How to Plan Your Custom VPC Network

A Virtual Private Cloud (VPC) is a private network interface for collections of DigitalOcean resources. VPC networks provide a more secure connection between resources because the network is inaccessible from the public internet and other VPC networks. Traffic within a VPC network doesn't count against bandwidth usage.

When you create a new VPC network, you can specify its size. The size of a network determines how many resources connect to it at once. We offer network sizes from /24 to /16.

You can't resize a VPC network after creation. If you need a larger network, create a new VPC and migrate resources to the new network as needed.

Large Networks Versus Smaller Networks

When planning your network, calculate how many resources will be connected to the network and estimate how many resources might be added to it in the future. Creating a large network to cover all of your contingencies might sound best, but a network with 65534 resources consistently sending traffic to one another can heavily impact the network's performance.

Smaller networks thoughtfully set up to accommodate modest amounts of growth are more desirable than large, potentially noisy networks. If you are using automation to add and remove resources from your network, selecting a larger network size may be a better option to accommodate spikes in your usage.

You can use this table to determine how many usable IPs are available for a specific CIDR prefix on DigitalOcean.

Network Size (CIDR Suffix) Number of Usable IP Addresses
/16 65536
/17 32768
/18 16384
/19 8192
/20 4096
/21 2048
/22 1024
/23 512
/24 256

DigitalOcean Reserved IP Addresses and Ranges

The first IP address in a network is the network ID and the last IP address in a network is the broadcast ID. We reserve these addresses, along with a few others, in each VPC network and subnet for internal use, so account for them in your IP range calculations.

When you create a VPC network using the Configure my own IP range option, the Network Size drop-down menu calculates the actual number of available addresses in your network.

Custom IP range

DigitalOcean also reserves the 10.244.0.0/16, 10.245.0.0/16, and 10.246.0.0/24 IP address ranges for backend operations.

Determine Your IP Range

When creating a custom VPC network, correctly calculating the IP ranges of the network avoids overlapping the IP address ranges with with other VPC networks in your account. The control panel warns you when you enter an overlapping configuration and prevents you from creating the overlapping network.

An IP address network range is represented in CIDR notation, which contains a network routing prefix and its corresponding prefix length (the number after the /). For example, the IPv4 CIDR 192.168.255.0/24 represents the 256 IPv4 addresses from 192.168.255.0 to 192.168.255.255, with the routing prefix being 192.168.255.0 and the prefix length being /24. Your network's routing prefix is the address used to route traffic in and out of the network and the prefix length determines the size of the network.

Each IP address contains four octets of data. Each octet in an IPv4 address represents 8 bits of data. The total sum of all four octets equals 32 bits. When a network IP range is written as a CIDR, the prefix length represents how many bits have been allocated to the network's routing prefix. From the number of remaining bits (32 minus the prefix length), the network's size and IP range can be calculated.

For example, the prefix length of the CIDR 192.168.255.0/24 indicates the first 24 bits (first three octets) of the address have been allocated to the network's routing prefix and the remaining 8 bits (last octet) have been allocated to a range of IP addresses. In this case, the CIDR's range of available IP addresses is 192.168.255.0 to 192.168.255.255 for a total of 256 IP addresses.

In the case of 192.168.250.0/23, the CIDR's first 23 bits have been allocated to the routing prefix, which translates to the first two octets and the first 7 bits of the third octet in the CIDR. The last number in the third octet provides an opportunity to create a network of 512 IP addresses (192.168.250.1 to 192.168.251.254).

DigitalOcean VPC provides several IP address ranges that have been allocated for private networking purposes (RFC 1918):

  • 10.0.0.0 – 10.255.255.255
  • 172.16.0.0 – 172.31.255.255
  • 192.168.0.0 – 192.168.255.255

When you select a prefix from one of these ranges and your VPC network's size, calculate the IP range of the VPC network to avoid overlaps with other networks in your account.

For example, if you choose the prefix 192.168.11.0 with a network size of /24 (256 IP addresses) for your VPC network, the range of available IP addresses in the VPC network is 192.168.11.0 to 192.168.11.255. If you then attempt to create a second VPC network with the prefix and network size 192.168.10.0/23 (512 available IP addresses), you will see an error message, as the new VPC network's range (192.168.10.0 to 192.168.11.255) overlaps with the 256 addresses of the first VPC network.

Other Tools and Resources

You can install the Linux IP address calculation tool ipcalc by running the commands:

sudo apt-get update
sudo apt-get ipcalc