How to Send Outbound Traffic Over a Floating IP

DigitalOcean floating IPs are publicly-accessible static IP addresses that you can assign to Droplets and instantly remap between other Droplets in the same datacenter. Implement a failover mechanism with floating IPs to build a high availability infrastructure.

You can configure your Droplet’s network settings to send outbound traffic over a floating IP address assigned to the Droplet. This causes traffic to originate from the floating IP address instead of the Droplet’s original IPv4 address.

Originating traffic from a floating IP address can simplify firewall management. To white list traffic to and from your Droplet, you no longer need to create additional rules for separate sending and receiving IP addresses. You also don’t need to change or add rules if you reassign the floating IP to a new Droplet.

To configure a Droplet to send its outbound traffic over a floating IP address assigned to it, you need the gateway address of the Droplet’s anchor IP address.

Most Droplets already have an anchor IP, but Droplets created before October 2015 and Droplets created using custom images don’t have anchor IPs assigned by default.

On Droplets without an anchor IP, first manually assign an anchor IP to the Droplet, then continue following this guide.

On Droplets with an anchor IP, get the gateway address by querying its metadata using a curl request. The -s flag in the request mutes any progress meters or error messages and just returns the output.

curl -s http://169.254.169.254/metadata/v1/interfaces/public/0/anchor_ipv4/gateway

The command returns an IPv4 address, like 198.51.100.237, which is the anchor IP’s gateway address.

Add this address as the default route in your in your network configuration using the ip route command. The following commands remove the default route from your Droplet’s public network interface and replace it with the anchor’s gateway IP address:

ip route del 0/0; ip route add default via <anchor-gateway-IP-address> dev eth0

The command returns no output upon completion.

Once you have added the new IP route, you can verify that the Droplet’s traffic is being routed through the floating IP address by running another curl request to https://icanhazip.com/:

curl -4 https://icanhazip.com/

The -4 flag instructs curl to resolve domain names as IPv4 addresses.

The curl command returns the floating IP address instead of the Droplet’s original IP address. Your Droplet is now routing outbound traffic through the floating IP address.