View All Products
Compute
Storage
Databases
Networking
Developer Tools
Delivery
Security
Services
Industries
Pricing
Community
Engage With Us
Community Questions How private is the "Private" network?
Log in to Ask a Question

How private is the "Private" network?

networking

I've got two Linodes, web1 and web2. I've just enabled the private network on both hosts, which seems to work fine.

As I migrate services from web1 to web2, I'd like to know how much privacy I can expect on the "private" network. Do y'all encrypt traffic between your hosts, even when using the private network? My goal is to rebuild web1 and I'm not keen on putting OpenVPN on web2, so I'd be considering service-specific encryption like MySQL + TLS, but I won't bother if it's not necessary.

Is the Private network safe enough that I could send plaintext over the wire, or should I treat it like the public network? Can other hosts sniff the traffic or attempt to steal my private IP? Apologize if I'm missing this in the docs, I did look around but didn't see any deep dive into the private network.

3 Replies

Other Linodes aren't going to be able to spoof your IP or sniff your traffic - however, all Linodes on the private network within a given datacenter are on the same network, so in a sense it is not fully private. If you have services listening on a private IP in Newark, and I scan that address from one of my Newark Linodes (that also has a private IP), I can see what ports you're running things on, etc.

If you're worried though, you should consider firewalling + some kind of service-level encryption.

The most important issue for me, is traffic sniffing because the load balancer (haproxy) terminates SSL connections there. The rest (open ports) are irrelevant because everything is behind firewalls that allow connections from known private IP addresses.

It is very easy to use Ansible for updating a list of private IP addresses within the firewall of each server.

It is not possible for Linodes to receive traffic that is not destined for them, so the only one able to sniff your traffic is Linode. But as smallclone says, if you're worried, you can always encrypt your traffic.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct