Private networking between regions

  • Posted on January 14, 2015
  • msebelAsked by msebel

Due to the AMS2 connectivity issues yesterday that affected all our droplets, a simple question came to mind (I just couldn’t find anyone posting this before).

We’re running a cluster with multiple failovers on loadbalancing, webserving and database level. That doesn’t help at all if ALL droplets in a datacenter have connectivity issues. Our monitoring that pings our servers every 10-30s is experiencing a lot of networking issues / small latencies that last no more than 10-20s, but mostly on all droplets at the same time. And of course yesterday it happened for 45 minutes. (Imagine furious customers now :-)).

Now, all our servers in AMS3 did’t have any issues. Therefore, is it possible for droplets to communicate with private networking enabled across local regions (AMS2 and AMS3)? We’re thinking about stretching our cluster across two regions, but we would need at least DB-Master/Master clusters to communicate across regions (over private networking).

Show comments

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

any updated on roadmap or when private network cross region will be available? or a wiki how to set it up yourself (via vpn etc…)

is there a plans to provide private networking functionality between regions?

I think the point of private networking is to provide a fast (probably unencrypted) low overhead transport between hosts. I personally would setup a VPN / stunnel or SSH tunnel to traverse the (more) hostile network between datacenters / regions. I think there is some trust in knowing the data traversing within a single DC is likely to be routed through a small amount of infrastructure which is 100% controlled by digital ocean (I’m hoping, I don’t work for DO so I don’t actually know). Routing unencrypted traffic outside DO’s infrastructure should be done with caution. While I think there may be a use for passing unencrypted traffic on a private network between DO sites I feel most customers would not be able to use this configuration due to data privacy / security. I’m setting up separate private networks in different DO zones and using a tinc VPN between the sites for private transfer.