VPC Networking
Overview
VPC (Virtual Private Cloud) provides isolated private networks for instances. Each VPC is a dedicated overlay network that spans across all hypervisors in a location, enabling instances on different physical servers to communicate as if they were on the same local network.
Key capabilities:
- Private subnets -- Create multiple subnets within a VPC with automatic IP allocation
- NAT gateways -- Provide outbound internet access for VPC instances via a shared public IP
- Multi-hypervisor spanning -- VPC networks automatically span all hypervisors in the location
- Tenant isolation -- Each VPC is completely isolated from other users' networks
Admin Setup
Prerequisites
VPC networking requires a dedicated secondary network interface on each hypervisor:
- A secondary NIC on each hypervisor connected to a shared VLAN/switch
- All hypervisors in the group on the same L2 network segment (same VLAN)
- This interface carries VXLAN-encapsulated traffic (UDP 4789)
Enabling VPC on a Hypervisor Group
- Navigate to Compute → Hypervisor Groups and edit the desired group
- Toggle Enable VPC on
- Configure the VXLAN Range (default: 10000--16777214)
- Set the L2 Interface name -- the secondary NIC on each hypervisor (e.g.,
eth1,ens192) - Save
The system automatically assigns link-local IPs (169.254.x.x) to each hypervisor for VXLAN control plane communication. These are visible in the hypervisor table when VPC is enabled.
Configuring NAT Gateway (Optional)
NAT gateways give VPC instances outbound internet access through a shared public IPv4 address. To enable:
- In the Hypervisor Group settings, enable the NAT Gateway toggle
- Configure pricing:
- Monthly Credit Value -- Base hourly cost for the NAT gateway
- Bandwidth Rate -- Per-GB traffic cost in credits
- IPv4 Credit Value -- Monthly cost for the dedicated public IPv4
- Configure Bandwidth Accounting mode --
uploads,downloads, orboth - Configure Bandwidth Overage policy:
none-- No limit enforcedcharge_overage-- Charge per-GB above the limitrevoke_access-- Suspend the gateway when bandwidth is exceeded
- Save
User Guide
Creating a VPC
- Navigate to Networking → VPC
- Click Create VPC
- Enter a Name and optional Description
- Select a CIDR block for the VPC address space:
10.0.0.0/16172.16.0.0/16192.168.0.0/16
- Select a Location (must have VPC enabled)
- Click Create
Creating Subnets
- Inside the VPC detail page, click Create Subnet
- Enter a subnet CIDR within the VPC range (e.g.,
10.0.1.0/24) - The gateway is auto-assigned (first usable IP)
- IP addresses are auto-generated for the range
Deploying Instances into a VPC
- During instance creation, select the VPC and Subnet
- The instance receives a VPC interface with a private IP from the selected subnet
- Cloud-init configures networking automatically
- Instances in the same subnet can communicate directly
Enabling a NAT Gateway
- On the VPC detail page, click Enable NAT Gateway
- The system allocates a dedicated public IPv4 address
- All instances in attached subnets gain outbound internet access via SNAT
- Bandwidth is metered per the location's billing configuration
NAT gateways provide outbound connectivity only. For inbound access, use a public interface on the instance or set up a load balancer.
Troubleshooting
Instances in the same VPC cannot communicate
- Verify both instances are in the same VPC and their subnets are within the VPC CIDR
- Check that neither instance has security groups blocking the traffic
- Confirm the instances are in a running state
No internet access from VPC instances
- Ensure a NAT gateway is enabled on the VPC
- Verify the NAT gateway status is Active
- Check that the instance's subnet is attached to the NAT gateway
- If using security groups, ensure egress rules allow outbound traffic
VPC not available during instance creation
VPC must be enabled on the hypervisor group for the selected location. Enable it in Compute → Hypervisor Groups settings.