Latitude.sh servers are configured with a public and a private interface on a Layer 3 network topology by default. With private networking, you can switch to a Layer 2 topology, allowing for L2 traffic between two or more instances. Layer 2 packets don’t go through the network layer, and traffic is not filtered in any way. Latitude.sh does not charge for traffic from private networks, either inbound or outbound.

Benefits & use cases

Private networking provides a myriad of benefits, with the most important ones being:
  • Traffic doesn’t go through the public internet, enhancing security.
  • Private network traffic doesn’t count against your bandwidth quota.
This feature is especially useful when you don’t want or need traffic from specific servers going through the public internet. Common use cases include:
  • Connecting a database server to a web application privately.
  • Managing internal services like DHCP.
  • Setting up Kubernetes clusters with direct node communication.

Setup

Step 1: Create a VLAN

The first step is to create a Virtual Network — commonly referred to as VLAN.
1

Create a VLAN

Log in to the dashboard, select a project, navigate to Networking → Private networks in the sidebar menu, and click Create VLAN. Select the location and add a description to help you identify what the VLAN is used for.

Step 2: Assign servers

After creating the VLAN, assign at least two servers to allow the server’s private IPs to communicate.
1

Assign servers to the VLAN

Go to the Virtual Network you created and click Assign. Select the server you’d like to assign - only servers from the facility the virtual network was created in will be listed. Save and wait a few seconds while the network is provisioned.

Step 3: Configure the OS

The network provisioning on Latitude.sh switches is handled automatically after you assign your first server to a VLAN. Latitude.sh has no access to your servers, an additional step is required, and you need to configure the VLAN on your Operating System.
1

Load the 8021q module into the kernel and install the VLAN package

sudo modprobe 8021q
sudo apt install vlan
2

Change netplan

Change the Netplan configuration file in /etc/netplan/50-cloud-init.yaml and add the configuration below to the end of the file.
  • Replace {{VID}} with the VID value from the VLAN you created.
  • Replace 10.8.0.1 with a private address of your choice. This address becomes the private IP of the server within the VLAN. It can be anything you want, but each server in the same VLAN needs a different IP.
  • Replace eno2 with the correct interface name. For servers with bonded interfaces, use bond0.
vlans:
  vlan.{{VID}}:
    id: { { VID } }
    link: eno2
    addresses: [10.8.0.1/24]
The vlans section should be at the same indentation level of the ethernet key.
3

Adding a default route

Due to eventual changes in Netplan versions, to use Cloud Gateway, you need to define a default route to ensure proper network routing. You can do that by adding the following routes section under the vlans key:
routes:
  - to: 10.8.0.0/16
    via: 192.168.0.1
  • Replace 10.8.0.0/16 with the network prefix you want to reach through eno2.
  • Replace 192.168.0.1 with the gateway IP address for your network (typically the first IP of your subnet).
4

Save the file and apply the configuration

sudo netplan apply
This configuration is persistent, you don’t need to do anything else.

Additional Resources