Private networks and subnets of a dedicated server

A private (local) network is an isolated network within a single data center without internet access; it is needed for communication between servers. In one pool, all servers (except for some Chipcore Line servers) are united into a local network at the L2 level via Servercore switches.

Traffic in the local network is not charged.

If only one dedicated server is ordered for an account, no VLAN is allocated for a private network. A VLAN for a private network is automatically allocated when ordering a second and subsequent dedicated server for the account. One VLAN for a private network is allocated per account in a single pool. If you need a VLAN for a private network, for example, to configure connectivity with a firewall or a cloud server, create a ticket.

You can check which VLAN is assigned to a port in the control panel: in the top menu, click Products → Dedicated Servers → Servers → server page → tab Ports.

To create network connectivity between dedicated servers located in the same pool, specify the same VLAN on the local port of each server and configure local addressing on the server's network interfaces.

To create network connectivity between dedicated servers in different pools or with other Servercore products, use Servercore Global Router.

When you configure a private network interface on the server, the assigned subnet and IP address are not added to the control panel. You can manually add a private subnet to the control panel to manage IP address accounting and track occupied ones.

If you add or change a server's private IP address in the control panel, this will not affect the network interface settings; you must change them on the server yourself.

The network interface for a private network will be configured automatically only during OS autoinstall based on Linux. For Windows, configuring the private network interface can only be done manually.

Private IP addresses

Private IP addresses are formed from standard ranges.

Servers with these addresses are not directly accessible from the internet.

If traffic is exchanged within a single private subnet, the traffic within it is not metered.

Standard private IP address ranges

• 10.0.0.0 — 10.255.255.255 (subnet mask: 255.0.0.0 or /8);
• 100.64.0.0 — 100.127.255.255 (subnet mask 255.192.0.0 or /10) — this subnet is recommended according to RFC 6598 for use as CGN (Carrier-Grade NAT) addresses;
• 172.16.0.0 — 172.31.255.255 (subnet mask: 255.240.0.0 or /12);
• 192.168.0.0 — 192.168.255.255 (subnet mask: 255.255.0.0 or /16).

Assign a private IP address to a server

When you configure a private network interface on the server, the assigned subnet and IP address are not added to the control panel. You can add a private subnet to the control panel manually to manage IP address accounting and track occupied ones.

If you add or change a server's private IP address in the control panel, this will not affect the network interface settings; you must change them on the server yourself.

The network interface for a private network will be configured automatically only during OS autoinstall for Linux. For Windows, configuring the private network interface can only be done manually.

You can add private IP addresses in the control panel only for off-the-shelf servers that have the 1 Gbit/s Private Network option available.

1. Add a private subnet to the control panel.
2. Add a private IP address to the accounting system.
3. Change the network settings on the server.

1. Add a private subnet to the control panel

1. In the control panel, in the top menu, click Products and select Dedicated Servers.
2. Go to Network → Private subnets tab.
3. Click Add private subnet.
4. Select a region.
5. Select a pool.
6. Select a VLAN.
7. In the CIDR field, enter a subnet from the private subnet range.
8. Click Create.

2. Add a private IP address to the accounting system

1. In the control panel, in the top menu, click Products and select Dedicated Servers.
2. In the Servers section, open the server page → Network tab.
3. In the Private block, click Add IP address.
4. Select a private subnet.
5. Enter an IP address.
6. Click .

3. Change the network settings on the server

If you have not changed the network interface settings on the server, configure the private network interface on the server.

Private networks in Global Router

When connecting a private network to Global Router, all subnets belonging to this network will be connected to it. All subnets will communicate at the L3 level.

The private network will have a Global Router tag. Three service ports for network equipment will be automatically reserved in the Global Router subnets.

You can manage the network and subnets of the Global Router only in the Global Router section in the control panel: in the top menu, click Products → Global Router.

A private subnet with the Global Router tag cannot be deleted while it is connected to Global Router. To delete a private subnet that is connected to Global Router, disconnect the subnet from Global Router.

Connect a private network to Global Router

1. Create a Global Router.
2. Connect networks and subnets to Global Router.

1. Create a Global Router

1. In the Control panel, in the top menu, click Products and select Global Router.
2. Click Create router. A limit of five global routers is set for each account.
3. Enter the router name.
4. Click Create.
5. If the router was created with the status ERROR or is stuck in one of the statuses, create a ticket.

2. Connect networks and subnets to Global Router

You can connect a new or existing network to the router if it is not already connected to any of the account's global routers.

1. In the control panel, on the top menu, click Products and select Global Router.

2. Go to the router page → Networks tab.

3. Click Create network.

4. Enter a network name. It will only be used in the control panel.

5. Select the Servers and Equipment service.

6. Select a location for the network.

7. Select or enter a VLAN.

8. If you want to create a network up to an internal segment (Q-in-Q), specify its tag—a number from 2 to 4094. If a network already exists for the VLAN, you must specify the Q-in-Q segment of this VLAN.

9. Enter a subnet name. It will only be used in the control panel.

10. Enter the CIDR—the IP address and mask of the private subnet. You can enter a new subnet or an existing private server subnet if it has not yet been added to any of the global routers in the account. The subnet must meet the following conditions:

    • belong to the RFC 1918 private address range: 10.0.0.0/8, 172.16.0.0/12 or 192.168.0.0/16;
    • have a size of at least /29, as three addresses will be occupied by Servercore network equipment;
    • do not overlap with other subnets added to this router—IP addresses must not repeat across subnets on the same router;
    • if a Managed Kubernetes cluster on cloud servers is to be connected to the global router network, the subnet must not overlap with the 10.10.0.0/16, 10.96.0.0/12, 10.250.0.0/16 and 10.251.0.0/24. If a cluster on dedicated servers is connected — with the 10.10.0.0/16, 10.222.0.0/16, 10.250.0.0/16, 10.251.0.0/24 and 172.250.0.0/14 ranges. These subnets are used for Managed Kubernetes internal addressing, and using them may cause conflicts in the global router network.

11. Enter the gateway IP or leave the first address from the subnet that is assigned by default. Do not assign this address to your devices to avoid network disruption.

12. Enter the service IPs or leave the last addresses from the subnet that are assigned by default. Do not assign these addresses to your devices to avoid network disruption.

13. Click Create network.

14. Optional: check the network topology on the global router. In the control panel, on the top menu, click Products → Global Router → router page → Network topology.

15. If you specified a Q-in-Q tag in step 8, you need to enable Q-in-Q technology on the switch port and configure the network interface of the private network you specified in step 10. For more details, see the Configure Q-in-Q section of the Q-in-Q manual.

Disconnect a private network from Global Router

1. In the control panel, in the top menu, click Products → Global Router.
2. Open the router page → Networks tab.
3. In the network menu, select Delete network.
4. Enter the network name to confirm the network deletion.
5. Click Delete. Do not close the window until the network is deleted. After deletion, the Global Router tag will be removed from the private subnet, and the addresses reserved for network equipment will be removed.