We are happy to announce support of managed private networks!
Up until now, private networks provided additional network interface cards (NICs) belonging to isolated network segments. Management of the IP address assignment on these additional cards was left up to the user, through out-of-band mechanisms such as cloud-config configuration or installing a DHCP server machine.
You are now able to attach a DHCP server managed by Exoscale to a private network, in order to automatically configure the IP addresses of your private network interfaces.
The service is currently available via API, our CLI and our Terraform provider on the CH-GVA-2 zone. Support for other Exoscale zones and our portal will follow shortly.
Managed private networks will greatly improve the workflow of our clients needing to scale their corporate network to the cloud, using our VPC servers or public cloud virtual machines.
How to create a DHCP server for your private network on Exoscale
When you create a private network with the createNetwork call, you can now specify 3 additional parameters:
startip
: the beginning IP address in the network IP range.endip
: the ending IP address in the network IP range.netmask
: the netmask of the network.
In addition to the private network, this creates a DHCP server serving leases in the network range (note: the last IP of the network is reserved for the DHCP server itself).
Static leases
It’s also possible to assign a specific IP to a private network interface. You can do that by specifying the ipaddress
parameter for the addNicToVirtualMachine call. The DHCP server will always return a lease with the specified IP for this network interface.
Also, you can add or update the ip address associated to an existing private network interface with the updateVmNicIp call.
You can remove a static lease associated to a private network interface by calling updateVmNicIp on the interface without the ipaddress
parameter.
An example
Let’s create a new managed private network using the exo CLI:
$ exo privnet create managed-privnet --zone ch-gva-2 --startip 10.0.0.20 --endip 10.0.0.200 --netmask 255.255.255.0
┼─────────────────┼─────────────┼──────────────────────────────────────┼──────────────────────────┼
│ NAME │ DESCRIPTION │ ID │ DHCP │
┼─────────────────┼─────────────┼──────────────────────────────────────┼──────────────────────────┼
│ managed-privnet │ │ b2b50037-4a45-49bd-a0fc-9202d37d2b1e │ 10.0.0.20-10.0.0.200 /24 │
┼─────────────────┼─────────────┼──────────────────────────────────────┼──────────────────────────┼
You can update the network IP range at any time:
$ exo privnet update managed-privnet --startip 10.0.0.21
Updating the network "b2b50037-4a45-49bd-a0fc-9202d37d2b1e" . success.
┼─────────────────┼─────────────┼──────────────────────────────────────┼──────────────────────────┼
│ NAME │ DESCRIPTION │ ID │ DHCP │
┼─────────────────┼─────────────┼──────────────────────────────────────┼──────────────────────────┼
│ managed-privnet │ │ b2b50037-4a45-49bd-a0fc-9202d37d2b1e │ 10.0.0.21-10.0.0.200 /24 │
┼─────────────────┼─────────────┼──────────────────────────────────────┼──────────────────────────┼
Now, create and configure a security group allowing SSH connections, and then create a new virtual machine:
$ exo firewall create ssh --description "ssh connection"
┼──────┼────────────────┼──────────────────────────────────────┼
│ NAME │ DESCRIPTION │ ID │
┼──────┼────────────────┼──────────────────────────────────────┼
│ ssh │ ssh connection │ d0d14d1c-1811-40b2-87b0-3ac2502aa091 │
┼──────┼────────────────┼──────────────────────────────────────┼
$ exo firewall add ssh --port 22 --protocol tcp --cidr 0.0.0.0/0
Add rule for "ssh" with port 22 100 % [======================================]
┼─────────┼────────────────┼──────────┼──────────┼─────────────┼──────────────────────────────────────┼
│ TYPE │ SOURCE │ PROTOCOL │ PORT │ DESCRIPTION │ ID │
┼─────────┼────────────────┼──────────┼──────────┼─────────────┼──────────────────────────────────────┼
│ INGRESS │ CIDR 0.0.0.0/0 │ tcp │ 22 (ssh) │ │ 8b7f0383-0c1b-4f9c-8842-4db05d97c660 │
┼─────────┼────────────────┼──────────┼──────────┼─────────────┼──────────────────────────────────────┼
exo vm create test-vm --security-group ssh --zone ch-gva-2 --disk 10
Creating private SSH key
Deploying "test-vm" 100 % [======================================]
You can attach the virtual machine to the private network:
$ exo privnet associate managed-privnet test-vm
Network: managed-privnet
Description:
Zone: ch-gva-2
IP Range: 10.0.0.21-10.0.0.200 /24
┼─────────────────┼────────────┼
│ VIRTUAL MACHINE │ IP ADDRESS │
┼─────────────────┼────────────┼
│ test-vm │ n/a │
┼─────────────────┼────────────┼
The virtual machine is now attached to a managed private network, you can then configure the interface to use DHCP. We can easily test it with the dhclient
command:
$ exo ssh test-vm
Welcome to Ubuntu 18.04.1 LTS (GNU/Linux 4.15.0-36-generic x86_64)
$ sudo su -
$ ip a
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 0a:93:f4:00:39:78 brd ff:ff:ff:ff:ff:ff
$ dhclient eth1
$ ip a
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 0a:93:f4:00:39:78 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.140/24 brd 10.0.0.255 scope global eth1
valid_lft forever preferred_lft forever
inet6 fe80::893:f4ff:fe00:3978/64 scope link
valid_lft forever preferred_lft forever
The interface now has an IP in the network IP range.
You can also set a static IP (which should be in the defined network IP range) to the interface:
$ exo vm updateip test-vm managed-privnet --ip 10.0.0.11
updating the static lease of NIC "9e9cb7da-49ee-4ae5-8281-eb82bc900a24". success.
Instance ID: e5323196-5366-4169-934d-7f0500b82d93
Name: test-vm
Network Interfaces:
- Network: Public
IP Address: 159.100.241.193
- Network: managed-privnet
IP Address: 10.0.0.11
Relaunch the dhclient
command on the virtual machine. You can see that the interface now has the IP defined above.
$ dhclient eth1
$ ip a
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 0a:93:f4:00:39:78 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.11/24 brd 10.0.0.255 scope global eth1
valid_lft forever preferred_lft forever
inet6 fe80::893:f4ff:fe00:3978/64 scope link
valid_lft forever preferred_lft forever