home / skills / bobmatnyc / claude-mpm-skills / digitalocean-networking

digitalocean-networking skill

safe

/toolchains/platforms/deployment/digitalocean-networking

This skill helps you design and secure DigitalOcean networks by configuring VPCs, firewalls, load balancers, DNS, IPv6, and NAT.

npx playbooks add skill bobmatnyc/claude-mpm-skills --skill digitalocean-networking

Review the files below or copy the command above to add this skill to your agents.

Files (2)

SKILL.md

3.6 KB

---
name: digitalocean-networking
description: DigitalOcean networking services including VPC, firewalls, load balancers, reserved IPs, DNS, IPv6, and NAT gateway. Use when designing or securing network connectivity for DigitalOcean workloads.
progressive_disclosure:
  entry_point:
    summary: "DigitalOcean networking services including VPC, firewalls, load balancers, reserved IPs, DNS, IPv6, and NAT gateway. Use when designing or securing network connectivity for DigitalOcean workloads."
    when_to_use: "When working with version control, branches, or pull requests."
    quick_start: "1. Review the core concepts below. 2. Apply patterns to your use case. 3. Follow best practices for implementation."
---
# DigitalOcean Networking Skill

---
progressive_disclosure:
  entry_point:
    summary: "DigitalOcean networking: VPC, firewalls, load balancers, reserved IPs, DNS, IPv6, NAT gateway."
    when_to_use:
      - "When designing private networks or segmentation"
      - "When securing inbound and outbound traffic"
      - "When configuring load balancing and DNS"
    quick_start:
      - "Create a VPC for private traffic"
      - "Apply firewalls to compute"
      - "Attach load balancers and reserved IPs"
      - "Configure DNS records"
  token_estimate:
    entry: 90-110
    full: 3800-5000
---

## Overview

DigitalOcean networking services secure and control traffic with VPC networking, firewalls, load balancing, DNS, IPv6, and reserved IPs.

## VPC

Use VPC to create private network segments for Droplets, Kubernetes, and managed databases.

- Create a VPC in the same region as compute resources.
- Attach resources that need private communication.

## Firewalls

Use stateful firewalls to restrict inbound and outbound traffic.

- Define inbound and outbound rules by protocol and port.
- Apply rules to Droplets and other resources.

## Load Balancers

Use load balancers to distribute traffic across backend resources.

- Configure health checks and target pools.
- Terminate TLS and forward to backend services.

## Reserved IPs

Use reserved IPs to keep stable public endpoints.

- Assign reserved IPs to Droplets.
- Remap IPs during failover or migration.

## DNS and IPv6

- Manage DNS records for DigitalOcean and external resources.
- Enable IPv6 for dual-stack support.

## NAT Gateway

Use NAT Gateway for outbound connectivity from private subnets.

## Networking Workflow

- Create a VPC per environment.
- Attach compute and databases to the VPC.
- Apply firewalls to limit inbound access.
- Add load balancers for public entry points.
- Configure DNS and reserved IPs for stable routing.

## Complementary Skills

When using this skill, consider these related skills (if deployed):

- **digitalocean-compute**: Droplets, App Platform, and Kubernetes placement.
- **digitalocean-managed-databases**: Private database connectivity.
- **digitalocean-management**: Monitoring and uptime checks.

*Note: Complementary skills are optional. This skill is fully functional without them.*

## Resources

**DigitalOcean Docs**:
- Networking: https://docs.digitalocean.com/products/networking/
- VPC: https://docs.digitalocean.com/products/networking/vpc/
- Firewalls: https://docs.digitalocean.com/products/networking/firewalls/
- Load Balancers: https://docs.digitalocean.com/products/networking/load-balancers/
- Reserved IPs: https://docs.digitalocean.com/products/networking/reserved-ips/
- DNS: https://docs.digitalocean.com/products/networking/dns/
- IPv6: https://docs.digitalocean.com/products/networking/ipv6/
- NAT Gateway: https://docs.digitalocean.com/products/networking/vpc/how-to/create-nat-gateway/

Overview

This skill covers DigitalOcean networking services including VPCs, stateful firewalls, load balancers, reserved IPs, DNS, IPv6, and NAT gateways. It helps you design, secure, and operate network connectivity for Droplets, Kubernetes, and managed services. Use it to build private segmentation, public entry points, and stable routing for production workloads.

How this skill works

The skill inspects networking components and provides guidance for creating VPCs in the same region as compute resources, applying firewalls to restrict inbound and outbound traffic, and attaching load balancers for public entry. It explains reserved IP usage for stable endpoints, DNS and IPv6 configuration for name resolution and dual-stack support, and NAT gateways for outbound access from private subnets. Recommendations follow a workflow: environment VPCs, resource attachment, firewall policies, public load balancers, and DNS/reserved IP assignment.

When to use it

Designing private network segments or environment isolation
Securing inbound and outbound access to Droplets, Kubernetes, or databases
Configuring public entry points with load balancers and TLS termination
Providing stable public endpoints and failover with reserved IPs
Enabling outbound internet access for private resources using NAT gateway

Best practices

Create a separate VPC per environment (dev, staging, prod) and match region to compute resources
Apply least-privilege firewall rules and use stateful rules to control both directions
Use load balancers for TLS termination and health checks; keep backends in the same VPC
Assign reserved IPs for services that require stable public addresses and plan remap strategies
Enable IPv6 only after confirming all dependencies support dual-stack and update DNS records accordingly
Use a NAT gateway for private subnets that need outbound internet access while avoiding public IPs on instances

Example use cases

Create a prod VPC, attach managed database and app Droplets, and enforce DB access via firewall rules
Deploy a load balancer to terminate TLS and distribute traffic across web servers in the same VPC
Assign a reserved IP to a primary Droplet and remap it to a failover Droplet during maintenance
Enable IPv6 for a dual-stack web app and update DNS AAAA records alongside A records
Place backend services in private subnets and route outbound traffic through a NAT gateway

FAQ

Should I create one VPC per region or per environment?

Create a VPC per environment and ensure it is in the same region as your compute resources to avoid cross-region latency and unsupported private networking.

When should I use a NAT gateway?

Use a NAT gateway when private subnets require outbound internet access without exposing instances to public IPs; it centralizes egress and simplifies security controls.