Manage private networks

Private networks are simpler than VLAN networks, and are the recommended way to privately connect VMs.

It is possible to create private networks between VMware servers. This allows them to communicate directly with each other without sending traffic over the public internet, thereby enhancing the security of the information exchanged between the servers.

Private networks are also divided into segments. When you create a private network, you must also create one or more segments within that network. Each segment is a unified entity that encompasses resources belonging to the same platform and data center.

Private networks are the recommended way to connect VMs. If you also need to connect physical hardware to your VMs, consider using VLAN networks instead.

Create private networks using the control panel

You find private networks under Networking in the left-hand menu. Click Private networks, and then click Create to create a new private network.

In the next step, name the network, for instance, test-net.

Once the private network is created, the segments within the network are displayed. No segments exist initially in a new private network—you need to create them yourself. A segment is a subdivision of the private network that allows you to partition it into smaller sections. Here, click + Create segment.

In the next dialog box, configure the settings for the segment. In this example, we name the segment lab and change the platform to VMware. In the dropdown menu for the data center, select the data center where your VMware servers are located; in this case, Falkenberg.

Under IP addresses, specify the network segment—the network and subnet mask—that you wish to use. In this example, we choose 192.168.0.0/24. This setup provides 251 usable IPv4 addresses for servers (256 addresses minus the addresses .0, .1, .2, .3, and .255). The first three addresses, .1, .2, and .3, are reserved for routing traffic between segments in the private network.

The network is complete, and you can see it in the overview of Private networks.

Connect VMs to a private network

To connect your virtual machines to the private network, you first need to create a new network adapter on each VM that will communicate with the others. The newly created network adapter on each VM is then connected to the private network, and we assign it an IP address within the same network as the one specified in the segment.

To create a new network adapter on a VM, first select the VM under Compute → Virtual machines. Here, click on the server where we want to create the network adapter.

Next, select the Network adapters tab and click + Create Network Adapter. The network adapter already visible in the list is used for internet connectivity.

In the dialog box that opens, select the type of adapter (VMXNET 3 is good for most situations), the connection type (Private network), and which network segment it should be connected to. Also, select the speed of the network adapter. Finally, click Create.

Once the adapter is created, it appears in the overview of all adapters for the VM. The standard adapter for internet connectivity and the new adapter for the private network are now shown.

Assign an IP address to the adapter in the VM's operating system

Before using the private network, you must assign an IP address within the segment you specified when creating the network to the new network adapter on each VM's operating system. The method for doing this varies between different systems.

After adding the adapter to the VM, you need to determine the adapter's name in Ubuntu. The easiest way to do this is by checking dmesg. Enter the following command:

Command

sudo dmesg

The line you are looking for should resemble something like this:

Output

vmxnet3 0000:13:00.0 ens224: renamed from eth0

This means the new adapter has been assigned the name ens224 in the system.

If, for some reason, the adapter cannot be found in the output from dmesg, it is also possible to list all adapters using the command ip addr. The adapter without an IP address is most likely the new one.

Once you know the adapter's name, add it to the file /etc/netplan/50-cloud-init.yaml. We must add the configuration for the new adapter ens224, and keep the configuration for ens192 as is.

Here, we assign ens224 the IP address 192.168.0.6 with the subnet mask /24 (255.255.255.0). Since this is a private network, assigning a gateway or DNS to the adapter is unnecessary.

The file should look like this (note that ens224 must be indented with the same amount of spaces as ens192):

/etc/netplan/50-cloud-init.yaml

network:
  version: 2
  ethernets:
    ens192:
      addresses:
      - "203.0.113.71/23"
      - "2001:db8:18::d5/48"
      nameservers:
        addresses:
        - 79.99.4.100
        - 79.99.4.101
        - 2a02:751:aaaa::1
        - 2a02:751:aaaa::2
      gateway4: 203.0.113.1
      gateway6: 2001:db8:18::1
    ens224:
      addresses:
        - "192.168.0.6/24"

Save the file and test the configuration with sudo netplan try. If you see the countdown timer, the file is likely correct; in this case, press the Enter key to confirm.

Command

sudo netplan try

Prompt from netplan

Do you want to keep these settings?


Press ENTER before the timeout to accept the new configuration


Changes will revert in 117 seconds
Configuration accepted.

Next, we make sure the adapter has been assigned an IP address:

Command

ip addr show dev ens224

Output

3: ens224: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 12:06:33:70:96:02 brd ff:ff:ff:ff:ff:ff
    altname enp19s0
    inet 192.168.0.6/24 brd 192.168.0.255 scope global enp9s0
       valid_lft forever preferred_lft forever
    inet6 fe80::1006:33ff:fe70:9602/64 scope link
       valid_lft forever preferred_lft forever

Finally, to prevent the settings from being overwritten by cloud-init, you must also execute the following command:

Command

sudo sh -c 'echo "network: {config: disabled}" > /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg'

After adding the adapter to the VM, you need to determine the adapter's name in Debian. The easiest way to do this is by checking dmesg. Enter the following command:

Command

sudo dmesg

The line to look for should resemble something like this:

Output

vmxnet3 0000:13:00.0 ens224: renamed from eth0

This means that the new adapter has been assigned the name ens224 in the system.

Once you know the adapter's name, add it to the file /etc/network/interfaces.d/50-cloud-init and assign it an IP address. We leave the existing lines in the file as they are. Here, we assign it the IP address 192.168.0.7 with the subnet mask /24 (255.255.255.0).

The entire file will then look something like this, depending on its prior content:

/etc/network/interfaces.d/50-cloud-init

auto lo
iface lo inet loopback

auto ens192
iface ens192 inet static
    address 203.0.113.12/24
    dns-nameservers 79.99.4.100 79.99.4.101 2a02:751:aaaa::1 2a02:751:aaaa::2
    gateway 46.21.103.1
    dns {'nameservers': ['79.99.4.100', '79.99.4.101', '2a02:751:aaaa::1', '2a02:751:aaaa::2'], 'search': []}

# control-alias ens192
iface ens192 inet6 static
    address 2001:db8:18::9e/48
    gateway 2a02:750:20::1

auto ens224
iface ens224 inet static
    address 192.168.0.7/24

Next, you need to restart the network for the changes to take effect. This can be done with the following command:

Command

sudo systemctl restart networking

We make sure everything worked out:

Command

ip addr show dev ens224

Output

3: ens224: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 12:08:0b:9b:f7:02 brd ff:ff:ff:ff:ff:ff
    altname enp19s0
    altname enx020116497402
    inet 192.168.0.7/24 brd 192.168.0.255 scope global ens2
       valid_lft forever preferred_lft forever
    inet6 fe80::1008:bff:fe9b:f702/64 scope link
       valid_lft forever preferred_lft forever

Finally, you need to disable automatic network configuration through cloud-init to prevent it from overwriting your settings. This is accomplished with the following command:

Command

sudo sh -c 'echo "network: {config: disabled}" > /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg'

Begin by identifying the name of the new adapter using either dmesg or ip addr.

Command

sudo dmesg

The line you are looking for should resemble something like this:

Command

vmxnet3 0000:13:00.0 ens224: renamed from eth0

The name of the new adapter is eth1.

Once you know the adapter's name, assign it an IP address. The easiest way to do this is with the nmcli command. Start by confirming that the adapter appears in the list using nmcli connection.

Command

nmcli connection

Output

NAME                UUID                                  TYPE      DEVICE
cloud-init ens192   dfaf916e-1ddf-5437-bf6d-d2dbb171f650  ethernet  ens192
Wired connection 1  7a007834-dbbf-3152-a9f7-8437f0f52951  ethernet  ens224
lo                  960d1fd7-5f76-4fcc-b978-0cb904b04afc  loopback  lo

The adapter ens224 is likely highlighted in yellow because it lacks an address. Now, assign the adapter an IP address. In this example, we choose 192.168.0.8 with the subnet mask /24 (255.255.255.0). Use the full name from the list, Wired connection 1, which corresponds to ens224.

Next, you also need to set the adapter to manual (static) mode:

Commands

sudo nmcli connection modify "Wired connection 1" ipv4.address "192.168.0.8/24"
sudo nmcli connection modify "Wired connection 1" ipv4.method manual

Now, let's activate the adapter using the new settings:

Command

sudo nmcli connection up "Wired connection 1"

Finally, make sure the adapter has the correct IP address:

Command

ip addr show dev ens224

Output

3: ens224: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 02:01:14:93:97:02 brd ff:ff:ff:ff:ff:ff
    altname enp19s0
    altname enx020114939702
    inet 192.168.0.8/24 brd 192.168.0.255 scope global noprefixroute ens224
       valid_lft forever preferred_lft forever
    inet6 fe80::1:14ff:fe93:9702/64 scope link noprefixroute
       valid_lft forever preferred_lft forever

Finally, after all the servers have been assigned an IP address, you can ping them:

Command

ping 192.168.0.6

Output (abort ping with Ctrl-c)

PING 192.168.0.6 (192.168.0.6) 56(84) bytes of data.
64 bytes from 192.168.0.6: icmp_seq=1 ttl=64 time=0.183 ms
64 bytes from 192.168.0.6: icmp_seq=2 ttl=64 time=0.206 ms
64 bytes from 192.168.0.6: icmp_seq=3 ttl=64 time=0.158 ms

--- 192.168.0.6 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2086ms
rtt min/avg/max/mdev = 0.158/0.182/0.206/0.019 ms

Delete a private network

To delete a private network, you must first delete all the network adapters that are connected to it. Then, you must delete the segments within the network. Finally, you can delete the network.

Start by deleting the network adapter from each VM that is connected to the private network. Click on the virtual machine in the overview, select the Network adapters tab, click the three dots next to the adapter connected to the private network's segment, and click Delete.

A dialog window will open where you need to confirm the deletion by typing the name of the adapter and clicking Delete.

Next, delete the segment within the network. Click Private networks in the left-hand menu to open an overview of all your private networks. Click on the network for which you want to delete the segment.

Delete the segment by clicking the three dots next to the segment name and selecting Delete.

In the next dialog box, confirm the deletion of the segment by typing the segment's name in the text field and clicking Delete.

Finally, delete the entire private network by clicking the three dots at the top of the network overview and selecting Delete.

In the next dialog box, confirm the deletion by typing the network's name in the text field and selecting Delete.

Create a private network using the API

To create a private network using the API, follow the same pattern as when creating a private network using the control panel.

Create a new private network using the privatenetwork/create endpoint.
Create a new segment within the private network, using the privatenetwork/createsegment endpoint.
List the segments within the private network using privatenetwork/listsegments endpoint to get the ID of the segment.
Create a new network adapter for the VM, using the networkadapter/create endpoint. For the network ID, use the segment ID from point 3 above.

Manage private networks using the API

To edit a private network, use the privatenetwork/edit endpoint.
- To edit a segment within a private network, use the privatenetwork/editsegment endpoint.
To list your private networks and segments, use the privatenetwork/list and privatenetwork/listsegment, respectively.
To delete a segment within a private network, use the privatenetwork/deletesegment endpoint.
To delete a private network, use the privatenetwork/delete endpoint.
To retrieve an estimated cost of a private network, use the privatenetwork/estimatedcost endpoint.

PreviousManage VLAN networks NextResize virtual machines

Last updated 4 months ago

Was this helpful?