Get Rewarded! We will reward you with up to €50 credit on your account for every tutorial that you write and we publish!

Hetzner Cloud: Networks

profile picture
Author
Lukas Kämmerling
Published
2019-07-10
Time to read
6 minutes reading time

Introduction

In this tutorial we will introduce you to Hetzner Cloud Networks, the private networking feature for the Hetzner Cloud.

You have many options to manage Hetzner Cloud Networks:

In this tutorial we will use the CLI tool hcloud.

Prerequisites

  • Hetzner Cloud API Token
    • Basic knowledge about the Hetzner Cloud
      • We assume that you know what a server, an image, a server type or a Network is.
    • Visit Hetzner Cloud Console at https://console.hetzner.cloud, select your project, and create a new API Token.
  • latest hcloud tool is installed (> 1.13.0)
    • Windows, FreeBSD
      • Grab your pre-built binary from Github
    • Linux
      • Using Homebrew
        • brew install hcloud
      • Grab your pre-built binary from Github
    • MacOS
      • Using Homebrew
        • brew install hcloud
      • Grab your pre-built binary from Github

What are Networks?

Networks is a free feature for the Hetzner Cloud, which allows you to create private IPv4 networks between your Hetzner Cloud servers. For example, you could create a database server which is only available on the private network instead of binding it to the public network, where it would be accessible from everywhere.

You can fully customize the network range as long as you use the network ranges described in RFC1918:

  • 10.0.0.0/8
  • 172.16.0.0/12
  • 192.168.0.0/16

A Network itself is globally available; each Network can have up to 50 subnets. You can attach up to 100 servers to a Network. As sample: A Network could have the IP range 10.0.0.0/8, a subnet 10.0.0.0/24 and a server in this subnet could have the IP 10.0.0.2.

Step 1 - Set up our test environment

Before we can start, we need to set up a test environment. We need at least two servers to demonstrate the usage of Networks. For our test, two CX11 are enough. We will create them now with the CLI and the following commands:

hcloud server create --name node-1 --type cx11 --image ubuntu-18.04
hcloud server create --name node-2 --type cx11 --image ubuntu-18.04

After these commands, you need to create a new Network and a subnet. We will choose the network range 10.0.0.0/8, so every server which is attached to this network will get an IP from this range.

hcloud network create --name my-network --ip-range 10.0.0.0/8

Now we need to create a subnet within this network. We specify that the subnet is in the network zone eu-central which includes the locations hel1,fsn1 and nbg1, is of type server and the ip range is 10.0.0.0/24, so every attached server will get an IP from this range.

hcloud network add-subnet my-network --network-zone eu-central --type server --ip-range 10.0.0.0/24

Now we just need to attach the servers to the network. We don't need to specify an IP for the server on this step, because the Hetzner Cloud system will pick a free private IP in your subnet for you, but of course you can specify an IP.

hcloud server attach-to-network node-1 --network my-network
hcloud server attach-to-network node-2 --network my-network --ip 10.0.0.7

Now both servers should have an IP from your Network. node-1 should have the IP 10.0.0.2 and node-2 should have 10.0.0.7. You can check this with the commands hcloud server describe node-1 and hcloud server describe node-2. When you run these commands you should see a text similar to this in the output:

Name:		node-1
[...]
Private Net:
  - ID:			21
    Name:		my-network
    IP:			10.0.0.2
    Alias IPs:		-

Congratulations! You have created your first network and attached servers to it. The IP should already be configured for you! Let's connect to these servers and check IPs.

hcloud server ssh node-1

You should see something like IP address for ens7: 10.0.0.2 in the welcome message from your server!

Step 2 - Networks in action

You have successfully configured the networks; now let's run some small tests. First, you should open two terminal windows and access both servers via SSH.

First window:

hcloud server ssh node-1

Second window:

hcloud server ssh node-2

We will now perform a ping from each node.

First window:

ping 10.0.0.7

Second window:

ping 10.0.0.2

You should see a similar output on both windows:

First window:

root@node-1:~# ping 10.0.0.7
PING 10.0.0.7 (10.0.0.7) 56(84) bytes of data.
64 bytes from 10.0.0.7: icmp_seq=1 ttl=63 time=0.464 ms
64 bytes from 10.0.0.7: icmp_seq=2 ttl=63 time=0.969 ms

Second window:

root@node-2:~# ping 10.0.0.2
PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data.
64 bytes from 10.0.0.2: icmp_seq=1 ttl=63 time=2.89 ms
64 bytes from 10.0.0.2: icmp_seq=2 ttl=63 time=0.630 ms

The servers can access each other via the private network.

Let's see how the traffic between these nodes goes. We will perform a mtr on node-1.

First window:

mtr 10.0.0.7

You should get an output similar to this:

                                       Packets               Pings
 Host                                Loss%   Snt   Last   Avg  Best  Wrst StDev
 1. 10.0.0.1                          0.0%    45    8.8   7.8   5.4  11.1   1.0
 2. 10.0.0.7                          0.0%    44    0.6   0.7   0.5   2.0   0.3

You can see the following: Packets to 10.0.0.7 goes through the gateway (10.0.0.1) and then directly to the destination 10.0.0.7! Nothing else is between them. To show you the difference to the public interface we perform a mtr on the public IP of node-2 too. We assume that the public IP is 203.0.113.XX.

First window:

mtr 203.0.113.XX # please replace this with the public IP of node-2

Result:

 1. _gateway                          0.0%     4    0.2   0.2   0.1   0.2   0.0
 2. XXXXX.your-cloud.host             0.0%     4    0.3   0.7   0.3   1.9   0.8
 3. XXX.cloud1.YYYYYY.hetzner.com     0.0%     4   13.5  15.3  13.5  19.0   2.5
 4. YYYYY.your-cloud.host             0.0%     4    0.6   0.6   0.3   1.0   0.3
 5. ???
 6. static.XX.113.0.203.clients.your  0.0%     3    0.5   0.6   0.5   0.6   0.1

On the public interface, there is no direct connection between the nodes like on the private networks.

Conclusion

You have now a brief overview over the Hetzner Cloud Networks feature. As you can image, there are many usecases for using this feature like databases, kubernetes or secure connection to your servers via VPN.

Want to contribute?

Get Rewarded: Get up to €50 in credit! Be a part of the community and contribute. Do it for the money. Do it for the bragging rights. And do it to teach others!

Report Issue
Try Hetzner Cloud

Get 20€ free credit!

Valid until: 31 December 2024 Valid for: 3 months and only for new customers
Get started
Want to contribute?

Get Rewarded: Get up to €50 credit on your account for every tutorial you write and we publish!

Find out more