Right now the regions have a limitation on source and destination IP checking. This is great to prevent spoofing.
However, in building out a larger installation and network, I would want to join together separate regions using secure tunnels that would allow machines to talk to their private interfaces across regions.
The VPN setup, ip forwarding and routing is all doable right now. However the source/destination checks prevent this from fully working.
It would be simple to still have source/destination check minus the known private IP ranges of the DO regions. This would allow customers to build out their own network of connected regions.