> For the complete documentation index, see [llms.txt](https://docs.glesys.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.glesys.com/products/compute/kvm-virtual-machines/how-tos/manage-private-networks.md). # Manage private networks *** ## **Create private networks using the control panel** It is possible to create private networks between KVM servers. This allows them to communicate directly with each other without sending traffic over the public internet, thereby enhancing the security of the information exchanged between the servers. You find private networks under **Networking** in the left-hand menu. Click **Private networks**, and then click **Create** to create a new private network.

In the next step, name the network, for instance, `test-net`.

Once the private network is created, the segments within the network are displayed. No segments exist initially in a new private network—you need to create them yourself. A segment is a subdivision of the private network that allows you to partition it into smaller sections. Here, click **+ Create segment**.

In the next dialog box, configure the settings for the segment. In this example, we name the segment `lab` and keep the platform as `KVM`. In the dropdown menu for the data center, select the data center where your KVM servers are located; in this case, `Falkenberg`. Under *IP addresses*, specify the network segment—the network and subnet mask—that you wish to use. In this example, we choose `192.168.0.0/24`. This setup provides 251 usable IPv4 addresses for servers (256 addresses minus the addresses `.0`, `.1`, `.2`, `.3`, and `.255`). The first three addresses, `.1`, `.2`, and `.3`, are reserved for routing traffic between segments in the private network.

The network is complete, and you can see it in the overview of **Private networks**.

### Connect VMs to a private network To connect your virtual machines to the private network, you first need to create a new network adapter on each VM that will communicate with the others. The newly created network adapter on each VM is then connected to the private network, and we assign it an IP address within the same network as the one specified in the segment. To create a new network adapter on a VM, first select the VM under **Compute** → **Virtual machines**. Here, click on the server where we want to create the network adapter. Next, select the **Network adapters** tab and click **+ Create Network Adapter**. The network adapter already visible in the list is used for internet connectivity.

In the dialog box that opens, select a name for the network adapter, the speed of the network adapter, and the segment to which the adapter will connect.

Once the adapter is created, it appears in the overview of all adapters for the VM. The standard adapter for internet connectivity and the new adapter for the private network are now shown.

#### Assign an IP address to the adapter in the VM's operating system Before using the private network, you must assign an IP address within the segment you specified when creating the network to the new network adapter on each VM's operating system. The method for doing this varies between different systems. {% tabs %} {% tab title="Ubuntu" %} After adding the adapter to the VM, you need to determine the adapter's name in Ubuntu. The easiest way to do this is by checking `dmesg`. Enter the following command: {% code title="Command" %} ``` sudo dmesg ``` {% endcode %} The line you are looking for should resemble something like this: {% code title="Output" %} ``` virtio_net virtio5 enp9s0: renamed from eth0 ``` {% endcode %} This means the new adapter has been assigned the name `enp9s0` in the system. If, for some reason, the adapter cannot be found in the output from `dmesg`, it is also possible to list all adapters using the command `ip addr`. The adapter without an IP address is most likely the new one. Once you know the adapter's name, add it to the file `/etc/netplan/50-cloud-init.yaml`. You must adjust the file based on its existing content. In this case, modify it by removing the match section for the `ens` adapter while keeping `ens1` configured for DHCP. Then, add the new private adapter and assign it an IP address. Here, we assign it the IP address `192.168.0.6` with the subnet mask /24 (`255.255.255.0`). Since this is a private network, assigning a gateway or DNS to the adapter is unnecessary. The file should look like this: {% code title="/etc/netplan/50-cloud-init.yaml" %} ```yaml network: ethernets: ens1: dhcp4: true enp9s0: addresses: [192.168.0.6/24] version: 2 ``` {% endcode %} Save the file and test the configuration with `sudo netplan try`. If you see the countdown timer, the file is likely correct; in this case, press the Enter key to confirm. {% code title="Command" %} ``` sudo netplan try ``` {% endcode %} {% code title="Prompt from netplan" %} ``` Do you want to keep these settings? Press ENTER before the timeout to accept the new configuration Changes will revert in 117 seconds Configuration accepted. ``` {% endcode %} Next, we make sure the adapter has been assigned an IP address: {% code title="Command" %} ``` ip addr show dev enp9s0 ``` {% endcode %} {% code title="Output" %} ``` 3: enp9s0: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 12:06:33:70:96:02 brd ff:ff:ff:ff:ff:ff inet 192.168.0.6/24 brd 192.168.0.255 scope global enp9s0 valid_lft forever preferred_lft forever inet6 fe80::1006:33ff:fe70:9602/64 scope link valid_lft forever preferred_lft forever ``` {% endcode %} Finally, to prevent the settings from being overwritten by cloud-init, you must also execute the following command: {% code title="Command" %} ``` sudo sh -c 'echo "network: {config: disabled}" > /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg' ``` {% endcode %} {% endtab %} {% tab title="Debian 12" %} After adding the adapter to the VM, you need to determine the adapter's name in Debian. The easiest way to do this is by checking `dmesg`. Enter the following command: {% code title="Command" %} ``` sudo dmesg ``` {% endcode %} The line to look for should resemble something like this: {% code title="Output" %} ``` 84.251404] virtio_net virtio4 ens2: renamed from eth0 ``` {% endcode %} This means that the new adapter has been assigned the name `ens2` in the system. If, for some reason, the adapter cannot be found in the output from `dmesg`, it is also possible to list all adapters using the command `ip addr`. The adapter without an IP address is most likely the new one. Once you know the adapter's name, add it to the file `/etc/network/interfaces.d/50-cloud-init` and assign it an IP address. We leave the existing lines in the file as they are. Here, we assign it the IP address `192.168.0.7` with the subnet mask /24 (`255.255.255.0`). The entire file will then look something like this, depending on its prior content: {% code title="/etc/network/interfaces.d/50-cloud-init" %} ``` auto lo iface lo inet loopback auto ens1 iface ens1 inet dhcp # control-alias ens1 iface ens1 inet6 dhcp # The new private adapter auto ens2 iface ens2 inet static address 192.168.0.7/24 ``` {% endcode %} Next, you need to restart the network for the changes to take effect. This can be done with the following command: {% code title="Command" %} ``` sudo systemctl restart networking ``` {% endcode %} We make sure everything worked out: {% code title="Command" %} ``` ip addr show dev ens2 ``` {% endcode %} {% code title="Output" %} ``` 3: ens2: mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 12:08:0b:9b:f7:02 brd ff:ff:ff:ff:ff:ff altname enp1s2 inet 192.168.0.7/24 brd 192.168.0.255 scope global ens2 valid_lft forever preferred_lft forever inet6 fe80::1008:bff:fe9b:f702/64 scope link valid_lft forever preferred_lft forever ``` {% endcode %} Finally, you need to disable automatic network configuration through `cloud-init` to prevent it from overwriting your settings. This is accomplished with the following command: {% code title="Command" %} ``` sudo sh -c 'echo "network: {config: disabled}" > /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg' ``` {% endcode %} {% endtab %} {% tab title="Debian 13" %} After adding the adapter to the VM, you need to determine the adapter's name in Debian 13. The easiest way to do this is by checking `dmesg`. Enter the following command: {% code title="Command" %} ``` sudo dmesg ``` {% endcode %} The line you are looking for should resemble something like this: {% code title="Output" %} ``` virtio_net virtio5 enp9s0: renamed from eth0 ``` {% endcode %} This means the new adapter has been assigned the name `enp9s0` in the system. If, for some reason, the adapter cannot be found in the output from `dmesg`, it is also possible to list all adapters using the command `ip addr`. The adapter without an IP address is most likely the new one. Once you know the adapter's name, add it to the file `/etc/netplan/50-cloud-init.yaml`. You must adjust the file based on its existing content. In this case, modify it by removing the match section for the `ens` adapter while keeping `ens1` configured for DHCP. Then, add the new private adapter and assign it an IP address. Here, we assign it the IP address `192.168.0.6` with the subnet mask /24 (`255.255.255.0`). Since this is a private network, assigning a gateway or DNS to the adapter is unnecessary. The file should look like this: {% code title="/etc/netplan/50-cloud-init.yaml" %} ```yaml network: ethernets: ens1: dhcp4: true enp9s0: addresses: [192.168.0.6/24] version: 2 ``` {% endcode %} Save the file and test the configuration with `sudo netplan try`. If you see the countdown timer, the file is likely correct; in this case, press the Enter key to confirm. {% code title="Command" %} ``` sudo netplan try ``` {% endcode %} {% code title="Prompt from netplan" %} ``` Do you want to keep these settings? Press ENTER before the timeout to accept the new configuration Changes will revert in 117 seconds Configuration accepted. ``` {% endcode %} Next, make sure the adapter has been assigned an IP address: {% code title="Command" %} ``` ip addr show dev enp9s0 ``` {% endcode %} {% code title="Output" %} ``` 3: enp9s0: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 12:06:33:70:96:02 brd ff:ff:ff:ff:ff:ff inet 192.168.0.6/24 brd 192.168.0.255 scope global enp9s0 valid_lft forever preferred_lft forever inet6 fe80::1006:33ff:fe70:9602/64 scope link valid_lft forever preferred_lft forever ``` {% endcode %} Finally, to prevent the settings from being overwritten by cloud-init, you must also execute the following command: {% code title="Command" %} ``` sudo sh -c 'echo "network: {config: disabled}" > /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg' ``` {% endcode %} {% endtab %} {% tab title="AlmaLinux" %} Begin by identifying the name of the new adapter using either `dmesg` or `ip addr`. {% code title="Command" %} ``` sudo dmesg ``` {% endcode %} The line you are looking for should resemble something like this: {% code title="Command" %} ``` eth1: link becomes ready ``` {% endcode %} The name of the new adapter is `eth1`. If, for some reason, the adapter cannot be found in the output from `dmesg`, it is also possible to list all adapters using the command `ip addr`. The adapter without an IP address is most likely the new one. Once you know the adapter's name, assign it an IP address. The easiest way to do this is with the `nmcli` command. Start by confirming that the adapter appears in the list using `nmcli connection`. {% code title="Command" %} ``` nmcli connection ``` {% endcode %} {% code title="Output" %} ``` Wired connection 2 34d00714-76fb-387f-b861-44381cddd4c1 ethernet eth1 Wired connection 1 bb4e1efd-f5d1-37c0-b0cb-8f5e36b51dc4 ethernet eth0 lo 36c76c31-7077-492f-8d4d-1b98e5b861d9 loopback lo System ens1 d18b6429-133f-4947-3b25-4482c7f9d5e7 ethernet -- ``` {% endcode %} The adapter `eth1` is likely highlighted in yellow because it lacks an address. Now, assign the adapter an IP address. In this example, we choose `192.168.0.8` with the subnet mask /24 (`255.255.255.0`). Use the full name from the list, `Wired connection 2`, which corresponds to `eth1`. Next, you also need to set the adapter to manual (static) mode: {% code title="Commands" %} ``` sudo nmcli connection modify "Wired connection 2" ipv4.address "192.168.0.8/24" sudo nmcli connection modify "Wired connection 2" ipv4.method manual ``` {% endcode %} Now, let's activate the adapter using the new settings: {% code title="Command" %} ``` sudo nmcli connection up "Wired connection 2" ``` {% endcode %} Finally, make sure the adapter has the correct IP address: {% code title="Command" %} ``` ip addr show dev eth2 ``` {% endcode %} {% code title="Output" %} ``` 3: eth1: mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 12:9b:ec:f3:83:02 brd ff:ff:ff:ff:ff:ff altname enp1s2 altname ens2 inet 192.168.0.8/24 brd 192.168.0.255 scope global noprefixroute eth1 valid_lft forever preferred_lft forever inet6 fe80::58aa:dbd0:1a4b:b26d/64 scope link noprefixroute valid_lft forever preferred_lft forever ``` {% endcode %} {% endtab %} {% tab title="Win Server 2022" %} Start by right-clicking on the network icon in the taskbar. Then, select **Open Network & Internet settings**.

In the dialog window that opens, select **Change adapter options**.

A list of all the server's network adapters is now displayed. The one with the highest number is most likely the new adapter; in this case, it is Ethernet 2. Right-click on it and select **Properties**.

In the next dialog box, select **Internet Protocol Version 4 (TCP/IPv4)** and click on **Properties**.

Next, assign an IP address to the adapter. Here, we select the IP address `192.168.0.9` with the subnet mask `255.255.255.0` (/24). When you're finished, click **OK** to save the settings.

{% endtab %} {% tab title="Win Server 2025" %} Start by right-clicking on the network icon in the taskbar. Then, select **Open Network & Internet settings**.

In the window that opens, select **Advanced network settings**.

A list of all the server's network adapters is now displayed. The one with the highest number is most likely the new adapter; in this case, it is *Ethernet Instance 0 2*. Click on it to expand the settings for the adapter, and select **Edit**.

In the next dialog box, select **Internet Protocol Version 4 (TCP/IPv4)** and click on **Properties**.

Next, assign an IP address to the adapter. Here, we select the IP address `192.168.0.9` with the subnet mask `255.255.255.0` (/24). When you're finished, click **OK** to save the settings.

{% endtab %} {% endtabs %} Finally, after all the servers have been assigned an IP address, you can ping them: {% code title="Command" %} ``` ping 192.168.0.6 ``` {% endcode %} {% code title="Output (abort ping with Ctrl-c)" %} ``` PING 192.168.0.6 (192.168.0.6) 56(84) bytes of data. 64 bytes from 192.168.0.6: icmp_seq=1 ttl=64 time=0.183 ms 64 bytes from 192.168.0.6: icmp_seq=2 ttl=64 time=0.206 ms 64 bytes from 192.168.0.6: icmp_seq=3 ttl=64 time=0.158 ms --- 192.168.0.6 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2086ms rtt min/avg/max/mdev = 0.158/0.182/0.206/0.019 ms ``` {% endcode %} ## Delete a private network To delete a private network, you must first delete all the network adapters that are connected to it. Then, you must delete the segments within the network. Finally, you can delete the network. Start by deleting the network adapter from each VM that is connected to the private network. Click on the virtual machine in the overview, select the **Network adapters** tab, click the three dots next to the adapter connected to the private network's segment, and click **Delete**.

A dialog window will open where you need to confirm the deletion by typing the name of the adapter and clicking **Delete.** Next, delete the segment within the network. Click **Private networks** in the left-hand menu to open an overview of all your private networks. Click on the network for which you want to delete the segment. Delete the segment by clicking the three dots next to the segment name and selecting **Delete**.

In the next dialog box, confirm the deletion of the segment by typing the segment's name in the text field and clicking **Delete**. Finally, delete the entire private network by clicking the three dots at the top of the network overview and selecting **Delete**.

In the next dialog box, confirm the deletion by typing the network's name in the text field and selecting **Delete**. ## Create a private network using the API To create a private network using the [API](/platform/control-panel/api.md), follow the same pattern as when creating a private network using the control panel. 1. Create a new private network using the [privatenetwork/create](https://github.com/GleSYS/API-docs/wiki/API-Documentation#privatenetworkcreate) endpoint. 2. Create a new segment within the private network, using the [privatenetwork/createsegment](https://github.com/GleSYS/API-docs/wiki/API-Documentation#privatenetworkcreatesegment) endpoint. 3. List the segments within the private network using [privatenetwork/listsegments](https://github.com/GleSYS/API-docs/wiki/API-Documentation#privatenetworklistsegments) endpoint to get the ID of the segment. 4. Create a new network adapter for the VM, using the [networkadapter/create](https://github.com/GleSYS/API-docs/wiki/API-Documentation#networkadaptercreate) endpoint. For the network ID, use the segment ID from point 3 above. ### Manage private networks using the API * To edit a private network, use the [privatenetwork/edit](https://github.com/GleSYS/API-docs/wiki/API-Documentation#privatenetworkedit) endpoint. * To edit a segment within a private network, use the [privatenetwork/editsegment](https://github.com/GleSYS/API-docs/wiki/API-Documentation#privatenetworkedit) endpoint. * To list your private networks and segments, use the [privatenetwork/list](https://github.com/GleSYS/API-docs/wiki/API-Documentation#privatenetworklist) and [privatenetwork/listsegment](https://github.com/GleSYS/API-docs/wiki/API-Documentation#privatenetworklistsegments), respectively. * To delete a segment within a private network, use the [privatenetwork/deletesegment](https://github.com/GleSYS/API-docs/wiki/API-Documentation#privatenetworkdeletesegment) endpoint. * To delete a private network, use the [privatenetwork/delete](https://github.com/GleSYS/API-docs/wiki/API-Documentation#privatenetworkdelete) endpoint. * To retrieve an estimated cost of a private network, use the [privatenetwork/estimatedcost](https://github.com/GleSYS/API-docs/wiki/API-Documentation#privatenetworkestimatedcost) endpoint. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.glesys.com/products/compute/kvm-virtual-machines/how-tos/manage-private-networks.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.