1. Academy
  2. Networking & Infra

How to set up a private network between two instances

In this tutorial, we explain step by step how to set up a private network within OpenStack between two instances.

Introduction

When you use multiple instances that have to communicate with each other, you want to do this in the most secure way; let them communicate with each other through a private network instead from the outside.

Fuga Cloud offers with OpenStack an easy way to create a private network between your instances. 

In this tutorial, you learn how to set up the Private network that can be used to talk locally to another instance.

Prerequisites

For this tutorial you'll need the following:

  1. A Fuga Cloud account
  2. Knowledge of security groups
  3. (optional) 2 compute instances

Step 1: setup an internal network

  1. Go to your dashboard
  2. Click on the ‘Networking’ tab and select ‘Networks’
  3. Create a new network
    1. Enter a network name: <my private network>
    2. (Optional) enter a description: <this will link 2 instances through a private network>
    3. Select Creating a subnetwork
      1. Enter a subnet name: <my private subnet>
      2. Fill in a subnet range, like: 192.168.0.0/24
      3. Select IPv4
      4. Disable the Gateway option

    Step 2: assign the internal network to an instance

    Note: If the instance is not yet created, follow our tutorial about directly attaching them to an IPv4 / IPv6, but select then your private network to.

    1. Go to your dashboard
    2. Click on the ‘Compute’ tab and select ‘Instances’
    3. Click on an instance you want to connect to the private network
      1. Select the 3 dots:
      2. Click on the ‘add a port’
        1. Select ‘by network’
        2. Select the created private network
        3. (optional) assign a static IP to the instance

    Step 2a:

    Note: It can take a minute for the instance to recognize the added VIP.

    Some operating systems (OS) will not automatically recognize an added virtual interface port (VIP). It’s important to check if the chosen OS has the new assigned VIP. 

    • Log into your instance with your SSH key
    • Fill in the next command:
    ip a

    In the above output, you see two VIPs, one has an IP and the other none. This means that the VIP is not set up, with DHCP or static IP for that VIP. 

    This has to be done manually inside your instance. See "How to setup an extra port with Netplan" about adding an IP address to a VIP.

    Step 3: Configure the security group settings

    Each port within an instance has security groups. By default, this is ‘default’ (this one should not be edited).

    1. Create a new security group. (see our tutorial "How to use Security Groups to tighten security" about security groups)
      1. Set up the permissions for your network (firewall rules)
    2. Assign the security group to the port on the instances of your private network.
      1. Go into your instance
      2. Browse to the ports and select the port that has the internal network connected
      3. Add the ‘new’ security group
      4. (optional) delete the ‘default’ security group

    Conclusion

    After you followed this tutorial you have interconnected at least two instances to talk over a private network you just created.