Note
VPC v2 is now in General Availability.
VPC API
Introduction
VPC allows you to build your own Virtual Private Cloud on top of Scaleway’s shared public cloud.
One default VPC for every available region is automatically created in each Scaleway Project.
VPC currently comprises the regional Private Networks product. Layer 2 regional Private Networks sit inside the layer 3 VPC. Private Networks allows Scaleway resources (Instances, Load Balancers, Managed Databases etc.) within a single region to be interconnected through a dedicated, private, and flexible .
You can add as many resources to your networks as you want, and add up to eight (8) different networks per resource. This allows you to run services isolated from the public internet and expose them to the rest of your infrastructure without worrying about public network filtering.
Tip
Check out our to facilitate the management of IP addresses across your different Scaleway resources.
Concepts
Refer to our to find definitions of all concepts and terminology related to VPC.
Quickstart
-
Configure your environment variables
NoteThis is an optional step that seeks to simplify your usage of the API. See the section below for help choosing an Availability Zone and Region. You can find your Project ID in the .
export SCW_SECRET_KEY="<API secret key>"export SCW_DEFAULT_REGION="<Scaleway region>"export SCW_DEFAULT_ZONE="<Scaleway Availability Zone>"export SCW_PROJECT_ID="<Scaleway Project ID>" -
Create a Private Network. Run the following command to create a Private Network. You can customize the details in the payload (name, tags etc.) to your needs.
curl -X POST \-H "X-Auth-Token: $SCW_SECRET_KEY" \-H "Content-Type: application/json" \"https://api.scaleway.com/vpc/v2/regions/$SCW_DEFAULT_REGION/private-networks" \-d '{"name": "My new Private Network","project_id": "'"$SCW_PROJECT_ID"'","tags": ["test", "dev"]}'TipKeep the
idfield of the response: it is your Private Network ID, and is useable across all Scaleway products that support Private Networks. It may be useful to you to export the Private Network ID as a new environment variableexport PN_ID="<Your Private Network ID> -
Attach a resource to your Private Network. Each Scaleway product has its own API to interact with Private Networks. To attach an Instance, Managed Database, Elastic Metal server, Load Balancer or Public Gateway to your Private Network, see instructions in the documentation of the relevant product API. Here, we take the example of an Instance.
Use the following call to attach an Instance to your Private Network. Ensure you replace
<Instance ID>with the ID of your Instance, and<Private Network ID>with the ID of your Private Network. Note that the Instance must be in an Availability Zone that is part of the region of your Private Network.curl -X POST \-H "X-Auth-Token: $SCW_SECRET_KEY" \-H "Content-Type: application/json" \"https://api.scaleway.com/instance/v1/zones/$SCW_DEFAULT_ZONE/servers/<Instance ID>/private_nics" \-d '{"private_network_id": "<Private Network ID>"}'TipKeep the
idfield of the response: it is your Private NIC ID. It may be useful to you to export the Private NIC ID as a new environment variableexport NIC_ID="<Your Private NIC ID>.TipKeep the
mac_addressfield of the response, as it will allow you to identify the Private NIC inside your Instance. If successful, a new network interface will appear inside your Instance, ready to be configured to transmit traffic to other Instances of the same network, with the MAC address returned by the API call. -
Confirm that the network interface has been plugged in. To do this, connect to your Instance and run
dmseg. You should see an output similar to the following:[1579004.592869] pci 0000:00:05.0: [1af4:1000] type 00 class 0x020000[1579004.594835] pci 0000:00:05.0: reg 0x10: [io 0x0000-0x003f][1579004.596715] pci 0000:00:05.0: reg 0x14: [mem 0x00000000-0x00000fff][1579004.598732] pci 0000:00:05.0: reg 0x20: [mem 0x00000000-0x00003fff 64bit pref][1579004.600765] pci 0000:00:05.0: reg 0x30: [mem 0x00000000-0x0007ffff pref][1579004.603819] pci 0000:00:05.0: BAR 6: assigned [mem 0xc0100000-0xc017ffff pref][1579004.604582] pci 0000:00:05.0: BAR 4: assigned [mem 0x100000c000-0x100000ffff 64bit pref][1579004.605555] pci 0000:00:05.0: BAR 1: assigned [mem 0xc0003000-0xc0003fff][1579004.606383] pci 0000:00:05.0: BAR 0: assigned [io 0x1000-0x103f][1579004.607212] virtio-pci 0000:00:05.0: enabling device (0000 -> 0003)[1579004.625149] PCI Interrupt Link [LNKA] enabled at IRQ 11[1579004.644930] virtio_net virtio3 ens5: renamed from eth0 -
Confirm the presence of the network interface, and confirm its name if several networks are plugged into your Instance. To do this, run
ip -br link. You should see an output similar to the following:lo UNKNOWN 00:00:00:00:00:00 <LOOPBACK,UP,LOWER_UP>ens2 UP de:1c:94:44:d0:04 <BROADCAST,MULTICAST,UP,LOWER_UP>ens5 DOWN 02:00:00:00:00:31 <BROADCAST,MULTICAST>ens6 DOWN 02:00:00:00:01:5b <BROADCAST,MULTICAST>ens7 DOWN 02:00:00:00:01:5e <BROADCAST,MULTICAST> -
Configure the Instance's IP address. DHCP is activated by default on new Private Networks, and automatically assigns IP addresses to resources on the network. If you have an older Private Network, and either activate DHCP for automatic IP configuration, or the network interface on your Instance if necessary.
-
Delete your Private NIC, which equates to unplugging your Instance from the Private Network. Use the following call. Ensure you replace
<Instance ID>with the ID of your Instance,<Private Network ID>with the ID of your Private Network, and<NIC ID>with the ID of your Private NIC.curl -X DELETE \-H "X-Auth-Token: $SCW_SECRET_KEY" \-H "Content-Type: application/json" \"https://api.scaleway.com/instance/v1/zones/$SCW_DEFAULT_ZONE/servers/<Instance ID>/private_nics/<NIC ID>"The network interface disappears from your Instance.
-
Delete your Private Network. Use the following call. Ensure you replace
<Private Network ID>with the ID of your Private Network.curl -X DELETE \-H "X-Auth-Token: $SCW_SECRET_KEY" \-H "Content-Type: application/json" \"https://api.scaleway.com/vpc/v2/regions/$SCW_DEFAULT_REGION/private-networks/<Private Network ID>"NotePrivate Networks must be empty to be deleted. Ensure you have detached all resources from your network prior to deletion.
Requirements
- You have a
- You have created an and that the API key has sufficient to perform the actions described on this page
- You have
Technical information
VPC and Private Networks are available in the Paris, Amsterdam and Warsaw regions, which are represented by the following path parameters:
fr-parnl-amspl-waw
Technical limitations
The following limitations apply to Scaleway VPC:
- The only product currently available within the regional VPC is Private Networks.
- Up to 250 resources can be attached to a Private Network.
- A resource can be attached to up to 8 Private Networks.
- The following resource types can be attached to a Private Network:
- Instances
- Elastic Metal servers
- Load Balancers
- Public Gateways
- Managed Databases for PostgreSQL and MySQL
- Managed Databases for Redis (only at the time of resource creation)
- Kubernetes Kapsule (only at the time of resource creation)
- The MAC address of an Instance in a Private Network cannot be changed.
- Broadcast and multicast traffic, while supported, are heavily rate-limited.
Going further
For more help using Scaleway VPC and Private Networks, check out the following resources:
- Our
- The #regional-vpc-beta channel on our
- Our .
VPCs
A Virtual Private Cloud (VPC) allows you to group your regional Private Networks together. Note that a Private Network can be a part of only one VPC.
GET
POST
GET
PATCH
DELETE
POST
Private Networks
A Private Network allows you to interconnect your Scaleway resources in an isolated and private network. Network reachability is limited to resources that are on the same Private Network. Note that a resource can be a part of multiple private networks.
GET
POST
GET
PATCH
DELETE
POST
POST
Subnets
CIDR subnet management for your Private Networks.
POST
PUT
DELETE