segment: it is as if your instances were attached to a dedicated switch. This means:
- You can use any Ethernet-compatible protocol (IPv4, IPv6, NetBIOS).
- Security group rules do not apply to traffic inside private networks.
- Multicast and broadcast are authorized.
- Only your instances are attached to the segment.
- No encryption is performed but your packets do not leave our datacenter.
- Private networks are unmanaged: there is no DHCP server to distribute IPv4 address.
- Private networks do not span across several zones.
However, there is a small difference: unknown MAC addresses cannot be used. Do not create a bridge including the private interface.
To attach one instance to your private network, go to the instance details and click on the Add private network button:
Once the instance is attached to the private network, you will see the MAC address of the additional interface:
If you log into your instance, a new interface should have appeared! Repeat the operation for each instance you want to join the private network. Some operating systems, such as OpenBSD, will require a reboot for the interface to appear.
There is no DHCP listening on your private network. You can put one yourself if you want. Meanwhile, let’s see how to use your private network with a static IP configuration on each instance.
You need to choose a subnet and to keep track of the IP assigned to
each of your instances. For example, assume you chose the
10.3.4.0/24 network and
10.3.4.10 as the IP address of your first
instance. You can use any IP address in this network (from
Create a new file
Debian, uses this stanza:
auto eth1 iface eth1 inet static address 10.3.4.10/24
On Ubuntu, the new interface name is
auto ens7 iface ens7 inet static address 10.3.4.10/24
ifup eth1 or
ifup ens7 to bring up the interface.
On CentOS, create
/etc/sysconfig/network-scripts/ifcfg-eth1 with the
DEVICE=eth1 IPADDR=10.3.4.10 NETMASK=255.255.255.0 ONBOOT=yes
ifup eth1 to bring the interface up.
On Windows, go to the Network and sharing center. You should see the additional network interface:
Click on the name of the new interface (“Ethernet 2” in our screenshot). You should get the following dialog box:
Click on the Properties button. You will get the following dialog box:
Click on Internet Protocol Version 4, then on Properties. You’ll
get a new dialog box. Click on Use the following IP address and
complete with the IP address you assigned for the instance
10.3.4.10) and use
255.255.255.0 for the subnet mask. You should
get something like this:
OpenBSD needs to be rebooted for the new interface to show up. Once rebooted, create the interface configuration file:
echo 'inet 10.3.4.10/24' > /etc/hostname.vio1 sh /etc/netstart vio1
Using the API
There are three API endpoints related to the private network feature:
- listNetworks with parameter
type=Isolatedto get the list of private network you can use. There is one for each zone.
to add private network to an instance. You need to use the
networkidretrieved with the listNetworks call.
- removeNicFromVirtualMachine to remove the private network from an instance.