VPC

Validated on 28 April 2020 • Posted on 7 April 2020

A Virtual Private Cloud (VPC) is a private network interface for collections of DigitalOcean resources. VPC networks provide a more secure connection between resources because the network is inaccessible from the public internet and other VPC networks. Traffic within a VPC network doesn’t count against bandwidth usage.

Note

On 7 April, 2020, the VPC service replaced the Private Networking service.

Plans and Pricing

VPC is available at no additional cost.

Traffic between your resources inside of a VPC network does not count against your bandwidth billing transfer allowance. Traffic from one VPC network to another VPC network uses a public interface and does count against your bandwidth allowance.

VPC networks can vary in size from /24 up to /16. The default size is /20.

Regional Availability

VPC is available in all regions.

Features

A Virtual Private Cloud (VPC) is a private network interface for collections of DigitalOcean resources. VPC networks are private networks that contain collections of resources that are isolated from the public internet and other VPC networks within your account, project or between teams in the same datacenter region. This means your resources, such as Droplets and databases, can reside in a network that is only accessible to other resources in the same network.

You can use VPC networks to organize and isolate resources into a more secure infrastructure for your applications, execution environments, and tenancies. VPC networks also give you more control over your infrastructure’s networking environment: you can select your network’s IP range, set up cloud firewalls, and configure internet gateways.

You can create a variety of new resources in a VPC network, but you can’t migrate all kinds of resources between networks. The following table lists Digitalocean resources compatible with VPC networks and which ones support migration:

Resource Type	Create within VPCs	Migrate between VPCs
Droplets	Creation supported.	Migration supported using snapshots.
Managed databases	Creation supported.	Native migration supported.
Kubernetes clusters	Creation supported.	Not supported.
Load balancers	Creation supported.	Not supported.
Spaces	Not applicable.	Not applicable.
Volumes	Not applicable.	Not applicable.

Note

Cloud Firewalls affect both public and VPC network traffic. Rules specific to either must specify the public or private IP range.

Limits

We do not support VPC networks between resources in different datacenter regions.
You cannot migrate load balancers or Kubernetes clusters between VPC networks. Droplets can be migrated between networks using snapshots, and databases can be directly migrated in their Settings tab.
VPC network ranges cannot overlap with the ranges of other networks in the same account. The IP ranges available for VPC networks are the same as those outlined in RFC 1918.
VPCs do not support multicast, broadcast, or jumbo frames (Ethernet frames with more than 1500 bytes of payload).
Resources do not currently support multiple private network interfaces and cannot be placed in multiple VPC networks.
We reserve a few addresses in each VPC network and subnet for internal use, including the network ID and the broadcast ID.

The 10.244.0.0/16, 10.245.0.0/16, and 10.246.0.0/24 IP address ranges are reserved in all regions for DigitalOcean internal use. We also reserve the following IP ranges in the these regions:

Region	Reserved Range
AMS1	10.11.0.0/16
AMS2	10.14.0.0/16
AMS3	10.18.0.0/16
BLR1	10.47.0.0/16
FRA1	10.19.0.0/16
LON1	10.16.0.0/16
NYC1	10.10.0.0/16
NYC2	10.13.0.0/16
NYC3	10.17.0.0/16
SFO1	10.12.0.0/16
SFO2	10.46.0.0/16
SFO3	10.48.0.0/16
SGP1	10.15.0.0/16
TOR1	10.20.0.0/16

Known Issues

When creating new resources, the VPC Network drop-down menu on the create page can only list up to 50 VPC networks. We are working to increase this limit.

Latest Updates

26 October 2020

You can now change the default VPC network for a region. When you change the default VPC network for a region, the new default network will be automatically selected during applicable resource set ups unless otherwise specified.

1 October 2020

All Droplets created after 1 October 2020 are placed into a VPC network by default. You can no longer manually enable VPC networking on existing Droplets. You can migrate existing Droplets into VPC networks using Snapshots.

12 May 2020

The SFO3 datacenter region is now available.

For more information, see all VPC release notes.