One place for hosting & domains


      Assign a Compute Instance to a VPC

      VPCs enable private communication between Compute Instances within a data center and are a critical component of many application architectures. Follow the instructions within this guide to add both new and existing Compute Instances to a VPC.

      There are three main ways to assign a Compute Instance to a VPC:


      • VPCs, along with VLANs and the public internet, are configured as network interfaces within a Compute Instance’s configuration profile. These network interfaces are configured automatically when creating a Compute Instance with a VPC or when interacting with the VPC directly to assign and remove existing Compute Instances. You can also edit the Configuration Profile directly to manually configure these network interfaces to suit specific use cases. Manually editing a Configuration Profile on a Compute Instance is typically the preferred way to assign a VPC to an existing instance.

      • VPC resources requiring public internet access should be configured as a 1:1 NAT or use a forward proxy. It is not recommended to configure a separate network interface with public internet access (in addition to the VPC interface).

      • Compute Instances can only be assigned to a single subnet of a single VPC, though they can communicate with other instances on any subnet within the same VPC. Multiple VPC interfaces on an instance are not allowed.

      • If an existing Compute Instance is added or removed from a VPC, the instance needs to be rebooted for the changes to go into effect.

      Configuration Options

      When assigning both new and existing Compute Instances to a VPC, the following settings can be configured:

      • VPC: Multiple VPCs can be configured in a data center, but each Compute Instance can only be assigned to a single VPC.

      • Subnet: When a Compute Instance is assigned to a VPC, it also needs to be assigned a subnet. A subnet defines a collection of related instances and has its own RFC1918 IPv4 range (in CIDR format).

      • VPC IPv4 address: This is the IPv4 address of the Compute Instance within the private network of the subnet. It must be within the CIDR range defined in the subnet. The address can be automatically generated or manually entered.

        When manually entering the IP address, do not use the first two or last two IP addresses within the subnet’s defined IPv4 range. These are non-host IP addresses and are set aside for routing and other features.

      • Public internet connectivity: By default, Compute Instances with a VPC cannot communicate over the public internet. To facilitate internet access, enable the Assign a public IPv4 address for this Linode option, which configures a 1:1 NAT on the VPC interface. This enables routing internet traffic over your Compute Instance’s public IP addresses.

      • Additional IPv4 ranges: You can assign additional IPv4 ranges that can be used to reach this Compute Instance and/or the services running on it. For example, you may wish to assign additional IPv4 ranges to directly expose Docker containers to the VPC.

      These settings are referenced in the workflows below.

      Assign a New Compute Instance to a VPC

      When creating a new Compute Instance, you have the option to assign it to an existing VPC. For complete instructions, review the Assign to a VPC section of the Create a Compute Instance guide for instructions.

      If a Compute Instance is created with a VPC, the VPC is automatically enabled on the eth0 network interface. No other network interfaces are configured. An exception to that is if the Compute Instance is also configured with a Private IP address (which is not recommended). In this case, the eth1 network interface is configured as Public Internet.