How secure is private networking?

October 1, 2017 3.4k views
Networking Security CoreOS

If I have a docker swarm cluster communicating over the private networking feature of Digital Ocean, is that traffic able to be seen by all of the droplets in the region? For example, can a droplet owned by another digital ocean user attempt to join my swarm cluster? In general, how "private" is the private traffic.

Also, can a droplet from one region talk to a droplet in another region if both droplets are owned by the same account?

2 Answers
sdayman October 1, 2017
Accepted Answer

BEGIN MODERATOR EDIT:

As of July 2018, communication over DigitalOcean private networking is isolated to the resources within a single DigitalOcean account or Team. A Droplet owned by another DigitalOcean account has zero access to your account's private networking.

In July 2018, Private Networking on DigitalOcean was updated to isolate communication over DigitalOcean Private Network IPs to resources within the account or team where they were created. For more information, see the release notes: DigitalOcean Private Networking Changes Scheduled for July 2018

The original discussion on this page is no longer accurate.

END MODERATOR EDIT:

"Private" really just means internal to that datacenter. So it's not all that private.~

And no, it's only that datacenter. Private Networks don't extend across datacenters.

Read the tutorial below and skim the comments. There's a lot of discussion there.

https://www.digitalocean.com/community/tutorials/how-to-set-up-and-use-digitalocean-private-networking

edited by aha
  • Wow! So you're telling me that the free WiFi at Starbucks has better security than DigitalOcean private networking. Each account should at least be on its own private subnet.

    I hope everyone is encrypting the database connections for their web apps. :)

by Rafael Rosa
Beginning in June of 2018, communication over DigitalOcean Private Network IPs will be isolated within the account or team where they were created. For most users, this security enhancement requires no action. All Droplets that were provisioned with Private Networking will continue to be able...
Have another answer? Share your knowledge.