Private network

A private network is a local network to which all servers from a single server pool are connected. Logically joins servers into isolated user networks. Some BareMetal server configurations support reserving MC-LAG private network channels.

Within a single pool, you can have network connectivity between leased servers at the OSI network model levels L2 (private subnet) and L3 (VRF).

Between servers physically residing in different pools, only VRF-enabled L3 connectivity is available.

Private subnetPrivate subnet

A private subnet is a virtual local area network (VLAN) that groups servers together within one pool. This network is physically isolated from the internet and logically from other users' virtual networks.

Each private subnet automatically gets a unique IEEE 802.1Q VLAN ID. The subnet gets this VLAN ID not when created but when attached to any BareMetal server.

You can attach several private subnets (one primary and several secondary) to the server's network interface (or MC-LAG aggregation group) connected to a private network at the same time. The same private subnet can serve as the primary subnet on some servers and as a secondary subnet on others.

Primary private subnetPrimary private subnet

Each BareMetal server must have one private subnet attached as its primary subnet. The primary private subnet is a virtual network with a native (native) VLAN. All untagged traffic arriving at the server's network interface (aggregation group) is routed to this subnet.

Within the server's primary private subnet, DHCP can be used.

You can replace the primary private subnet only on servers that have no secondary private subnets attached.

Secondary private subnetSecondary private subnet

You can attach secondary private subnets to a BareMetal server. A secondary private subnet is a virtual network with a tagged (tagged) VLAN. This secondary subnet receives traffic bound for the server's network interface (aggregation group) and tagged consistently with the subnet's unique VLAN ID (tagged traffic).

By default, only one private subnet, the primary one, can be attached to a BareMetal server's network interface. To be able to attach secondary private subnets, contact support to have your baremetal.privateSubnetsPerServerInterface.count quota increased.

You can attach a secondary private subnet to a server when modifying the latter. For more information, see Updating a server.

After a secondary private subnet is attached, you should manually configure the VLAN on the network interface in the server's OS. For more information, see Setting up a secondary private subnet with a tagged VLAN on a server.

Virtual network segment (VRF)Virtual network segment (VRF)

To provide L3 routing, private subnets with configured routing are aggregated into virtual network segments (VRFs).

Servers from the same or different pools connected to different private subnets, grouped together under VRF, will be able to maintain L3 networking between them. To configure such networking, select the same VRF for the relevant subnets under IP addressing and routing.

For subnet addressing purposes, you can use any CIDR in the ranges reserved for private networks: 10.0.0.0/8, 172.16.0.0/12, or 192.168.0.0/16. The subnet must include at least 8 host addresses, requiring a CIDR prefix length is /29.

Private connection to cloud networksPrivate connection to cloud networks

To set up network connectivity between BareMetal servers, Yandex Virtual Private Cloud private subnets, and private subnets in the on-premise infrastructure, use Yandex Cloud Interconnect.

See alsoSee also

• Network
• Public network
• DHCP in a Yandex BareMetal network
• Reserving a BareMetal network connection using MC-LAG
• Creating a VRF
• Creating a private subnet
• Creating a private connection to cloud networks