VPC Limits

A Virtual Private Cloud (VPC) is a private network interface for collections of DigitalOcean resources. VPC networks are inaccessible from the public internet and other VPC networks, and traffic on them doesn’t count against bandwidth usage. You can link VPC networks to each other using VPC peering connections.


Limits

  • We do not support individual VPC networks that span between datacenter regions. To privately connect resources between two datacenter regions, create a VPC peering between VPC networks in each region.

  • VPC networks only support up to 10,000 resources, even if the subnet size allows for more.

  • You cannot migrate load balancers or Kubernetes clusters between VPC networks. Droplets can be migrated between networks using snapshots, and databases can be directly migrated in their Settings tab.

  • VPC network ranges cannot overlap with the ranges of other networks in the same account. The IP ranges available for VPC networks are the same as those outlined in RFC 1918.

  • VPCs do not support multicast, broadcast, or jumbo frames (Ethernet frames with more than 1500 bytes of payload).

  • Resources do not currently support multiple private network interfaces and cannot be placed in multiple VPC networks.

  • Apps deployed on App Platform are not connected to VPC networks. This includes connections between apps and DigitalOcean Managed Databases. See How to Manage Databases in App Platform for detailed instructions about how to connect apps to databases.

  • We reserve a few addresses in each VPC network and subnet for internal use, including the network ID and the broadcast ID.

  • The 10.244.0.0/16, 10.245.0.0/16, and 10.246.0.0/24 IP address ranges are reserved in all regions for DigitalOcean internal use. We also reserve the following IP ranges in these regions:

    Region Reserved Range
    AMS1 10.11.0.0/16
    AMS2 10.14.0.0/16
    AMS3 10.18.0.0/16
    BLR1 10.47.0.0/16
    FRA1 10.19.0.0/16
    LON1 10.16.0.0/16
    NYC1 10.10.0.0/16
    NYC2 10.13.0.0/16
    NYC3 10.17.0.0/16
    SFO1 10.12.0.0/16
    SFO2 10.46.0.0/16
    SFO3 10.48.0.0/16
    SGP1 10.15.0.0/16
    TOR1 10.20.0.0/16

VPC Peering Limits

  • Droplets created before 2 October 2024 require manual updates to enable VPC peering traffic. See How to Update Droplet Routes to Enable VPC Peering for instructions.

  • DOKS worker nodes created before 2 October 2024 require recycling to enable VPC peering.

  • DOKS worker nodes created on a non-peered VPC network require recycling to enable VPC peering when a new peering connection is added for the first time. Subsequent peering connections work automatically.

  • VPC peering between datacenters is not available in BLR1.

Known Issues

  • When creating new resources, the VPC Network drop-down menu on the create page can only list up to 50 VPC networks. We are working to increase this limit.