Private Networks¶
This page explains how to use private networks with GandiCloud VPS.
Private Networks in GandiCloud¶
A private network allows you to connect multiple GandiCloud VPS servers together, so that they can communicate through private IPs without their traffic going through the internet.
An example of a usual use case is to connect an application with its database, having these services hosted on 2 separate servers for better resources management. A private network helps ensure services can communicate without the database being reachable from the internet.
For now this functionality can only be used through the OpenStack API. You can create and manage your private networks using any tool that knows how to use this API, such as terraform or the OpenStack CLI.
This documentation will use the OpenStack CLI as an example, so please ensure that you have already configured your access to the CLI.
Create a private network and a subnet¶
To have a working private network, you first need to create a network
and a related subnet
.
openstack network create <network_name>
openstack subnet create --network <network_name> --subnet-range <private_CIDR> --dhcp --gateway None --dns-nameserver 0.0.0.0 <subnet_name>
Be sure to include the following:
<network_name>: The name you want to give to the network
<private_CIDR>: The range of IPs to provide to your servers, e.g. 192.168.0.0/24
–dhcp: Ensures your servers can get their private IP using DHCP
–gateway None: If your servers also have a public IP, this parameter ensures they do not get a default route to their private interface, as you will usually want this default route to go through the public interface
–dns-nameserver 0.0.0.0: This parameter disables OpenStack to advertise itself as a nameserver through DHCP in this network, preventing issues in name resolution if also using the public network.
<subnet_name>: The name you want to give to the subnet
List your private resources¶
You can list your private networks and get more information on them easily with the OpenStack CLI:
openstack network list
+--------------------------------------+--------------------+------------------------------------------------------------------------------------------------------------------+
| ID | Name | Subnets |
+--------------------------------------+--------------------+------------------------------------------------------------------------------------------------------------------+
| 4f60516f-5f84-4383-9eb7-3315a997e3fa | public | 85f96b71-ad3e-4c87-93f8-3dc0e5b5fa0a, aa800dcf-1dc0-4654-8404-d2b5642525ea, b6476bbd-6c43-400c-9880-9724ce572afa |
| 86dee42f-2e13-4527-ab48-fb8824170c1b | my-private-network | 58badf76-6eb0-47de-ad06-8628c2a56bef |
+--------------------------------------+--------------------+------------------------------------------------------------------------------------------------------------------+
openstack network show my-private-network # Get network details
openstack subnet show 58badf76-6eb0-47de-ad06-8628c2a56bef # Get subnet details
openstack port list --network my-private-network # List existing ports in this network
openstack server list | grep my-private-network # List servers having a port in this network
Connect an existing server to your private network¶
Once your private network is ready, you can start creating ports in this network and add these ports to your servers.
Note
The below commands assume you already have your servers and want to connect them through a private network. You can also create new servers directly connected to your private network by adding a --network <network_name_or_id>
parameter to your openstack server create
command (with or without --network public
). See Create a new server connected to your private network.
Option 1: select IP automatically¶
If you want the easy way and let OpenStack select an IP in your private network for you, the 1st option is to run the following:
openstack server add network <server_id_or_name> <network_id_or_name>
Be sure to include the following:
<server_id_or_name>: The name or ID of the server you want to connect to this network
<network_id_or_name>: The name or ID of the private network
Under the hood, OpenStack will create a port, choose an IP in the subnet you previously created and attach this port to your server.
Option 2: choose your IP manually¶
If you want to specify the private IP you want to assign to a server, you will need to create a port and attach it to your server.
openstack port create --network <network_id_or_name> --fixed-ip ip-address=<ip_address> <port_name>
openstack server add port <port_id_or_name> <network_id_or_name>
Be sure to include the following:
<network_id_or_name>: The name or ID of the private network
<ip_address>: The IP address to assign; this IP needs to belong to a subnet range previously created in the network
<port_name>: A name for the port
<port_id_or_name>: The ID returned by the port creation command or the chosen name of the port
<server_id_or_name>: The name or ID of the server you want to connect to this network
In your server¶
Once you attached a port to your server, you will see a new interface appear in your server (usually named eth1
):
ip a
If you don’t see any IP address on this interface, your may need to trigger a DHCP request manually:
sudo dhclient <interface_name>
Create a new server connected to your private network¶
Using the OpenStack API, you can create servers directly connected to a private network. This allows you to create servers without any interface in the public network, meaning they will not be reachable on the internet.
Important
With the below commands, your server will only get an IP address in your private network. It means for example that you will not be able to log into it using the ssh
command directly from your computer. To access your server and configure it, multiple solutions can be found that will not be covered in details here:
* Add a --network public
parameter to your openstack server create
command, so that your server also gets a public IP reachable from the internet (the --network
parameter can be set multiple times)
* Use another server that has both a public and a private IP in your network as a bastion to reach your server
* Rely on cloud-init to configure your server (adding a --user-data
parameter in the openstack server create
command)
Important
The below commands also mean that your server will not be able to connect to the internet, unless you use another server to act as a gateway (e.g. using NAT).
First, get the ID or name of your private network:
openstack network list
Then, you have 2 options:
Option 1: select IP automatically¶
Create your server using the --network
parameter:
openstack server create \
--flavor <flavor> \
--boot-from-volume <volume_size> \
--image '<image_name_or_id>' \
--key-name <your_key> \
--network <network_name_or_id> \
<server_name>
With the following parameters:
<flavor>: The name or ID of the wanted flavor (see
openstack flavor list
, e.g.V-R1
)<volume_size>: Size of the server’s boot volume, in Go
<image_name_or_id>: The name or ID of the boot image (see
openstack image list
, e.g.Debian 12 Bookworm
)<your_key>: The name or ID of the ssh key to insert on boot (see
openstack keypair list
)<network_name_or_id>: The name or ID of your private network
<server_name>: The name of your new server
Your server will be created with an IP randomly chosen in the subnet of your private network.
Option 2: choose your IP manually¶
Create your server using the --nic
parameter:
openstack server create \
--flavor <flavor> \
--boot-from-volume <volume_size> \
--image '<image_name_or_id>' \
--key-name <your_key> \
--nic net-id=<network_id>,v4-fixed-ip=<ip_address> \
<server_name>
With the following parameters:
<flavor>: The name or ID of the wanted flavor (see
openstack flavor list
, e.g.V-R1
)<volume_size>: Size of the server’s boot volume, in Go
<image_name_or_id>: The name or ID of the boot image (see
openstack image list
, e.g.Debian 12 Bookworm
)<your_key>: The name or ID of the ssh key to insert on boot (see
openstack keypair list
)<network_id>: The ID of your private network
<ip_address>: The IP address in your private subnet
<server_name>: The name of your new server