You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: faq/vpc.mdx
+36-4Lines changed: 36 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -10,6 +10,8 @@ category: network
10
10
productIcon: VpcProductIcon
11
11
---
12
12
13
+
### VPC basics
14
+
13
15
## What is the difference between VPC and a Private Network?
14
16
15
17
One default VPC (**V**irtual **P**rivate **C**loud) for every available region is automatically created in each Scaleway [Project](/organizations-and-projects/concepts/#project). A VPC offers layer 3 network isolation.
@@ -18,6 +20,30 @@ Within each VPC, you can create multiple **Private Networks** and attach Scalewa
18
20
19
21
In the future, VPC will allow you to interconnect your VPC with other networks, define access control lists and more.
20
22
23
+
## What happened to my classic, mono-AZ Private Network?
24
+
25
+
When VPC and regional Private Networks moved from Public Beta to General Availability, all mono-AZ Private Networks were automatically migrated to be regional. [Read the documentation](/vpc/reference-content/vpc-migration/) to find out more about the migration process.
26
+
27
+
## What is a default VPC and why can't I delete it?
28
+
29
+
Scaleway currently has three regions: Paris, Amsterdam and Warsaw. One default VPC is automatically created for each region, in each Scaleway [Project](/organizations-and-projects/concepts/#project). Any new Private Networks that you create will be added to the default VPC for their region, unless you override this by specifying a different VPC.
30
+
31
+
You cannot delete a default VPC, but you can rename it, and/or create other VPCs and use those rather than the default VPCs, if you prefer. Default VPCs do not prevent you from deleting an otherwise empty Project.
32
+
33
+
## How much does it cost to create a VPC, Private Network or reserved private IP addresses?
34
+
35
+
The following resources and features are free of charge:
36
+
37
+
- VPCs and VPC routing
38
+
- Private Networks (except for [Elastic Metal servers](https://www.scaleway.com/en/pricing/elastic-metal/) and [Apple silicon](https://www.scaleway.com/en/pricing/apple-silicon/))
39
+
- Reserved private IP addresses on IPAM
40
+
41
+
## Why can't I delete my Private Network even though it's empty?
42
+
43
+
You might have a reserved IP address that is blocking the deletion - check out our [troubleshooting page](/vpc/troubleshooting/cant-delete-vpc-pn/).
44
+
45
+
### VPC routing
46
+
21
47
## Can I route traffic between different Private Networks on the same VPC?
22
48
23
49
Yes, [VPC routing](/vpc/concepts#routing) allows you to automize the routing of traffic between resources in different Private Networks within the same VPC.
@@ -26,16 +52,22 @@ Yes, [VPC routing](/vpc/concepts#routing) allows you to automize the routing of
26
52
27
53
This is not currently possible. You may consider using a VPN tunnel to achieve this, for example [IPsec](https://en.wikipedia.org/wiki/IPsec) or [WireGuard](https://en.wikipedia.org/wiki/WireGuard). Scaleway also offers an [OpenVPN InstantApp](/tutorials/openvpn-instant-app/), making it easy to install a VPN directly on an Instance.
28
54
29
-
## What happened to my classic, mono-AZ Private Network?
55
+
## Why can't I route traffic to my Managed Database on another Private Network?
30
56
31
-
When VPC and regional Private Networks moved from Public Beta to General Availability, all mono-AZ Private Networks were automatically migrated to be regional. [Read the documentation](/vpc/reference-content/vpc-migration/) to find out more about the migration process.
57
+
Managed Databases do not currently support VPC routing - see our [dedicated documentation](/vpc/reference-content/understanding-routing/#limitations)
58
+
59
+
## IPAM and IP addressing
60
+
61
+
## What is IPAM?
62
+
63
+
**IP****A**ddress **M**anager (IPAM) is Scaleway’s tool for planning, tracking, and managing the IP address space of Scaleway products. It acts as a single source of truth for the IP addresses of Scaleway resources, and has a number of associated functionalities to help manage your Scaleway IPs, such as the ability to reserve an IP on a Private Network and attach it to a specific resource. See our [IPAM FAQ](/faq/ipam/) for more detail.
32
64
33
65
## Do resources' IP addresses on a Private Network risk changing when allocated by managed DHCP?
34
66
35
-
With managed DHCP, the IP is allocated when the resource is attached to a Private Network, and released only when the resource is detached or deleted. The IP address remains stable across reboots and long power offs, and will not change except upon deletion or detachment from the Private Network.
67
+
With Private Networks' inbuilt managed DHCP, a private IP is allocated when the resource is attached to a Private Network, and released only when the resource is detached or deleted. The IP address remains stable across reboots and long power offs, and will not change except upon deletion or detachment from the Private Network.
36
68
37
69
Nonetheless, you can also reserve specific IPs from a Private Network's CIDR block, and use these IPs to attach specific resources, if you prefer. See our documentation on [how to reserve IPs](/ipam/how-to/reserve-ip/).
38
70
39
-
## How can I manage IP addresses for my Proxmox Virtual Machines (VMs) on Elastic Metal servers?
71
+
## How can I attach my VMs on a Proxmox cluster on Elastic Metal to a Private Network?
40
72
41
73
We recommend that you use our IPAM product for this purpose. See [how to reserve a private IP address with an attached MAC address](/ipam/how-to/reserve-ip/#how-to-reserve-a-private-ip-address-with-an-attached-mac-address).
Copy file name to clipboardExpand all lines: pages/vpc/how-to/manage-routing.mdx
+8Lines changed: 8 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -86,6 +86,10 @@ Each VPC has auto-generated, managed routes to local subnets and Public Gateways
86
86
87
87
For example, you may wish to route all traffic for a certain private IP range to an Instance hosting a manually configured VPN tunnel, allowing secure connection to a corresponding subnet at the other end of the tunnel.
88
88
89
+
<Messagetype="note">
90
+
Custom routes are scoped to the Private Network(s) to which they are attached. Their routes are not propagated to other Private Networks in the VPC. In the scenario mentioned above of routing traffic towards a VPN tunnel, the origin of the packet must be in the same Private Network as the resource hosting the VPN.
91
+
</Message>
92
+
89
93
Follow the steps below to define a custom route:
90
94
91
95
1. Click **VPC** in the **Network** section of the side menu. The list of your VPCs displays.
@@ -164,3 +168,7 @@ It is not possible to manually delete an auto-generated, managed route. Only cus
164
168
5. Click **Delete route** to confirm.
165
169
166
170
The custom route is deleted, and you are returned to the list of your VPC's routes.
171
+
172
+
## Routing limitations and best practices
173
+
174
+
Read more about the VPC routing feature, including detailed explanations, usage considerations, limitations and best practices in our [dedicated reference content](/vpc/reference-content/understanding-routing/).
Copy file name to clipboardExpand all lines: pages/vpc/reference-content/understanding-routing.mdx
+3-2Lines changed: 3 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -63,6 +63,7 @@ Bear in mind the following when activating VPC routing:
63
63
- When routing is activated, all Private Networks on the VPC can communicate.
64
64
- We do not currently offer an ACL/firewall feature to prevent communication between certain Private Networks/resources once routing is activated. However, users may choose to configure ACLs directly on certain resources (e.g. Instances, Elastic Metal servers) using tools such as `iptables` or `nftables`.
65
65
- Public Gateways remain scoped to the Private Network to which they are attached. They do not advertise the default route on other Private Networks in the VPC. For example, an Instance attached to Private Network A will not be able to access the internet via a Public Gateway in Private Network B.
66
+
- Custom routes are scoped to the Private Network(s) to which they are attached. Their routes are not propagated to other Private Networks in the VPC. For example, in the scenario of using a custom route to route traffic towards a VPN tunnel, the origin of the packet must be in the same Private Network as the resource hosting the VPN.
66
67
67
68
## Best practices
68
69
@@ -78,6 +79,6 @@ For example, you may use one Private Network for frontend resources and another
78
79
79
80
## Limitations
80
81
81
-
Managed Databases are not currently compatible with routing. The VPC cannot automatically route between Managed Databases on different Private Networks, or (for example) between a Managed Database on one Private Network and an Instance on a different Private Network.
82
-
82
+
-Managed Databases are not currently compatible with routing. The VPC cannot automatically route between Managed Databases on different Private Networks, or (for example) between a Managed Database on one Private Network and an Instance on a different Private Network.
83
+
- VPC routing does not currently support virtual IPs.
0 commit comments