VPC Limits

A Virtual Private Cloud (VPC) is a private network interface for collections of DigitalOcean resources. VPC networks provide a more secure connection between resources because the network is inaccessible from the public internet and other VPC networks. Traffic within a VPC network doesn’t count against bandwidth usage.


Limits

  • We do not support VPC networks between resources in different datacenter regions.

  • You cannot migrate load balancers or Kubernetes clusters between VPC networks. Droplets can be migrated between networks using snapshots, and databases can be directly migrated in their Settings tab.

  • VPC network ranges cannot overlap with the ranges of other networks in the same account. The IP ranges available for VPC networks are the same as those outlined in RFC 1918.

  • VPCs do not support multicast, broadcast, or jumbo frames (Ethernet frames with more than 1500 bytes of payload).

  • Resources do not currently support multiple private network interfaces and cannot be placed in multiple VPC networks.

  • We reserve a few addresses in each VPC network and subnet for internal use, including the network ID and the broadcast ID.

  • The 10.244.0.0/16, 10.245.0.0/16, and 10.246.0.0/24 IP address ranges are reserved in all regions for DigitalOcean internal use. We also reserve the following IP ranges in these regions:

    Region Reserved Range
    AMS1 10.11.0.0/16
    AMS2 10.14.0.0/16
    AMS3 10.18.0.0/16
    BLR1 10.47.0.0/16
    FRA1 10.19.0.0/16
    LON1 10.16.0.0/16
    NYC1 10.10.0.0/16
    NYC2 10.13.0.0/16
    NYC3 10.17.0.0/16
    SFO1 10.12.0.0/16
    SFO2 10.46.0.0/16
    SFO3 10.48.0.0/16
    SGP1 10.15.0.0/16
    TOR1 10.20.0.0/16

Known Issues

  • When creating new resources, the VPC Network drop-down menu on the create page can only list up to 50 VPC networks. We are working to increase this limit.