Private networking creates a second network interface for Droplets that can only be accessed by the other Droplets and DigitalOcean Load Balancers in the same account or team. The private network is unreachable from the internet and traffic on it doesn't count against bandwidth usage.
Private networking is available for Droplets at no additional cost.
Traffic over private networks does not count against your bandwidth billing transfer allowance.
Private networking is available for Droplets in all regions.
Private networking isolates communication to an account or team's Droplets. It's useful when you want transfer data safely between servers or reduce outbound bandwidth usage, like when protecting database traffic or transferring log files to a central location.
If you add Droplets with private networking enabled to a DigitalOcean Load Balancer, the load balancer will use the private network to connect to them.
We do not support private networking between Droplets in different datacenter regions.
Multicast and broadcast are not available within the private network.
Traffic is restricted to the private network. Incoming packets from any source other than the private network are silently discarded at the network level.
Currently, traffic on the private network applies MAC address origin checks. This prevents the use of Droplets as gateways between the private and public networks.
Private networking only supports IPv4 addresses, not IPv6.
DigitalOcean Managed Databases now support private networking. New database clusters will provision with private networking enabled. Existing clusters will require an update to connect over the private network.
With the release of private networking isolation in NYC3, private networks are restricted to each user account in all regions.
Private networking isolation was released in the NYC2 datacenter.
Private networking isolation was released in the NYC1 datacenter.
For more information, see all Private Networking release notes.