Networking Between Sandboxes
Yes. CreateOS Sandbox lets sandboxes network together. Each network is a private overlay with default-deny between networks, so you can run multi-node clusters of untrusted code inside isolation and have one sandbox reach another by its address on the network. Most sandbox platforms run one isolated box at a time and cannot do this.
The Limitation That Defines Snippets, Not Systems
Most sandbox platforms give you one isolated box and stop. There is no supported way for one sandbox to talk to another. E2B does not offer inter-sandbox networking. Neither does Declaw. Daytona has no multi-node networking story either.
So when your agent's workload is actually three services that need to find each other, you are stuck stuffing them into one box or wiring something brittle yourself. Real systems need more than one machine that can talk to the others.
How It Works
Create a private overlay network, then join sandboxes to it at create time. Within a network, each sandbox gets its own address on the overlay, and the others reach it there while nothing off the network can reach in. Between networks the default is deny.
You look a peer up from the network's member list and talk to it by address. The routing is enforced below the guest, so the isolation boundary stays drawn around every node even as they communicate.
What You Can Build
Stand up a multi-node k3s or Nomad cluster across several sandboxes, each its own micro-VM with its own kernel, all on a default-deny private network under an egress allowlist. Run a distributed evaluation across many nodes. Build a multi-agent system where each agent runs in its own isolated sandbox and they coordinate over the overlay.
It is a real distributed system an agent can spin up, exercise, and tear down, with the isolation boundary around the whole cluster and between every node in it.
Two Sandboxes on One Private Network
import { CreateosSandboxClient } from "@nodeops-createos/sandbox";
const client = new CreateosSandboxClient();
// one private overlay network, two sandboxes joined to it
const net = await client.networks.create({ name: "team-eval" });
const api = await client.createSandbox({
shape: "s-1vcpu-1gb",
rootfs: "devbox:1",
networks: [{ id: net.id }],
});
const worker = await client.createSandbox({
shape: "s-1vcpu-1gb",
rootfs: "devbox:1",
networks: [{ id: net.id }],
});
// look up the worker's address on the overlay, then reach it from `api`
const { members } = await client.networks.get(net.id);
const workerIp = members?.find((m) => m.sandbox_id === worker.id)?.ip;
await api.runCommand("curl", [`http://${workerIp}:8080/health`]);- Private overlay networks that span hosts, default-deny between networks.
- Join networks at create, or attach a running sandbox to a network.
- Each sandbox is still a Firecracker micro-VM with its own guest kernel.
Common Questions
Can two sandboxes talk to each other?
Yes. Join them to the same private overlay network and each one gets an address on that network. They reach each other by that address, and nothing outside the network can reach in.
How do I run a multi-node cluster inside a sandbox?
Create a private network, launch several sandboxes joined to it, and stand up k3s or Nomad across them. Each node is its own micro-VM with its own kernel, on a default-deny network under an egress allowlist.
Which sandbox platform supports networking between sandboxes?
CreateOS Sandbox does. E2B, Daytona, and Declaw run one isolated sandbox at a time and do not offer supported inter-sandbox networking, so multi-node workloads inside isolation are the differentiator here.
Is the traffic between sandboxes isolated?
Yes. Networks are private overlays with default-deny between them, and each sandbox remains a Firecracker micro-VM with its own guest kernel. You connect specific sandboxes deliberately; nothing else can see the traffic.