Documentation

Private Networks

Private networks allow secure, isolated communication between your DanubeData resources without exposing traffic to the public internet. This guide covers setup, configuration, and best practices for private networking.

Overview

Private networks provide:

  • Isolated Communication: Traffic never leaves the datacenter
  • High Performance: 10 Gbps+ bandwidth, sub-millisecond latency
  • Zero Cost: No charges for private network traffic
  • Enhanced Security: No exposure to internet threats
  • VLAN Isolation: Network-level isolation between tenants

Use Cases

Database Connectivity

Connect application servers to databases securely:

VPS (Public) ← Users
    ↓ (Private Network)
Database (Private only)

Benefits:

  • Database not exposed to internet
  • Free bandwidth for database queries
  • Lower latency
  • Enhanced security

Multi-Tier Applications

Separate tiers on private network:

Load Balancer (Public)
    ↓ (Private Network)
Web Servers (Public + Private)
    ↓ (Private Network)
App Servers (Private only)
    ↓ (Private Network)
Database (Private only)

Microservices

Connect microservices internally:

  • Service-to-service communication on private network
  • API gateway on public network
  • Internal services on private network only
  • Reduced latency and cost

Creating Private Networks

Via Dashboard

  1. Navigate to Networking > Private Networks
  2. Click Create Private Network
  3. Configure:
    • Name: Descriptive name (e.g., "production-internal")
    • Region: Select datacenter
    • Description: Optional description
  4. Click Create

Network will be ready immediately.

Network Details

Each private network includes:

  • Network ID: Unique identifier
  • CIDR Block: Private IP range (e.g., 10.0.1.0/24)
  • Gateway: Network gateway address
  • DNS: Private DNS resolution

Attaching Resources

Attach VPS Instance

  1. Go to VPS instance
  2. Click Networking tab
  3. Click Attach to Private Network
  4. Select private network
  5. Click Attach

Instance will receive private IP within 10-45 seconds.

Attach Database

  1. Go to Database instance
  2. Click Networking tab
  3. Click Enable Private Network
  4. Select private network
  5. Click Enable

Database will get private endpoint.

Attach Cache

Same process as database:

  1. Navigate to Cache instance
  2. Enable private networking
  3. Select network
  4. Use private endpoint for connections

Connecting via Private Network

Using Private IP Addresses

Each resource gets a private IP:

VPS-1: 10.0.1.10
VPS-2: 10.0.1.11
Database: 10.0.1.20
Cache: 10.0.1.30

Application Configuration

Web Application to Database

# Use private IP for database connection
DATABASE_HOST = '10.0.1.20'  # Private IP
DATABASE_PORT = 5432
DATABASE_NAME = 'myapp'

# Instead of public host
# DATABASE_HOST = 'db-postgres-123456.danubedata.com'

Laravel Configuration

// .env
DB_HOST=10.0.1.20  # Private IP instead of public hostname
DB_PORT=5432
DB_DATABASE=myapp
DB_USERNAME=dbuser
DB_PASSWORD=password

Node.js Configuration

const config = {
  database: {
    host: '10.0.1.20', // Private IP
    port: 5432,
    database: 'myapp'
  },
  redis: {
    host: '10.0.1.30', // Private IP
    port: 6379
  }
};

Private DNS

Automatic DNS Resolution

Resources on private network can be resolved by name:

# Instead of using IP
ping 10.0.1.20

# Use hostname
ping db-postgres-123456.internal

Private DNS automatically configured for all attached resources.

Private Hostnames

Format: {resource-name}.internal

Examples:

  • web-server-1.internal
  • db-postgres-123456.internal
  • redis-cache-123456.internal

Network Configuration

Checking Private Network

On Linux VPS:

# List network interfaces
ip addr show

# Should see private interface (e.g., eth1)
# 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP>
#     inet 10.0.1.10/24 brd 10.0.1.255 scope global eth1

# Test connectivity
ping 10.0.1.20

# Check routing
ip route show

Firewall Configuration

Private network traffic bypasses firewalls by default, but you can still control access:

  1. Navigate to Networking > Firewalls
  2. Create rules for private network CIDR
  3. Apply to specific resources

Example: Allow only database port from private network:

Source: 10.0.1.0/24
Protocol: TCP
Port: 5432
Action: Allow

Multiple Private Networks

You can create multiple isolated networks:

Use Cases

Environment Separation:

- production-network (10.0.1.0/24)
- staging-network (10.0.2.0/24)
- development-network (10.0.3.0/24)

Application Separation:

- app1-network (10.0.10.0/24)
- app2-network (10.0.20.0/24)

Tier Separation:

- web-tier (10.0.1.0/24)
- app-tier (10.0.2.0/24)
- data-tier (10.0.3.0/24)

Connecting Networks

Resources cannot communicate across different private networks by default. To enable:

  1. Use a gateway VPS attached to both networks
  2. Configure routing/NAT on gateway
  3. Or use public network for cross-network communication

Performance

Throughput

  • Up to 10 Gbps: Internal network bandwidth
  • No Throttling: Consistent performance
  • Zero Cost: Unlimited free traffic

Latency

  • < 1ms: Within same datacenter
  • Consistent: No internet routing delays

Benchmarking

Test private network performance:

# Install iperf3
apt-get install iperf3

# On server (10.0.1.10)
iperf3 -s

# On client (10.0.1.11)
iperf3 -c 10.0.1.10

# Expected results:
# [ ID] Interval           Transfer     Bitrate
# [  5]   0.00-10.00  sec  11.2 GBytes  9.62 Gbits/sec

Security Best Practices

Isolate Sensitive Resources

  • Keep databases on private network only
  • Don't expose internal services publicly
  • Use jump boxes for administrative access
  • Segment by environment or application

Principle of Least Privilege

  • Only attach necessary resources to each network
  • Use multiple networks for isolation
  • Firewall rules for additional control
  • Regular security audits

Monitoring

  • Monitor private network traffic
  • Alert on unusual patterns
  • Log access to sensitive resources
  • Regular vulnerability scanning

Troubleshooting

Cannot Reach Private IP

Check attachment:

# Verify private IP assigned
ip addr show eth1

# If no private IP, check dashboard
# Resource should show "Connected" to private network

Check routing:

# Verify route exists
ip route | grep 10.0.1.0

# Should see:
# 10.0.1.0/24 dev eth1 proto kernel scope link src 10.0.1.10

Test connectivity:

# Ping other resource
ping 10.0.1.20

# If fails, check:
# - Both resources attached to same network
# - Both resources in same datacenter
# - No firewall rules blocking

Slow Performance on Private Network

Check network interface:

# Verify link is up and speed
ethtool eth1

# Should show:
# Speed: 10000Mb/s
# Duplex: Full
# Link detected: yes

Monitor bandwidth:

# Install iftop
apt-get install iftop

# Monitor traffic
iftop -i eth1

Private DNS Not Resolving

Check DNS configuration:

# View DNS config
cat /etc/resolv.conf

# Should include DanubeData DNS
# nameserver 10.0.0.1

Test resolution:

# Test private hostname
nslookup db-postgres-123456.internal

# If fails, use IP address directly
# Contact support if DNS needed

Related Documentation