Contact UsGet started

Setting up network connectivity in a Yandex BareMetal subnet

Written by
Updated at May 14, 2025

If you set up routing for a private subnet and assigned it a CIDR, the network interfaces of BareMetal servers connected to this subnet will get IP addresses from the range specified in the subnet’s CIDR settings via DHCP.

However, if you did not set up routing for a private subnet, this subnet functions as an OSI L2 network, where DHCP does not work, and you need to assign IP addresses manually in the server network interface settings to establish network connectivity.

This is because the DHCP server becomes part of a private subnet only once the subnet is routable and connected to a virtual network segment (VRF).

Note

If the server OS is installed from Yandex Cloud Marketplace images, IP address acquisition via DHCP is enabled by default on all physical interfaces of this server.

To learn more about networks in Yandex BareMetal, see Network.

In this tutorial, you will learn how to manually disable DHCP on a network interface from a BareMetal server private subnet and assign it a static IP address. You will also learn to re-enable DHCP on the server's network interface after routing is enabled in this subnet.

In this example, you will use BareMetal servers running Linux Ubuntu 24.04. If using another OS, you will need to follow the same steps, but the way you configure network interfaces may differ. For instructions on configuring network interfaces in other operating systems, refer to the relevant OS tutorials.

To configure network connectivity in a Yandex BareMetal subnet:

  1. Get your cloud ready.
  2. Create a private subnet.
  3. Lease BareMetal servers.
  4. Manually configure the network interfaces.
  5. Create a VRF segment and enable routing in the private subnet.
  6. Enable DHCP on the network interfaces.

See also How to cancel a server lease.

Getting started

Sign up in Yandex Cloud and create a billing account:

  1. Navigate to the management console and log in to Yandex Cloud or register a new account.
  2. On the Yandex Cloud Billing page, make sure you have a billing account linked and it has the ACTIVE or TRIAL_ACTIVE status. If you do not have a billing account, create one and link a cloud to it.

If you have an active billing account, you can navigate to the cloud page to create or select a folder for your infrastructure to operate in.

Learn more about clouds and folders.

The cost of the proposed solution includes the BareMetal server lease fee (see Yandex BareMetal pricing).

Create a private subnet

Create a private subnet in the ru-central1-m3 server pool:

  1. In the management console, select the folder to create your infrastructure in.
  2. In the list of services, select BareMetal.
  3. In the left-hand panel, select Private subnets and click Create subnet.
  4. In the Pool field, select the ru-central1-m3 server pool.
  5. In the Name field, enter a name for the subnet: subnet-m3.
  6. Without enabling the IP addressing and routing option, click Create subnet.

Lease BareMetal servers

  1. In the management console, select the folder to create your infrastructure in.

  2. In the list of services, select BareMetal and click Lease server.

  3. In the Pool field, select the ru-central1-m3 server pool.

  4. Under Configuration, select the appropriate server configuration.

  5. (Optionally) Under Disk, configure disk partitioning:

    1. Click Configure disk layout.

    2. Specify the partitioning parameters. To create a new partition, click Add partition.

      Note

      To build RAID arrays and configure disk partitions yourself, click Remove RAID.

    3. Click Save.

  6. Under Image, select the Ubuntu 24.04 image.

  7. Under Lease conditions, select the period you want to lease the server for. When this period expires, server lease will be automatically renewed for the same period.

  8. Under Network settings:

    1. In the Private subnet field, select subnet-m3, which you created earlier.
    2. In the Public address field, select No address.

  9. Under Access:

    1. In the Password field, use one of these options to create a password for the root user:

      • To generate a password for the root users, select New password and click Generate.

        Warning

        This option assumes that the user is responsible for password security. Save the password in a safe place. Yandex Cloud does not store this password, and you will not be able to view it once you lease the server.

      • To use the root user password saved in a Yandex Lockbox secret, select Lockbox secret.

        In the Name, Version, and Key fields, select the secret, its version, and the key your password is saved in, respectively.

        If you do not have a Yandex Lockbox secret, click Create to create it.

        This option allows you either to set your own password (the Custom secret type) or to use an automatically generated one (the Generated secret type).

    2. In the Public SSH key field, select the SSH key saved in your organization user profile.

      If there are no SSH keys in your profile, or you want to add a new key:

      • Click Add key.
      • Enter a name for the SSH key.
      • Upload or paste the contents of the public key file. You need to create a key pair for the SSH connection to a server yourself.
      • Click Add.

      The system will add the SSH key to your organization user profile.

      If adding SSH keys by users to their profiles is disabled in the organization, the public SSH key will be saved only to the new BareMetal server's user profile.

  10. Under Server information in the Name field, enter a name for the server: server-m3-1.

  11. Click Lease server.

  12. Similarly, lease one more server named server-m3-2 in the ru-central1-m3 server pool.

Note

Getting servers ready and installing operating systems on them may take up to 45 minutes. The servers will have the Provisioning status during this time. After OS installation is complete, the server status will change to Ready.

Manually configure the network interfaces .

As the DHCP server is disabled in the subnet-m3 private subnet, the BareMetal servers you created were not assigned internal IP addresses, and there is no network connectivity between them.

At this stage, you will connect to the servers and modify the settings of their network interfaces linked to the private subnet by disabling DHCP and assigning them static IP addresses.

No public IP addresses were assigned to the servers, so you cannot connect to them over SSH. To connect to the servers, you will use the KVM console.

Configure the network interfaces to use static IP addresses

  1. In the management console, select the folder to create your infrastructure in.

  2. In the list of services, select BareMetal.

  3. In the row with the server-m3-1 server, click and select KVM console.

    You will see an authentication line in the KVM console terminal window that opens:

    server-m3-1 login:

    If you do not see this line, try restarting the server.

    Perform all further actions described in this step in the KVM console terminal:

    1. Specify root for the username and press ENTER.

    2. Paste the password received when leasing the server in the password input line and press ENTER. Note that when typing or pasting a password in Linux, the characters you enter are not displayed on the screen.

      Tip

      To paste text from the clipboard to the KVM console, use the Paste text here field in the upper right corner.

      Result:

      Welcome to Ubuntu 24.04.2 LTS (GNU/Linux 6.8.0-53-generic x86_64)
...
root@server-m3-1:~# _

      If you did not save the server administrator password, you can create a new password following this guide or reinstall the server OS.

    3. View a list of the server’s network interfaces and find the interface connected to the private subnet:

      ip a

      Result:

      ...
5: etx2: <BROADCAST, MULTICAST,UP,LOWER_UP> mtu 1500 qdisc ma state UP group default qlen 1000
    link/ether 00:02:09:35:fd:31 brd ff:ff:ff:ff:ff:ff
    altname enp6s0d1
    inet6 fe80::202:c9ff:fe35:fd31/64 scope link
        valid_lft forever preferred_lft forever
...

      Since the server has no public IP address, its only active network interface (with the state UP status) is the one connected to the private subnet. In the example above, this interface has the etx2 ID. In the next step, you will assign a static IP address to this interface.

    4. Open the server network interface configuration file:

      nano /etc/netplan/50-cloud-init.yaml

    5. In the file that opens, edit the network interface settings:

      network:
  version: 2
  ethernets:
    ... # This example shows only the configuration of the interface you need to set up
    etx2:
      match:
        macaddress: "00:02:09:35:fd:31"
      dhcp4: false # Here, opt out of using DHCP
      addresses: # Set the interface static IP address in this section
        - 192.168.1.101/24
      set-name: "etx2"

      For the etx2 interface, configure the following settings:

      • Change the dhcp4 value to false to opt out of using DHCP and set the interface IP address statically.

      • Add the addresses section with the internal static IP address assigned to the server. Each server's address must be unique within the subnet.

        Note

        For subnet addressing purposes, you can use any CIDR in the ranges reserved for private networks: 10.0.0.0/8, 172.16.0.0/12, or 192.168.0.0/16. The subnet must include at least eight addresses (the maximum CIDR prefix length is /29).

      To save the changes and exit the text editor, press Ctrl + X and confirm saving changes to the 50-cloud-init.yaml file.

    6. Apply your changes:

      netplan apply

    7. Make sure the network interface was assigned an IP address. To do this, run the following command and filter the output by the interface ID:

      ip a | grep etx2

      Result:

      5: etx2: <BROADCAST,MULTICAST, UP,LOWER_UP> mtu 1500 qdisc ma state UP group default qlen 1000
    inet 192.168.1.101/24 brd 192.168.1.255 scope global etx2

      The network interface is configured to use the 192.168.1.101 static IP address in the private subnet named subnet-m3.

  4. Similarly, configure the server-m3-2 network interface by assigning it the 192.168.1.102/24 static IP address in the netplan settings.

Test network connectivity between the servers

By reconfiguring the network interfaces of the servers in the private subnet, you established network connectivity between them. Here is how you can test it:

  1. In the management console, select the folder to create your infrastructure in.

  2. In the list of services, select BareMetal.

  3. In the row with the server-m3-1 server, click and select KVM console.

  4. Authenticate as the root user in the KVM console terminal with the password you saved when leasing the server.

  5. In the KVM console terminal, run the ping command to check you can access server-m3-2 by its IP address, 192.168.1.102:

    ping 192.168.1.102 -c 5

    Result:

    PING 192.168.1.102 (192.168.1.102) 56(84) bytes of data.
64 bytes from 192.168.1.102: icmp_seq=1 ttl=64 time=3.90 ms
64 bytes from 192.168.1.102: icmp_seq=2 ttl=64 time=0.235 ms
64 bytes from 192.168.1.102: icmp_seq=3 ttl=64 time=0.222 ms
64 bytes from 192.168.1.102: icmp_seq=4 ttl=64 time=0.231 ms
64 bytes from 192.168.1.102: icmp_seq=5 ttl=64 time=0.235 ms

--- 192.168.1.102 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4086ms
rtt min/avg/max/mdev = 0.222/0.964/3.899/1.467 ms

    Network connectivity between the servers has been established with zero packet loss.

Create a VRF segment and enable routing in the private subnet

To activate the DHCP server in the private subnet, create a virtual network segment (VRF) and enable routing in the subnet by linking it to this VRF.

Create a virtual network segment (VRF)

  1. In the management console, select the folder to create your infrastructure in.
  2. In the list of services, select BareMetal.
  3. In the left-hand panel, select VRF and click Create VRF.
  4. In the Name field, enter a name for the VRF segment: my-vrf.
  5. Click Create VRF.

Connect the private subnet to the VRF segment

  1. In the management console, select the folder to create your infrastructure in.

  2. In the list of services, select BareMetal.

  3. In the left-hand panel, select Private subnets.

  4. In the subnet-m3 row, click and select Edit. In the window that opens:

    1. Enable IP addressing and routing.
    2. In the Virtual network segment (VRF) field, select the previously created segment, my-vrf.
    3. In the CIDR field, specify 192.168.1.0/24.
    4. In the Default gateway field, keep the default value, 192.168.1.1.
    5. Enable the Assigning IP addresses via DHCP option and in the IP address range field that appears, leave the default values, 192.168.1.1192.168.1.254.

  5. Click Save changes.

Enable DHCP on the network interfaces

After you enabled routing in the private subnet and connected it to the VRF segment, a DHCP server started automatically in this subnet. To allow network interfaces of your BareMetal servers to obtain IP addresses via DHCP, you need to enable DHCP in their configuration.

Note

The DHCP server that serves the VRF-enabled private subnets can only assign IP addresses to physical interfaces of known (trusted) BareMetal servers. Therefore, you cannot assign IP addresses from a private subnet to containers or VMs running on your server.

Enable DHCP

  1. In the management console, select the folder to create your infrastructure in.

  2. In the list of services, select BareMetal.

  3. In the row with the server-m3-1 server, click and select KVM console.

  4. Authenticate as the root user in the KVM console terminal with the password you saved when leasing the server. Perform all further actions described in this step in the KVM console terminal:

    1. Open the server network interface configuration file:

      nano /etc/netplan/50-cloud-init.yaml

    2. In the file, edit the settings of the network interface connected to the private subnet:

      network:
  version: 2
  ethernets:
    ... # This example shows only the configuration of the interface connected to the private subnet
    etx2:
      match:
        macaddress: "00:02:09:35:fd:31"
      dhcp4: true # Here, enable DHCP
      # Comment out or delete the addresses section
      # addresses:
      #   - 192.168.1.101/24
      set-name: "etx2"

      Configure the following settings for the interface:

      • Change the dhcp4 value to true to enable DHCP for automatic IP address assignment on this interface.
      • Comment out or delete the addresses section with the internal static IP address assigned to the server.

      To save the changes and exit the text editor, press Ctrl + X and confirm saving changes to the 50-cloud-init.yaml file.

    3. Apply your changes:

      netplan apply

    4. Make sure the network interface was assigned an IP address. To do this, run the following command and filter the output by the interface ID:

      ip a | grep etx2

      Result:

      5: etx2: <BROADCAST,MULTICAST, UP,LOWER_UP> mtu 1500 qdisc ma state UP group default qlen 1000
    inet 192.168.1.2/24 metric 100 brd 192.168.1.255 scope global dynamic etx2

      The server-m3-1 network interface is assigned the 192.168.1.2 IP address in the private subnet named subnet-m3.

  5. Similarly, configure the server-m3-2 network interface and save the IP address assigned to it in the private subnet. In our example, this is 192.168.1.3.

Test network connectivity between the servers

Make sure the servers retained network connectivity after obtaining IP addresses in the private subnet via DHCP.

  1. In the management console, select the folder to create your infrastructure in.

  2. In the list of services, select BareMetal.

  3. In the row with the server-m3-1 server, click and select KVM console.

  4. Authenticate as the root user in the KVM console terminal with the password you saved when leasing the server.

  5. In the KVM console terminal, run the ping command to check you can access server-m3-2 by the IP address you saved in the previous step, e.g., 192.168.1.3:

    ping 192.168.1.3 -c 5

    Result:

    PING 192.168.1.3 (192.168.1.3) 56(84) bytes of data.
64 bytes from 192.168.1.3: icmp_seq=1 ttl=64 time=0.271 ms
64 bytes from 192.168.1.3: icmp_seq=2 ttl=64 time=0.215 ms
64 bytes from 192.168.1.3: icmp_seq=3 ttl=64 time=0.262 ms
64 bytes from 192.168.1.3: icmp_seq=4 ttl=64 time=0.223 ms
64 bytes from 192.168.1.3: icmp_seq=5 ttl=64 time=0.208 ms

--- 192.168.1.3 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4106ms
rtt min/avg/max/mdev = 0.208/0.235/0.271/0.025 ms

    Network connectivity between the servers has been established with zero packet loss.

How to cancel server lease

You cannot delete BareMetal servers. Instead, you can cancel their lease.

To stop paying for the resources you created, cancel the lease of the BareMetal servers you created earlier.

Previous
Configuring VRRP for a cluster of BareMetal servers
Next
Setting up network connectivity between BareMetal and Virtual Private Cloud subnets