Set up a private network for Dedicated Servers (AlmaLinux 8 and 9 and Rocky Linux 8 and 9)

For Dedicated Servers which are managed in the Cloud Panel

With a private network, you can divide your existing network into several logical networks. The servers communicate via local IPs that are not routed on the Internet.

The use of private networks offers you the following advantages:

• You can organize your networks according to organizational aspects.
• You can easily add or remove your servers.
• You can reduce latency and network load.
• You can optimize traffic by prioritizing data packets.
• Each server can only communicate with servers that are in the same private network.

The use of a private network can be useful in the following cases, for example:

• Setting up a private network for departments or project teams
• Setting up a private network that is connected to a load balancer
• Setting up a private network for a web server and a database server

You can create a private network consisting of Dedicated Servers by configuring tagged VLANs. VLANs are virtual, local networks. These are summarized in a standard in IEEE 802.1Q. With VLANs, you can divide an existing physical network into several logical networks with different subnets. The data traffic is encapsulated so that data from one or more VLANs can be transmitted independently of each other.

With tagged VLANs, there is no fixed assignment between the virtual network and a port. The assignment is made by tagging the data packets. The data packets are provided with tags in which the VLAN ID is stored. This is done in accordance with IEEE 802.1Q by the respective end device. In this case, these are the servers that are assigned to the private network. A switch can use the VLAN ID to recognize which VLAN the data packet belongs to. In this way, several VLANs can be used via a single switch port.

How to configure an Ethernet interface of a dedicated server with AlmaLinux 8, AlmaLinux 9, Rocky Linux 8, or Rocky Linux 9 as an IEEE 802.1Q VLAN trunk:

The VLAN ID is required for the configuration of the network card. How to determine the VLAN ID:

• Log in to your IONOS account.

• In the title bar, click on Menu > Servers & Cloud.
  Optional: Select the desired Server & Cloud contract.

• Activate the desired server in the Infrastructure > Server area.

• Scroll to the Private networks menu item.

• Make a note of the VLAN ID. Example: VLAN: 3509

To configure the network interface, proceed as follows:

• Log in to the server as an administrator.

• Use vi to create the configuration file for the network interface.

  root@example.com:~# vi /etc/sysconfig/network-scripts/ifcfg-PHYSICAL_INTERFACE_NAME.VLAN-ID

  
  Example:

  root@example.com:~# vi /etc/sysconfig/network-scripts/ifcfg-eth0.3509

• Insert the required information in the following form:

  VLAN=yes
  TYPE=Vlan
  VLAN_ID=VLAN-ID
  DEVICE=NAME_OF_PHYSICAL_INTERFACE.VLAN-ID
  BOOTPROTO=static
  ONBOOT=yes
  IPADDR=IP_ADDRESS
  NETMASK=SUBNET_MASK
  GATEWAY=IP-Gateway

  
  Example:

  VLAN=yes
  TYPE=Vlan
  VLAN_ID=3509
  DEVICE=eth0.3509
  BOOTPROTO=static
  ONBOOT=yes
  IPADDR=192.168.4.3
  NETMASK=255.255.255.0
  GATEWAY=192.168.4.1

• To exit vi and save the file, enter the command below and then press Enter:

  :wq

• To restart the network interface for the private network, enter the following command:

  
  AlmaLinux 8

  root@example.com: ifup NAME_OF_PHYSICAL_INTERFACE.VLAN-ID

  Example:

  ifup eth0.3509

  
  AlmaLinux 9

  root@example.com: sudo systemctl restart NetworkManager

To check whether the network interface for the private network has been configured correctly, send a ping to the IP address of another server that is assigned to the private network.

Example:

[root@localhost system-connections]# ping -c 1 192.168.4.2
PING 192.168.4.2 (192.168.4.2) 56(84) bytes of data.
64 bytes from 192.168.4.2: icmp_seq=1 ttl=64 time=0.478 ms

--- 192.168.4.2 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.478/0.478/0.478/0.000 ms

When the data packets are delivered to the server, the network interface has been configured for the private network.

The physical network interface was not found:

An error message is displayed after entering the command ifup eth0.3509. Example:

Device eth0.3509 does not seem to be present, delaying initialization.

This message could indicate that either the setting vlan=yes is missing in the file ifcfg-eth0.3509, or the specified device name does not correspond to the naming convention of vconfig. To reload the kernel module, enter the command ifup.

No 802.1Q VLAN support available in the kernel:

If you receive an error message that is identical or similar to the error message below, the kernel module required to provide VLAN support has not been loaded.

No 802.1Q VLAN support available in kernel for device eth0.2

To reload the kernel module, enter the command ifup.

To check whether the 802.1Q kernel module is currently loaded, enter the following command:

lsmod | grep 8021q

If the 802.1Q kernel module is not listed, it has probably not been found. To confirm this, enter the following command:

modprobe 8021q

If you then see the error message below, you are probably using a different kernel to the one you originally installed and have not loaded a suitable set of kernel modules:

FATAL: Could not open '/lib/modules/2.6.18-194.el5/kernel/net/8021q/8021q.ko': No such file or directory

If this is the case, there is no directory in /lib/modules that corresponds to the current kernel version.

Other causes for this error are

• The file in question has been deleted.
• You are using a kernel in which kernel module 802.1Q is not listed.