Private Networks

Create isolated, secure networks for your VPS instances with Lineserve Private Networks. Perfect for multi-tier applications and secure inter-server communication.

Overview

Private Networks provide:

Network Isolation: Secure communication between instances
Custom IP Ranges: Define your own subnet addressing
High Performance: Low-latency inter-server communication
Security: Traffic never leaves Lineserve infrastructure
Scalability: Connect hundreds of instances

Creating Private Networks

Via Dashboard

Navigate to Networking > Private Networks
Click Create Network
Configure network settings:
- Name and description
- IP range (CIDR notation)
- Region selection

Via CLI

# Create private network
lineserve network create-private \
  --name "web-tier-network" \
  --cidr "10.0.1.0/24" \
  --region us-east-1

# List private networks
lineserve network list-private

# Get network details
lineserve network get-private --network-id net-12345678

Via API

curl -X POST \
  https://api.lineserve.com/v1/network/private \
  -H "Authorization: Bearer YOUR_API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "database-network",
    "cidr": "10.0.2.0/24",
    "region": "us-east-1"
  }'

Network Configuration

Attach Instances to Network

# Attach VPS to private network
lineserve network attach-instance \
  --network-id net-12345678 \
  --instance-id vps-12345678 \
  --ip 10.0.1.10

# Detach instance from network
lineserve network detach-instance \
  --network-id net-12345678 \
  --instance-id vps-12345678

Configure Network Interface

# Ubuntu/Debian configuration
cat >> /etc/netplan/01-netcfg.yaml << EOF
network:
  version: 2
  ethernets:
    eth1:
      addresses:
        - 10.0.1.10/24
      dhcp4: false
EOF

netplan apply

Multi-Tier Architecture

Web-App-Database Setup

# Create networks for each tier
lineserve network create-private \
  --name "web-tier" \
  --cidr "10.0.1.0/24" \
  --region us-east-1

lineserve network create-private \
  --name "app-tier" \
  --cidr "10.0.2.0/24" \
  --region us-east-1

lineserve network create-private \
  --name "db-tier" \
  --cidr "10.0.3.0/24" \
  --region us-east-1

# Attach instances to appropriate networks
# Web servers to web-tier
lineserve network attach-instance \
  --network-id net-web-tier \
  --instance-id vps-web-01 \
  --ip 10.0.1.10

# App servers to both web and app tiers
lineserve network attach-instance \
  --network-id net-web-tier \
  --instance-id vps-app-01 \
  --ip 10.0.1.20

lineserve network attach-instance \
  --network-id net-app-tier \
  --instance-id vps-app-01 \
  --ip 10.0.2.10

# Database servers to app and db tiers
lineserve network attach-instance \
  --network-id net-app-tier \
  --instance-id vps-db-01 \
  --ip 10.0.2.20

lineserve network attach-instance \
  --network-id net-db-tier \
  --instance-id vps-db-01 \
  --ip 10.0.3.10

Network Security

Firewall Rules

# Configure iptables for private network security
# Allow traffic within private network
iptables -A INPUT -s 10.0.1.0/24 -j ACCEPT

# Block external access to private services
iptables -A INPUT -p tcp --dport 3306 -s 10.0.1.0/24 -j ACCEPT
iptables -A INPUT -p tcp --dport 3306 -j DROP

# Allow SSH from management network only
iptables -A INPUT -p tcp --dport 22 -s 10.0.0.0/24 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j DROP

Security Groups

# Create security group for database tier
lineserve network create-security-group \
  --name "database-sg" \
  --description "Database tier security group"

# Add rules to security group
lineserve network add-security-rule \
  --group-id sg-12345678 \
  --protocol tcp \
  --port 3306 \
  --source 10.0.2.0/24 \
  --action allow

# Apply security group to instances
lineserve network apply-security-group \
  --group-id sg-12345678 \
  --instance-id vps-db-01

Load Balancing

Internal Load Balancer

# Create internal load balancer
lineserve network create-load-balancer \
  --name "internal-api-lb" \
  --type internal \
  --network-id net-app-tier \
  --ip 10.0.2.100

# Add backend servers
lineserve network add-lb-backend \
  --lb-id lb-12345678 \
  --instance-id vps-app-01 \
  --port 8080 \
  --weight 100

lineserve network add-lb-backend \
  --lb-id lb-12345678 \
  --instance-id vps-app-02 \
  --port 8080 \
  --weight 100

HAProxy Configuration

# Configure HAProxy for internal load balancing
cat > /etc/haproxy/haproxy.cfg << EOF
global
    daemon

defaults
    mode http
    timeout connect 5000ms
    timeout client 50000ms
    timeout server 50000ms

frontend api_frontend
    bind 10.0.2.100:80
    default_backend api_servers

backend api_servers
    balance roundrobin
    option httpchk GET /health
    server api1 10.0.2.10:8080 check
    server api2 10.0.2.11:8080 check
EOF

systemctl restart haproxy

VPN Gateway

Site-to-Site VPN

# Configure VPN gateway for private network access
lineserve network create-vpn-gateway \
  --name "office-vpn" \
  --network-id net-12345678 \
  --type site-to-site \
  --remote-ip 203.0.113.50 \
  --psk "shared-secret-key"

# Configure local routes
ip route add 192.168.1.0/24 via 10.0.1.1 dev eth1

OpenVPN Server

# Install OpenVPN on gateway instance
apt update && apt install openvpn easy-rsa

# Configure OpenVPN for private network access
cat > /etc/openvpn/server.conf << EOF
port 1194
proto udp
dev tun
server 10.8.0.0 255.255.255.0
push "route 10.0.1.0 255.255.255.0"
push "route 10.0.2.0 255.255.255.0"
push "route 10.0.3.0 255.255.255.0"
keepalive 10 120
comp-lzo
persist-key
persist-tun
EOF

systemctl enable openvpn@server
systemctl start openvpn@server

Monitoring & Troubleshooting

Network Monitoring

# Monitor network traffic
iftop -i eth1

# Check network connectivity
ping 10.0.1.10
traceroute 10.0.2.10

# Monitor network statistics
cat /proc/net/dev
ss -tuln

Common Issues

Instance Cannot Communicate

Verify network attachment
Check IP configuration
Review firewall rules
Test network connectivity

Slow Network Performance

Check network utilization
Verify MTU settings
Monitor for packet loss
Review network topology

IP Address Conflicts

Ensure unique IP assignments
Check DHCP configuration
Verify subnet planning
Review network documentation

Best Practices

Network Design

Plan IP address ranges carefully
Use consistent naming conventions
Document network topology
Implement proper segmentation

Security

Use security groups for access control
Implement network monitoring
Regular security audits
Principle of least privilege

Performance

Optimize network topology
Monitor bandwidth usage
Use appropriate instance types
Consider network proximity

Pricing

Feature	Price
Private Network	$5/month per network
Additional IPs	$1/month per IP
Inter-region traffic	$0.02/GB
Intra-region traffic	Free

API Reference

Create Private Network

POST /v1/network/private
{
  "name": "my-network",
  "cidr": "10.0.1.0/24",
  "region": "us-east-1"
}

Attach Instance

POST /v1/network/private/{network-id}/attach
{
  "instance_id": "vps-12345678",
  "ip": "10.0.1.10"
}

List Networks

GET /v1/network/private

Overview​

Creating Private Networks​

Via Dashboard​

Via CLI​

Via API​

Network Configuration​

Attach Instances to Network​

Configure Network Interface​

Multi-Tier Architecture​

Web-App-Database Setup​

Network Security​

Firewall Rules​

Security Groups​

Load Balancing​

Internal Load Balancer​

HAProxy Configuration​

VPN Gateway​

Site-to-Site VPN​

OpenVPN Server​

Monitoring & Troubleshooting​

Network Monitoring​

Common Issues​

Best Practices​

Network Design​

Security​

Performance​

Pricing​

API Reference​

Create Private Network​

Attach Instance​

List Networks​

Next Steps​