IBM Cloud Docs
Configuring a private network subnet

Configuring a private network subnet


IBM Power Virtual Server located in IBM data centers: Off-premises


You can configure a private network subnet when you create an IBM® Power® Virtual Server, providing your subnet a name and specifying a Classless Inter-Domain Routing (CIDR).

How the private network subnet is configured, depends on the networking configuration of the Power Virtual Server Workspace, which can use one of the following four approaches:

  1. Power Virtual Server Workspace enabled with the Power Edge Router (PER). This is default for most locations if created after mid-2023, and can use VPN Connections.
  2. Power Virtual Server Workspace enabled with Power Cloud Connections. PER is the default connection, and can use VPN Connections.
  3. Direct Link Connect for Power Virtual Servers.
  4. Power Virtual Server VPN service (Power VPNaaS) to Power Virtual Servers.

When you specify a CIDR, the following values are automatically populated:

  • A gateway
  • An IP range
  • DNS server

You must use a CIDR notation when you choose the IP ranges for your private network subnet. CIDR notation is defined in RFC 1518 and RFC 1519. Here is the format of a CIDR:

<IPv4 address>/<number>

For example, 192.168.100.14/24 represents the IPv4 address, 192.168.100.14, and its associated routing prefix 192.168.100.0, or equivalently, its subnet mask 255.255.255.0 (which has 24 leading 1 bits).

To create a new subnet, complete the following steps:

You cannot assign the subnet that has already been assigned to another virtual machine. However, when editing the configuration of a virtual machine, you can assign the same subnet multiple times.

  1. Sign in to the IBM Cloud Portal.

  2. Select the menu icon and select Resource List.

  3. Click the arrow next to Services.

  4. Select the Power Virtual Server workspace to which you'd like to assign a subnet.

  5. Click Subnets in the left navigation pane, then Add subnet.

  6. Enter a name for the subnet, CIDR value (for example: 192.168.100.14/24), gateway number (for example: 192.168.100.15), and the IP range values for the subnet.

  7. You must provide the DNS server value. A DNS server value of 9.9.9.9 might not be reachable if you don't have a public IP. This can cause the LPAR to hang during the startup operation. Go with the default DNS server value of 127.0.0.1 to avoid this issue. As of now, you can add up to 20 DNS servers. The DNS IP addresses must be separated by commas.

  8. You can also attach a primary and redundant cloud connection to the subnet to set up high availability. For more information on high availability, see Setting up high availability over cloud connections.

  9. Click Create subnet.

You can also edit an existing subnet by clicking the subnet in the table. You can attach or detach cloud connections to each of the subnets in the Attached cloud connections section.

You can also create and configure a private network subnet by using the IBM command line interface (CLI). Use the following command to create a private network subnet:

ibmcloud pi network-create-private NETWORK_NAME --cidr-block CIDR --ip-range "startIP-endIP[,startIP-endIP]" [--dns-servers "DNS1 DNS2"] [--gateway GATEWAY] [--json]

Reserving IP addresses

Use the reserved IP addresses to block Power Virtual Server from assigning a specific IP address to a virtual server instance.

You can complete the following tasks:

  • Add IP address
  • See the list of reserved IP addresses
  • Delete the reserved IP address

An IP address that is present in the reserved list, is not auto assigned to a virtual server instance.

Adding an IP address in the reserved list

To add an IP address into the reserved IP address list, perform the following steps:

  • Open the Subnets page in the IBM Cloud.

  • From the list of subnets that you have created, click the desired subnet for which you want to reserve the IP address.

  • Click Reserve IP.

  • Enter your IP address in the IP address field.

    Make sure the IP address that you want to reserve falls in the IP range that you have defined while provisioning the subnet.

  • Provide a description of your reserved IP in the Reserved IP description (optional) field.

Networking considerations

You can establish a private network communication between the two Power Virtual Server instances with any one of the following four approaches:

  1. Use a PER enabled workspace. See, Getting started with PER.
  2. Create and attach the subnet to a cloud connection and Transit Gateway.
  3. Setup routing over Direct Links. See, Ordering Direct Link 2.0 Connect
  4. Configure VPNaaS and set up routing with VPNaaS. See, Managing VPN connections.

In case you are not using any of the four approaches, open a support ticket if you need to establish a private network communication between the two Power Virtual Server instances.

For example, consider that you are adding a subnet 172.10.10.0/24 from the user interface (UI). The virtual server instances that are attached to the subnet must communicate with each other. If you want the virtual server instancse to communicate without using any of the methods listed previously, open a support ticket. You must provide the following subnet information that is displayed in the Power Virtual Server user interface to the support team.

Example subnet information displayed in the UI
Name Gateway VLAN ID CIDR
powerns-net02 172.10.10.1 3001 172.10.10.0/26

Using CIDR notation

You must not use an IP range outside of the ranges that are defined by the RFC 1918 document (10.0.0.0/8, 172.16.0.0/12, or 192.168.0.0/16) for a subnet. The instances that are attached to that subnet might not be able to reach parts of the public internet.

If you are using an IP range outside of the ranges that are defined by the RFC 1918 document (10.0.0.0/8, 172.16.0.0/12, or 192.168.0.0/16) for a subnet you must use Internet Assigned Numbers Authority (IANA) assigned IP addresses and GRE tunneling. For more information, see Generic Routing Encapsulation (GRE) tunneling. PowerVS assigns IP addresses as Internal IP from the prefix 192.168.0.0/16 to your accounts for Public Network access. Once a public subnet is assigned, you cannot use those IP addresses for private networks.

The number after the slash represents the bit length of the subnet mask. As a result, the smaller the number after the slash, the more IP addresses you are allocating. The following table lists the number of available addresses in a subnet (based on its specified CIDR block size):

Understanding CIDR notation caption
CIDR block size Available IP addresses (WDC04,WDC06) Available IP addresses (non-WDC)
/22 1019 1021
/23 507 509
/25 123 125
/26 59 61
/27 27 29
/28 11 13