Gandi Bar

Home > Hosting > Gandi Cloud VPS now has Private VLANs

Gandi Cloud VPS now has Private VLANs

Following a beta test period announced earlier this year, Gandi is pleased to be able to offer private VLAN functionality to all of our IaaS customer base.

VLANs are an established technology in existing networks. They are used to segment larger networks at layer 2, creating "Virtual Local Area Networks" or VLANs. This allows selected computers (or actually their network interfaces) to be connected securely, ensuring fast, private connectivity between selected machines. ON Gandi's IaaS service, the private interfaces that you add to your systems will have the benefits of secure connectivity, and the data you pass between these systems will not be added to your total bandwidth tally.


This technology is a first step toward offering a hybrid cloud service, which is something we are planning for.

It is now possible to:
  • Create up to 128 VLANs for your systems,
  • Add up to 64 interfaces per VLAN.
Every VLAN you create is available within the data center of your choice. Gandi Private VLANs do not yet span data centers.

This release of Gandi's private networking technology is based on VNT, something we developed internally in compliance with networking RFCs. VNT stands for Virtual Network over TRILL.

We extended the existing TRILL protocol by adding "tags" we call VNI (Virtual Network Identifiers), to the private interfaces. These tags allow complete layer 2 routing of traffic between virtual interfaces, with secure separation at the node level.

Normal physical switching equipment is limited to 4096 VLANs. VNT can address 4096**2, or over 16 million VLANs. The great thing is, we didn't have to change out a single piece of networking hardware to make it work!

On the Gandi Cloud VPS platform, you can now host a web server and a separate, secure database server. The database server doesn't need to have a public interface at all, if you don't want it to, and can transact your sensitive network traffic in a locked-down private network segment, safe from prying eyes.
That's not all. You can create up to 128 VLANs, allowing you to construct clusters, enable caching daemons, and construct multi-server application platforms. You can now really do service isolation, and set up network layers in the public cloud, just like you are used to doing in your private corporate networks.

The result? A lot more time saved for you, since you only have to worry about securing the interfaces that you expose to the outside world.


Oh, and the price? FREE!

We only ask for payment on the outbound traffic of public interfaces for your systems. Even then, the first 500 Gigabytes of outbound transfer are free.

We limit private interface traffic to 200Mbits/s, per interface, with a maximum of 128 VLANs and 64 interfaces per VLAN. That's a lot of private bandwidth.

Is our VNT technology open source? Yes it is!

We have already released the source code for the TRILL implementation in Linux on GitHub. The other pieces, (userland trilld, VNT) are getting cleaned up for release right now. We expect them to be available before the end of the year.

For the more technical among you who want to see how VNT works, here's a presentation by William Dauchy at the Kernel Recipes conference (Sep. 2013), talking about TRILL/VNT, which is based on the work of doctors Kamel Haddadou and Ahmed Amamou, of the Gandi R&D team: http://pres.gandi.net/kr2013/
For those who like video, here's one of Thomas Stocking explaining VNT at the dotScale conference in Paris.

The documentation for using Gandi's private VLANs is live on our documentation page.