How To Set Up And Use DigitalOcean Private Networking
DigitalOcean now offers shared private networking in NYC2. All new droplets created in NYC2 have the option of using private networking; it can be activated by choosing the checkbox called "Private Networking" in the settings section of the droplet create page. If you already have a server in NYC2 set up without private networking, you can refer to this tutorial, which covers how to enable private networking on existing droplets.
Droplets that have the private networking enabled are then able to communicate with other droplets that have that interface as well. The shared private networking on DigitalOcean droplets is represented by a second interface on each server that has no internet access.
This article will cover finding a droplet's private network address, transferring a file via the private network, and updating the /etc/hosts file.
Step One — Create Droplets with Private Networking
At this point, in order to take advantage of the private networking, you do need to create new servers in NYC2. In this tutorial, we will refer to two droplets: pnv1 (111.222.333.444) and pnv2 (123.456.78.90).
Go ahead and create both, enabling the Private Networking on the droplet create page.
Step Two — Find your Private Network Address
Once both servers have been spun up, go ahead and log into one of them:
Once you are logged into the server, you can see the private address with
The output of the command is displayed below:
eth0 Link encap:Ethernet HWaddr 04:01:06:a7:6f:01 inet addr:123.456.78.90 Bcast:123.456.78.255 Mask:255.255.255.0 inet6 addr: fe80::601:6ff:fea7:6f01/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:168 errors:0 dropped:0 overruns:0 frame:0 TX packets:137 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:18903 (18.9 KB) TX bytes:15024 (15.0 KB) eth1 Link encap:Ethernet HWaddr 04:01:06:a7:6f:02 inet addr:10.128.2.25 Bcast:10.128.255.255 Mask:255.255.0.0 inet6 addr: fe80::601:6ff:fea7:6f02/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:6 errors:0 dropped:0 overruns:0 frame:0 TX packets:5 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:468 (468.0 B) TX bytes:398 (398.0 B) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
The section to note here is
eth1 and within that
inet addr. In this case, the private network address is 10.128.2.25. This address is only accessible from other other servers in the NYC2 region that have private networking enabled.
Step Three — Transfer a File Between Servers with Private Networking
As you have both of your servers set up, you can now begin to take advantage of the private networking. Below we'll show how you can rsync a file across the private network.
While still logged into pnv2, create a new file that we will transfer:
Once the file has been created, let's go ahead and transfer it to pnv1 with rsync across the private network:
rsync -va test_file 10.128.1.70:/tmp
When you use this command, you will most likely see a request for a password:
[email protected]'s password:
While you can use a password there, it would be much more secure to have one server's key on the other to make the transfer work. We have a tutorialhere on how to set up SSH keys.
Whether you use a password or ssh keys in your file transfer, once it has completed, you should see output similar to this:
sent 73 bytes received 31 bytes 18.91 bytes/sec total size is 0 speedup is 0.00
Log in on server pnv1:
While logged in, you will be able to see that the test file is indeed on the new server:
Step Four — Add an Entry to /etc/hosts
Another helpful step to take when using the private networking is to set up your
/etc/hosts file with a hostname that you'd like to use to connect to another server via the private network address. Doing this will allow you to connect across the private network without typing the droplet's private network address each time.
To do this, first go ahead and open the /etc/hosts file. (I'll be using nano as my text editor in this example, but you can choose whichever you prefer):
Within the file include the private network address of the server that you want to the connect to and the hostname by which you'd like to call it:
127.0.0.1 localhost pnv2 10.128.2.18 pnv1 # The following lines are desirable for IPv6 capable hosts ::1 ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters
You can disregard the information on IPv6 in the file at this time. Save and exit out of that file.
Step Five — Finishing Up
You are now all set to connect across the private network. You can confirm that the changes to your hosts file have taken effect by pinging the added server:
PING pnv1 (10.128.2.18) 56(84) bytes of data. 64 bytes from pnv1 (10.128.2.18): icmp_req=1 ttl=64 time=0.742 ms 64 bytes from pnv1 (10.128.2.18): icmp_req=2 ttl=64 time=0.395 ms 64 bytes from pnv1 (10.128.2.18): icmp_req=3 ttl=64 time=0.368 ms 64 bytes from pnv1 (10.128.2.18): icmp_req=4 ttl=64 time=0.361 ms