Scalable compute services.
Simple object storage.
Run managed Kubernetes clusters.
Tools & Integrations
Automate your infrastructure.
Deploy pre-built applications.
Connect, share and learn
DevOps and development guides
Questions & Answers
Development and systems Q&A
by Justin Ellingwood
Would be nice to have VLANs between instances
The "followup-idea", what Michael Wangerin mentioned is here:https://ideas.digitalocean.com/ideas/NETSECX-I-5
For everyone who commented on this issue and feels like it was not resolved with what DO "shipped", I have created a new idea on this topic with clearer definition of an acceptable solution: https://ideas.digitalocean.com/ideas/DO-I-2662
This has been a thorn in my side as well; DigitalOcean really needs to improve their private networking options! Please :)
Private networks do behave as L2 networks between Droplets, which was the original request. We are constantly working on improving them, like the update we did last year to fully isolate customers and we are still working on more improvements, but the request was delivered.
Besides that, we do appreciate some civility on the comments.
This idea did not ship in 2013. A flat internal Network shipped in 2013.
This is private networks between droplets managed by individual customers. If you are claiming victory over your old product then you should not be an admin here. These features are not the same. Re open this or delete it but don't waste out time lying.
This feature was shipped back in 2013 https://blog.digitalocean.com/introducing-private-networking/
Unfortunately during the migration of the idea website these comments lost their original timestamps. For more information about Private Networking, see https://blog.digitalocean.com/introducing-private-networking/
Don't forget cross datacenter private networks! https://ideas.digitalocean.com/ideas/DO-I-1620
@Moisey Uretsky I think pay-for-VLAN is fair, but to my previous comment, built-in spanning between DC/Regions. Add a simple VPN (say, openvpn) to the private network and you have a winner
+1 for bridged VLANs between regions too.
This is absolutely huge
We are investigating offering customers private vlans for private networking but there are switching limitations on the number of available vlans which may cause an issue down the road.
Is there any suggestions on what users can do if we have multiple machines?
I plan on running multiple instances over time. I have three types of images: Web services, a DB, and a worker. How would you suggest we set something like that up right now if we have machines that talk to each other a lot?
If the number of available VLANs is going to be problematic, how about just offering single private IP space? In other words, VMs are given 2 addresses (public IP and private IP) and all private IPs are accessible within the same datacenter - for instance, User A's 192.168.1.1 can talk to User B's 192.168.1.2. Less than ideal but that's what Linode does. Food for thought.
You are right about the vlan limitations so we're still debating which direction to head with that.
Given vlan limitations if we implement it there may be a small monthly charge for that, would people be open to that?
I would be open to it, but please think about how you are charging for bandwidth. Does this internal traffic count too? if so, then please don't double charge me.
Also, if I want to setup some load balancing myself and put some light weight $5 servers in front, I would I be charge for any extra bandwidth usage from the sum of all my servers, or from just the public facing servers. In other words, I don't want to be limited to 1TB transfer because I have a light weight server in front of my site.
You dont have a limit to 1TB, is this unclear in the language, perhaps we can improve it some how to make it clearer? This is just the amount of bandwidth that is included and whatever is over that you will be charged at $0.02 cents.
There would be no charge for internal traffic which is part of the reason customers request it.
As for a vlan charge its just because of networking costs involved and limitations there.
I'm aware there isn't a limit, just an additional charge if I go over. That is why I wonder are you going to pool my transfer quote from all my droplets or are they separate? This can become problematic I'd I setup a load balancer infront of my servers because I would like to use a $5 server but it has the smallest quota. I would have other servers with allocated bandwidth that aren't being used yet I would still get charged if it isn't pooled.
Bandwidth will be pooled account wide for your virtual servers so you don't have to worry about sizing.
Here's my idea:
- Since VLAN needs some resource in your backplane, you can charge for it - we certainly pay extra $$ for such flexible networking features.
- But also consider offering single private IP space for free, for those who don't need to assemble hundreds of servers. They just need unmetered traffic between their own servers, and use ufw / iptables or whatever to secure them. Start with this dead simple feature as not having it would be no go for quite a few customers. The Lean Startup Way. :)
Linode shows 4 items in their bandwidth usage graph - outgoing public, incoming public, outgoing private and incoming private.
A typical database server would look like this:
Bunch of private IP traffic, zero public transportation.
You won't be notified about changes to this idea.