Is encryption required on shared private networking?

September 2, 2015 2.8k views
Security Load Balancing DigitalOcean Firewall Networking MySQL Ubuntu

So I need to scale out my web application, but I need to ensure the data between my droplets stays private. All the tutorials on Digital Ocean only describe setting iptables to limit who can access you droplets. My question is, shouldn't encryption be used for communication between nodes as well as iptables? So that no third party droplet can eaves drop on the conversation between nodes? I don't see that discussed at all as a best practice. If it isn't needed, can someone fill me in as why this wouldn't be needed. My biggest concern is SSL on MySql kills performance by between 15-25% and if someone can tell me it isn't needed that would be great.

4 comments
2 Answers

This question was answered by @CrypticDesigns:

I am not sure if its needed, don't know the infrastructure. But an article has been posted earlier about this:
https://www.digitalocean.com/community/questions/private-networking-for-databse-server-or-public-network

View the original comment

I know this is old, but others might still find it (as I just did).

Soon, not any more, see:

https://www.digitalocean.com/community/tutorials/digitalocean-private-networking-faq

Beginning in June of 2018, communication over DigitalOcean Private Network IPs will be isolated within the account or team where they were created. For most users, this security enhancement requires no action. All Droplets that were provisioned with Private Networking will continue to be able...
Have another answer? Share your knowledge.