Question

How are droplets isolated on the network when they share a subnet

Posted January 6, 2021 542 views
SecurityNetworking

I am concerned that broadcasted information may result in information leakage. Can you please explain the technology used to isolate DO droplets from each other.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
1 answer

Your private network in DigitalOcean is a VPC, which is a completely private virtual private network that is only available to your account that you have control over in terms of designating subnets and which resources have access to it.

Private networking is completely segmented on a per account basis and is not overlapped in anyway with any other accounts, thus it is entirely private.

You can also find additional documentation here:
https://www.digitalocean.com/docs/networking/vpc/

  • I am referring to the WAN interface which as I understand is not a VPC. The shared subnet is a public /23 WAN ip address

    • The public IP is just that public, which means that everyone on the public subnet if they are using broadcast traffic is sending information to everyone else on that same subnet.

      If you are using a service, like ElasticSearch, which uses broadcast traffic to find and merge with information with other ElasticSearch servers that should always be configured on a private IP address and on a private VPC.