|
| 1 | +--- |
| 2 | +title: Serverless Functions and Private Networks integration |
| 3 | +description: This page contains details on how Serverless Functions interacts with Virtual Private Cloud and Private Networks |
| 4 | +dates: |
| 5 | + - posted: 2025-08-04 |
| 6 | + - validation: 2025-08-04 |
| 7 | +--- |
| 8 | + |
| 9 | +## Compatibility |
| 10 | + |
| 11 | +Scaleway Serverless Functions support [Virtual Private Cloud (VPC)](/vpc/) and can be attached to a Private Network, which allows you to securely connect your resources in an isolated environment. Refer to the [dedicated documentation](/serverless-functions/how-to/use-private-networks/) for more information. |
| 12 | + |
| 13 | +## Features |
| 14 | + |
| 15 | +- Functions in the same namespace can be attached to different Private Networks. |
| 16 | +- Both [sandbox](/serverless-functions/concepts/#sandbox) environments (`V1` and `V2`) are compatible with Private Networks. |
| 17 | +- Attaching Serverless Functions to Private Networks **does not entail additional cost**. |
| 18 | +- **Egress** (outbound private traffic from a function to resources within the same Private Network) will be routed through the private interface, but external traffic (from the Internet) will be through the public endpoint of the function. |
| 19 | +- All DNS resolution is done through the Private Network (using the VPC DNS server `169.254.169.254`), which allows to resolve `*.internal` records. |
| 20 | + |
| 21 | +## Quotas |
| 22 | + |
| 23 | +Refer to the [dedicated documentation](/organizations-and-projects/additional-content/organization-quotas/) for more information on Private Networks quotas for Serverless Functions. |
| 24 | + |
| 25 | +## Limitations |
| 26 | + |
| 27 | +- VPC works with Namespaces that have **VPC support enabled**. VPC support can only be enabled at [namespace creation](/serverless-functions/how-to/create-manage-delete-functions-namespace/#creating-a-serverless-functions-namespace), and cannot be updated afterward. |
| 28 | +- Only one Private Network can be attached to a Serverless Container. |
| 29 | +- **VPC routing** (custom routes and cross-PN automatic routing) is not supported yet. |
| 30 | +- **Ingress** (inbound private traffic from resources to a function within the same Private Network) is not supported yet. |
| 31 | +- Each [function instance](/serverless-functions/concepts/#instance) has a unique IP automatically assigned by Scaleway in the Private Network. This implies the following: |
| 32 | + - Users **cannot preemptively book an IP** with [IPAM](/ipam/), and reference it in the attachment. |
| 33 | + - A single Serverless Container can have a **large number of IPs** being used within the Private Network, depending on the number of concurrent instances. |
| 34 | + - **Cold-starts are slightly longer** due to the additional steps required to attach the node to the Private Network and book an IP. |
0 commit comments