Private Networks¶

Private Networks in GandiCloud
- Through the user interface
- Through the OpenStack CLI

This page explains how to use private networks with GandiCloud VPS.

Private Networks in GandiCloud ¶

A private network allows you to connect multiple GandiCloud VPS servers together, so that they can communicate through private IPs without their traffic going through the internet.

An example of a usual use case is to connect an application with its database, having these services hosted on 2 separate servers for better resources management. A private network helps ensure services can communicate without the database being reachable from the internet.

Like every operation on your GandiCloud resources, you have multiple ways to manage your private networks:

Through the Gandi User interface.
Through the OpenStack CLI or any tool that knows how to use the OpenStack API, such as terraform.

Through the user interface ¶

The interface aims to be as straightforward as possible.

First access to the creation page, by selecting [Create a resource] on the GandiCLoud VPS page. From the dropdown menu, choose [New network]. On the dedicated page, choose:

a name to easily idenitfy your network
the range of private IPs to provide to your servers, e.g. 192.168.0.0/24

After this step, you are redirected to the overview page of your network. It will show you the information of your network including later which private IPs are assigned to your servers.

From this screen, you can click on the [Create] button next to the IP Addresses tab. It will display a form to choose:

which IP should be assigned. It can either be automatically selected or you can choose one manually within the subnet of the network.
the server where the IP address will be attached

Once submitted, you should see a new network interface available in your server; see In your server.

To detach a server from your private network, simply click on the trash bin next to its private IP in the network overview page; the network interface will be removed from your server.

Through the OpenStack CLI ¶

First, ensure that you have already configured your access to the CLI.

Create a private network and a subnet ¶

To have a working private network, you first need to create a network and a related subnet.

openstack network create <network_name>
openstack subnet create --network <network_name> --subnet-range <private_CIDR> --dhcp --gateway None --dns-nameserver 0.0.0.0 <subnet_name>

Be sure to include the following:

<network_name>: The name you want to give to the network
<private_CIDR>: The range of IPs to provide to your servers, e.g. 192.168.0.0/24
–dhcp: Ensures your servers can get their private IP using DHCP
–gateway None: If your servers also have a public IP, this parameter ensures they do not get a default route to their private interface, as you will usually want this default route to go through the public interface
–dns-nameserver 0.0.0.0: This parameter disables OpenStack to advertise itself as a nameserver through DHCP in this network, preventing issues in name resolution if also using the public network.
<subnet_name>: The name you want to give to the subnet

List your private resources ¶

You can list your private networks and get more information on them easily with the OpenStack CLI:

openstack network list
+--------------------------------------+--------------------+------------------------------------------------------------------------------------------------------------------+
| ID                                   | Name               | Subnets                                                                                                          |
+--------------------------------------+--------------------+------------------------------------------------------------------------------------------------------------------+
| 4f60516f-5f84-4383-9eb7-3315a997e3fa | public             | 85f96b71-ad3e-4c87-93f8-3dc0e5b5fa0a, aa800dcf-1dc0-4654-8404-d2b5642525ea, b6476bbd-6c43-400c-9880-9724ce572afa |
| 86dee42f-2e13-4527-ab48-fb8824170c1b | my-private-network | 58badf76-6eb0-47de-ad06-8628c2a56bef                                                                             |
+--------------------------------------+--------------------+------------------------------------------------------------------------------------------------------------------+

openstack network show my-private-network                   # Get network details

openstack subnet show 58badf76-6eb0-47de-ad06-8628c2a56bef  # Get subnet details

openstack port list --network my-private-network            # List existing ports in this network

openstack server list | grep my-private-network             # List servers having a port in this network

Connect an existing server to your private network ¶

Once your private network is ready, you can start creating ports in this network and add these ports to your servers.

Note

The below commands assume you already have your servers and want to connect them through a private network. You can also create new servers directly connected to your private network by adding a --network <network_name_or_id> parameter to your openstack server create command (with or without --network public). See Create a new server connected to your private network.

Option 1: select IP automatically¶

If you want the easy way and let OpenStack select an IP in your private network for you, the 1st option is to run the following:

openstack server add network <server_id_or_name> <network_id_or_name>

Be sure to include the following:

<server_id_or_name>: The name or ID of the server you want to connect to this network
<network_id_or_name>: The name or ID of the private network

Under the hood, OpenStack will create a port, choose an IP in the subnet you previously created and attach this port to your server.

Option 2: choose your IP manually¶

If you want to specify the private IP you want to assign to a server, you will need to create a port and attach it to your server.

openstack port create --network <network_id_or_name> --fixed-ip ip-address=<ip_address> <port_name>
openstack server add port <server_id_or_name> <port_id_or_name>

Be sure to include the following:

<network_id_or_name>: The name or ID of the private network
<ip_address>: The IP address to assign; this IP needs to belong to a subnet range previously created in the network
<port_name>: A name for the port
<port_id_or_name>: The ID returned by the port creation command or the chosen name of the port
<server_id_or_name>: The name or ID of the server you want to connect to this network

In your server¶

Once you attached a port to your server, you will see a new interface appear in your server (usually named enX1 or eth1):

ip a

If you don’t see any IP address belonging to your private network on this interface, you may need to configure DHCP (which depends on the network stack used in your vm) or trigger a DHCP request manually.

As an example, the debian 12 (bookworm) image relies on netplan to manage its network configuration in a declarative way.

You should see the new enX1 interface as “unmanaged” when running:

sudo netplan status --all

It might have a different name if you have other network interfaces configured.

This configuration is driven by yaml files located at /etc/netplan/. To manage your new enX1 interface using netplan and enable DHCP, you can run the following commands:

sudo netplan set --origin-hint second-interface ethernets.enX1.dhcp4=true
sudo netplan apply

The first command will write configuration for interface enX1 into a file /etc/netplan/second-interface.yaml and the second command will apply it.

After that, you should see the wanted private IP configured when running either ip a or sudo netplan status and should be able to reach other servers in your network.

If using a different network stack, you might want to try manually triggering a dhcp request:

sudo dhclient <interface_name>

Create a new server connected to your private network ¶

Using the OpenStack API, you can create servers directly connected to a private network. This allows you to create servers without any interface in the public network, meaning they will not be reachable on the internet.

Important

With the below commands, your server will only get an IP address in your private network. It means for example that you will not be able to log into it using the ssh command directly from your computer. To access your server and configure it, multiple solutions can be found that will not be covered in details here: * Add a --network public parameter to your openstack server create command, so that your server also gets a public IP reachable from the internet (the --network parameter can be set multiple times) * Use another server that has both a public and a private IP in your network as a bastion to reach your server * Rely on cloud-init to configure your server (adding a --user-data parameter in the openstack server create command)

Important

The below commands also mean that your server will not be able to connect to the internet, unless you use another server to act as a gateway (e.g. using NAT).

First, get the ID or name of your private network:

openstack network list

Then, you have 2 options:

Option 1: select IP automatically¶

Create your server using the --network parameter:

openstack server create \
    --flavor <flavor> \
    --boot-from-volume <volume_size> \
    --image '<image_name_or_id>' \
    --key-name <your_key> \
    --network <network_name_or_id> \
    <server_name>

With the following parameters:

<flavor>: The name or ID of the wanted flavor (see openstack flavor list, e.g. V-R1)
<volume_size>: Size of the server’s boot volume, in Go
<image_name_or_id>: The name or ID of the boot image (see openstack image list, e.g. Debian 12 Bookworm)
<your_key>: The name or ID of the ssh key to insert on boot (see openstack keypair list)
<network_name_or_id>: The name or ID of your private network
<server_name>: The name of your new server

Your server will be created with an IP randomly chosen in the subnet of your private network.

Option 2: choose your IP manually¶

Create your server using the --nic parameter:

openstack server create \
    --flavor <flavor> \
    --boot-from-volume <volume_size> \
    --image '<image_name_or_id>' \
    --key-name <your_key> \
    --nic net-id=<network_id>,v4-fixed-ip=<ip_address> \
    <server_name>

With the following parameters:

<flavor>: The name or ID of the wanted flavor (see openstack flavor list, e.g. V-R1)
<volume_size>: Size of the server’s boot volume, in Go
<image_name_or_id>: The name or ID of the boot image (see openstack image list, e.g. Debian 12 Bookworm)
<your_key>: The name or ID of the ssh key to insert on boot (see openstack keypair list)
<network_id>: The ID of your private network
<ip_address>: The IP address in your private subnet
<server_name>: The name of your new server

Private Networks¶

Private Networks in GandiCloud¶

Through the user interface¶

Through the OpenStack CLI¶

Create a private network and a subnet¶

List your private resources¶

Connect an existing server to your private network¶

Option 1: select IP automatically¶

Option 2: choose your IP manually¶

In your server¶

Create a new server connected to your private network¶

Option 1: select IP automatically¶

Option 2: choose your IP manually¶

Private Networks in GandiCloud ¶

Through the user interface ¶

Through the OpenStack CLI ¶

Create a private network and a subnet ¶

List your private resources ¶

Connect an existing server to your private network ¶

Create a new server connected to your private network ¶