Skip to main content

Private networks and subnets of the dedicated server

Last update:

A private (local) network is an isolated network within a single data center, without Internet access, which is needed for servers to communicate with each other. In one pool, all servers (except for some Chipcore Line servers) are connected to the LAN at the L2 level via Selectel switches.

Traffic in the local network is not charged.

If only one dedicated server is ordered on an account, the VLAN for the private network is not allocated. VLAN for private network is automatically allocated when ordering the second and subsequent dedicated servers on the account. One VLAN for private network is allocated per account in one pool. If you need a private VLAN, for example, to configure connectivity to a firewall or cloud server, create a ticket.

You can see which VLAN is assigned to a port in the control panel: from the top menu, click ProductsDedicated ServersServers → Server → Server page → Ports tab.

To create network connectivity between dedicated servers that are located in the same pool, specify the same VLAN on the local port of each server and configure local addressing on the network interfaces in the server OS.

To create network connectivity between dedicated servers in different pools or with other Selectel products, use a Selectel Global Router.

When you configure the private network interface on a server, the assigned subnet and IP address are not added to the control panel. You can manually add the private subnet to the control panel to keep track of IP addresses and keep track of busy ones.

If you add or change the private IP address of the server in the control panel, it will not affect the network interface settings, you have to change them on the server yourself.

The network interface for the private network will be configured automatically only when the Linux-based OS is auto-installed. For Windows OS, the network interface for the private network can only be configured manually.

Private IP addresses

Private IP addresses are generated from standardized ranges.

Servers at such addresses are not directly accessible from the Internet.

If traffic is exchanged within one private subnet, traffic within it is not counted.

Standard ranges of private IP addresses

  • 10.0.0.0 - 10.255.255.255 (subnet mask: 255.0.0.0 or /8);
  • 100.64.0.0 - 100.127.255.255 (subnet mask 255.192.0.0 or /10) - This subnet is recommended by RFC 6598 for use as addresses for CGN (Carrier-Grade NAT);
  • 172.16.0.0 - 172.31.255.255 (subnet mask: 255.240.0.0 or /12);
  • 192.168.0.0 - 192.168.255.255 (subnet mask: 255.255.0.0 or /16).

Assign a private IP address to the server

When you configure the private network interface on a server, the assigned subnet and IP address are not added to the control panel. You can add the private subnet to the control panel manually to keep track of IP addresses and keep track of busy ones.

If you add or change the private IP address of the server in the control panel, it will not affect the network interface settings, you have to change them on the server yourself.

The network interface for the private network will be configured automatically only when Linux is auto-installed. For Windows OS, the network interface for the private network can only be configured manually.

You can add private IP addresses in the Control Panel only for servers in a ready configuration with the available 1 Gbps Private Network option.

  1. Add a private subnet in the control panel.
  2. Add a private IP address to the accounting system.
  3. Change the network settings on the server.

1. Add a private subnet in the control panel

  1. In the Control Panel, on the top menu, click Products and select Dedicated Servers.
  2. Go to NetworkPrivate Subnets tab.
  3. Click Add Private Subnet.
  4. Select a region.
  5. Select a pool.
  6. Select VLAN.
  7. In the CIDR field, enter a subnet from the private subnet range.
  8. Click Create.

2. Add a private IP address to the accounting system

  1. In the Control Panel, on the top menu, click Products and select Dedicated Servers.
  2. In the Servers section, open the Server page → Network tab.
  3. In the Private block, click Add IP Address.
  4. Select a private subnet.
  5. Enter the IP address.
  6. Click .

3. Change the network settings on the server

If you have not changed the network interface settings on the server, configure the private network interface on the server.

Private networks in a global router

When you connect a private network to a global router, all subnets belonging to that network will be connected to the router. All subnets will communicate on the L3 layer.

The private network will have the Global Router tag. Three service ports will automatically be reserved for network equipment on the global router subnet.

You will only be able to manage the global router's network and subnets in the global router section of the control panel: from the top menu, click ProductsGlobal Router.

A private subnet tagged Global Router cannot be deleted while it is connected to the global router. To delete a private subnet that is connected to the global router, disconnect the subnet from the global router.

Connect a private network to a global router

  1. Create a global router.
  2. Connect networks and subnets to the global router.

1. Create a global router

  1. In the Control Panel, on the top menu, click Products and select Global Router.
  2. Click Create router. Each account has a limit of five global routers.
  3. Enter the name of the router.
  4. Click Create.
  5. If the router is created with the status ERROR or hangs in one of the statuses, create a ticket.

2. Connect networks and subnets to the global router

You can connect a new network to the router or an existing network if it is not already connected to any of the account's global routers.

  1. In the Control Panel, on the top menu, click Products and select Global Router.

  2. Open the router page → Networks tab.

  3. Click Create Network.

  4. Enter the network name. This will only be used in the control panel.

  5. Select a Servers and Hardware service.

  6. Select a pool.

  7. Select VLAN.

  8. If you want to create a network up to an internal segment (Q-in-Q), specify its tag, a number between 2 and 4094. If there is already a network up to the VLAN, be sure to specify the Q-in-Q segment of this VLAN.

  9. Enter the subnet name. This will only be used in the control panel.

  10. Enter the CIDR - IP address and private subnet mask. You can enter a new subnet or an existing private subnet of the server if it is not already added to any of the global routers in the account. The subnet must meet the conditions:

  • belong to the RFC 1918 private address range: 10.0.0.0/8, 172.16.0.0/12, or 192.168.0.0/16;;
  • have a size of at least /29, as three addresses will be occupied by Selectel network equipment;
  • Do not overlap with other subnets added to this router: The IP addresses of each subnet on the router must not overlap with the IP addresses of other subnets on the router;
  • If the global router network will include a Managed Kubernetes cluster on cloud servers, the subnet must not overlap with the ranges 10.10.0.0/16, 10.96.0.0/12, 10.250.0.0/16 and 10.251.0.0/24. If the network will include a cluster on dedicated servers - with the ranges 10.10.0.0/16, 10.222.0.0/16, 10.250.0.0/16, 10.251.0.0/24 and 172.250.0.0/14. These subnets participate in the internal addressing of Managed Kubernetes, their use may cause conflicts in the global router network.

  1. Enter the gateway IP or leave the first address from the subnet assigned by default. Do not assign this address to your devices to avoid disrupting the network.

  2. Enter service IPs or leave the last addresses from the subnet assigned by default. Do not assign these addresses to your devices to avoid disrupting the network.

  3. Click Create Network.

  4. Optional: Check the network topology on the global router. In the control panel, from the top menu, click ProductsGlobal Router → Router Page → Network Map.

  5. If you specified the Q-in-Q tag, make sure to configure Q-in-Q. When configuring, use the subnet you specified in step 10.

Disconnect the private network from the global router

  1. In the control panel, from the top menu, click ProductsGlobal Router.
  2. Open the router page → Networks tab.
  3. From the menu of the network, select Delete Network.
  4. Enter the name of the network to confirm the deletion of the network.
  5. Click Delete. Do not close the window until the network is deleted. After deletion, the Global Router tag will be removed from the private subnet and the addresses reserved for the network equipment will be deleted.