Complete Guide to Hetzner vSwitch Private Networks

Uncategorized
By Azon Vault

What is Hetzner vSwitch?

Hetzner vSwitch is a powerful networking feature that allows you to create isolated, private networks between your Hetzner servers. Unlike public network traffic that traverses the internet, vSwitch operates on a Layer 2 network within Hetzner’s data centers, keeping your inter-server communication fast, secure, and private.

This feature is available for both Hetzner Cloud and dedicated server customers, making it versatile for various infrastructure needs. Whether you’re running a cluster of web servers, a database setup, or microservices architecture, vSwitch provides the networking foundation you need.

How Hetzner vSwitch Works

vSwitch creates a virtual switch within Hetzner’s network infrastructure. When you connect servers to the same vSwitch, they can communicate directly using private IP addresses without any internet exposure.

  • Layer 2 Networking: vSwitch operates at the data link layer, enabling MAC address-based communication between connected servers.
  • No Internet Transit: All traffic stays within Hetzner’s internal network, eliminating latency and exposure to public internet threats.
  • Flexible Subnetting: You can define your own private subnets, typically using RFC 1918 address ranges like 10.0.0.0/8 or 172.16.0.0/12.
  • Automatic Discovery: Connected servers on the same vSwitch can discover each other automatically within the defined network.

Key Benefits of Using Hetzner vSwitch

1. Enhanced Security

Your server-to-server communication never touches the public internet. This dramatically reduces the attack surface and protects sensitive data from interception. Internal communications remain completely isolated from external threats.

2. Improved Performance

Traffic flowing through vSwitch doesn’t incur public network latency. Servers communicate at data center speeds, typically delivering sub-millisecond latency and full gigabit throughput between nodes.

3. Cost Efficiency

Internal traffic through vSwitch is free. You avoid bandwidth costs associated with public network transfers, which can add up quickly for data-intensive applications like database replication or distributed computing.

4. Simple Management

Setting up vSwitch requires minimal networking knowledge. The Hetzner Cloud Console provides an intuitive interface, while the API allows programmatic management for automation workflows.

Common Use Cases

Database Clusters

Connect your primary and replica databases over a private network. This ensures replication traffic never traverses the public internet and maintains consistent low-latency communication between database nodes.

Multi-Tier Applications

Separate your application layers (web servers, application servers, databases) using distinct private networks. This architecture improves security by isolating each tier while maintaining efficient communication.

Microservices Architecture

Deploy microservices on separate servers and connect them through vSwitch. This provides secure inter-service communication while keeping each service isolated from public exposure.

High Availability Clusters

Set up HA configurations for load balancers, storage systems, or any clustered application. vSwitch ensures heartbeat traffic and data synchronization remain reliable and private.

How to Set Up Hetzner vSwitch

For Hetzner Cloud Users

  1. Create the Network: In the Hetzner Cloud Console, navigate to the Networking section and create a new private network.
  2. Configure Subnet: Define your IP range using CIDR notation (e.g., 10.0.0.0/24).
  3. Attach Servers: Add existing cloud servers to your private network or create new servers with network attachment.
  4. Configure IPs: Assign private IP addresses to each server either manually or through DHCP.

For Dedicated Server Users

Dedicated server customers can request vSwitch through Hetzner’s support or robot management panel. The setup involves specifying which servers should be connected and defining the subnet configuration.

Pricing Overview

Hetzner vSwitch pricing is remarkably straightforward:

  • Network Creation: Free
  • Server Attachment: Free
  • Internal Traffic: Free
  • IP Addresses: Free (you can use private RFC 1918 addresses)

This pricing model makes vSwitch an extremely cost-effective solution for internal networking compared to traditional cloud providers that often charge for private networking features.

Important Considerations

  • Network Isolation: vSwitch networks are isolated from each other. If you need cross-network communication, you’ll need additional routing configuration.
  • Single Location: vSwitch currently works within a single Hetzner location. Cross-data center private networking requires VPN solutions.
  • No Internet Egress: Servers on vSwitch still need public IPs if they require internet access. The private network is in addition to, not a replacement for, public networking.

Frequently Asked Questions

Can I connect Hetzner Cloud servers with dedicated servers via vSwitch?

Yes, Hetzner offers the ability to connect cloud servers and dedicated servers through vSwitch, though this may require contacting Hetzner support for configuration assistance.

How many servers can I connect to a single vSwitch?

The practical limit depends on your subnet configuration. With a typical /24 subnet, you can connect up to 254 servers to a single vSwitch network.

Does vSwitch support VLAN tagging?

Hetzner vSwitch operates as a flat Layer 2 network. For VLAN segmentation, you’d need to configure VLAN tagging within your server operating systems.

Is vSwitch available in all Hetzner locations?

vSwitch is available in all major Hetzner data center locations including Falkenstein, Helsinki, and Ashburn. Check Hetzner’s documentation for the most current availability.

Can I resize my private network subnet?

Once created, the subnet CIDR cannot be changed. Plan your network addressing scheme carefully before setting up your vSwitch.

Conclusion

Hetzner vSwitch provides an excellent foundation for building secure, high-performance private networks. Whether you’re running a simple two-server setup or a complex distributed architecture, the feature delivers significant benefits at no additional cost.

The combination of enhanced security, improved performance, and zero internal traffic costs makes vSwitch an essential tool for any serious Hetzner infrastructure. Take advantage of this feature to isolate your services, protect sensitive communications, and optimize your cloud architecture.

Ready to set up your private network? Head to your Hetzner Cloud Console and create your first vSwitch today.

Azon Vault 5877 posts 0 comments
You might also like More from author

Comments are closed, but trackbacks and pingbacks are open.