You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: faq/vpc.mdx
+13-13Lines changed: 13 additions & 13 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -10,64 +10,64 @@ category: network
10
10
productIcon: VpcProductIcon
11
11
---
12
12
13
-
###VPC basics
13
+
## VPC basics
14
14
15
-
## What is the difference between VPC and a Private Network?
15
+
###What is the difference between VPC and a Private Network?
16
16
17
17
One default VPC (**V**irtual **P**rivate **C**loud) for every available region is automatically created in each Scaleway [Project](/organizations-and-projects/concepts/#project). A VPC offers layer 3 network isolation.
18
18
19
19
Within each VPC, you can create multiple **Private Networks** and attach Scaleway resources to them, as long as the resources are in an AZ within the network's region. Attached resources can then communicate between themselves in an isolated and secure layer 2 network, away from the public internet.
20
20
21
21
In the future, VPC will allow you to interconnect your VPC with other networks, define access control lists and more.
22
22
23
-
## What happened to my classic, mono-AZ Private Network?
23
+
###What happened to my classic, mono-AZ Private Network?
24
24
25
25
When VPC and regional Private Networks moved from Public Beta to General Availability, all mono-AZ Private Networks were automatically migrated to be regional. [Read the documentation](/vpc/reference-content/vpc-migration/) to find out more about the migration process.
26
26
27
-
## What is a default VPC and why can't I delete it?
27
+
###What is a default VPC and why can't I delete it?
28
28
29
29
Scaleway currently has three regions: Paris, Amsterdam and Warsaw. One default VPC is automatically created for each region, in each Scaleway [Project](/organizations-and-projects/concepts/#project). Any new Private Networks that you create will be added to the default VPC for their region, unless you override this by specifying a different VPC.
30
30
31
31
You cannot delete a default VPC, but you can rename it, and/or create other VPCs and use those rather than the default VPCs, if you prefer. Default VPCs do not prevent you from deleting an otherwise empty Project.
32
32
33
-
## How much does it cost to create a VPC, Private Network or reserved private IP addresses?
33
+
###How much does it cost to create a VPC, Private Network or reserved private IP addresses?
34
34
35
35
The following resources and features are free of charge:
36
36
37
37
- VPCs and VPC routing
38
38
- Private Networks (except for [Elastic Metal servers](https://www.scaleway.com/en/pricing/elastic-metal/) and [Apple silicon](https://www.scaleway.com/en/pricing/apple-silicon/))
39
39
- Reserved private IP addresses on IPAM
40
40
41
-
## Why can't I delete my Private Network even though it's empty?
41
+
###Why can't I delete my Private Network even though it's empty?
42
42
43
43
You might have a reserved IP address that is blocking the deletion - check out our [troubleshooting page](/vpc/troubleshooting/cant-delete-vpc-pn/).
44
44
45
-
###VPC routing
45
+
## VPC routing
46
46
47
-
## Can I route traffic between different Private Networks on the same VPC?
47
+
###Can I route traffic between different Private Networks on the same VPC?
48
48
49
49
Yes, [VPC routing](/vpc/concepts#routing) allows you to automize the routing of traffic between resources in different Private Networks within the same VPC.
50
50
51
-
## Can I route traffic between different Private Networks in different VPCs or different Scaleway Projects?
51
+
###Can I route traffic between different Private Networks in different VPCs or different Scaleway Projects?
52
52
53
53
This is not currently possible. You may consider using a VPN tunnel to achieve this, for example [IPsec](https://en.wikipedia.org/wiki/IPsec) or [WireGuard](https://en.wikipedia.org/wiki/WireGuard). Scaleway also offers an [OpenVPN InstantApp](/tutorials/openvpn-instant-app/), making it easy to install a VPN directly on an Instance.
54
54
55
-
## Why can't I route traffic to my Managed Database on another Private Network?
55
+
###Why can't I route traffic to my Managed Database on another Private Network?
56
56
57
57
Managed Databases do not currently support VPC routing - see our [dedicated documentation](/vpc/reference-content/understanding-routing/#limitations)
58
58
59
59
## IPAM and IP addressing
60
60
61
-
## What is IPAM?
61
+
###What is IPAM?
62
62
63
63
**IP****A**ddress **M**anager (IPAM) is Scaleway’s tool for planning, tracking, and managing the IP address space of Scaleway products. It acts as a single source of truth for the IP addresses of Scaleway resources, and has a number of associated functionalities to help manage your Scaleway IPs, such as the ability to reserve an IP on a Private Network and attach it to a specific resource. See our [IPAM FAQ](/faq/ipam/) for more detail.
64
64
65
-
## Do resources' IP addresses on a Private Network risk changing when allocated by managed DHCP?
65
+
###Do resources' IP addresses on a Private Network risk changing when allocated by managed DHCP?
66
66
67
67
With Private Networks' inbuilt managed DHCP, a private IP is allocated when the resource is attached to a Private Network, and released only when the resource is detached or deleted. The IP address remains stable across reboots and long power offs, and will not change except upon deletion or detachment from the Private Network.
68
68
69
69
Nonetheless, you can also reserve specific IPs from a Private Network's CIDR block, and use these IPs to attach specific resources, if you prefer. See our documentation on [how to reserve IPs](/ipam/how-to/reserve-ip/).
70
70
71
-
## How can I attach my VMs on a Proxmox cluster on Elastic Metal to a Private Network?
71
+
###How can I attach my VMs on a Proxmox cluster on Elastic Metal to a Private Network?
72
72
73
73
We recommend that you use our IPAM product for this purpose. See [how to reserve a private IP address with an attached MAC address](/ipam/how-to/reserve-ip/#how-to-reserve-a-private-ip-address-with-an-attached-mac-address).
Copy file name to clipboardExpand all lines: pages/vpc/how-to/manage-routing.mdx
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -87,7 +87,7 @@ Each VPC has auto-generated, managed routes to local subnets and Public Gateways
87
87
For example, you may wish to route all traffic for a certain private IP range to an Instance hosting a manually configured VPN tunnel, allowing secure connection to a corresponding subnet at the other end of the tunnel.
88
88
89
89
<Messagetype="note">
90
-
Custom routes are scoped to the Private Network(s) to which they are attached. Their routes are not propagated to other Private Networks in the VPC. In the scenario mentioned above of routing traffic towards a VPN tunnel, the origin of the packet must be in the same Private Network as the resource hosting the VPN.
90
+
Custom routes are scoped to the Private Network(s) of the "next hop" resource. Their routes are not propagated to other Private Networks in the VPC. In the scenario mentioned above of routing traffic towards a VPN tunnel, the origin of the packet must be in the same Private Network as the resource hosting the VPN.
Copy file name to clipboardExpand all lines: pages/vpc/reference-content/understanding-routing.mdx
+2-3Lines changed: 2 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -63,7 +63,7 @@ Bear in mind the following when activating VPC routing:
63
63
- When routing is activated, all Private Networks on the VPC can communicate.
64
64
- We do not currently offer an ACL/firewall feature to prevent communication between certain Private Networks/resources once routing is activated. However, users may choose to configure ACLs directly on certain resources (e.g. Instances, Elastic Metal servers) using tools such as `iptables` or `nftables`.
65
65
- Public Gateways remain scoped to the Private Network to which they are attached. They do not advertise the default route on other Private Networks in the VPC. For example, an Instance attached to Private Network A will not be able to access the internet via a Public Gateway in Private Network B.
66
-
- Custom routes are scoped to the Private Network(s) to which they are attached. Their routes are not propagated to other Private Networks in the VPC. For example, in the scenario of using a custom route to route traffic towards a VPN tunnel, the origin of the packet must be in the same Private Network as the resource hosting the VPN.
66
+
- Custom routes are scoped to the Private Network(s) of the "next hop" resource. Their routes are not propagated to other Private Networks in the VPC. For example, in the scenario of using a custom route to route traffic towards a VPN tunnel, the origin of the packet must be in the same Private Network as the resource hosting the VPN.
67
67
68
68
## Best practices
69
69
@@ -80,5 +80,4 @@ For example, you may use one Private Network for frontend resources and another
80
80
## Limitations
81
81
82
82
- Managed Databases are not currently compatible with routing. The VPC cannot automatically route between Managed Databases on different Private Networks, or (for example) between a Managed Database on one Private Network and an Instance on a different Private Network.
83
-
- VPC routing does not currently support virtual IPs.
84
-
83
+
- VPC routing does not currently support virtual IPs.
0 commit comments