# How to Configure Backend Droplets for Network Load Balancers DigitalOcean fully manages Regional Load Balancers and Global Load Balancers, ensuring they are highly available load balancing services. Load balancers distribute traffic to groups of backend resources in specific regions or across different regions, which prevents the health of a service from depending on the health of a single server, cluster, or region. **Note**: This guide applies to network load balancers for Droplets. Network load balancers route TCP and UDP traffic at the transport layer (layer 4). If you’re using an HTTP load balancer (layer 7), you don’t need this configuration. Network load balancers require backend Droplets to have additional routing configuration. Without this configuration, traffic from the load balancer cannot reach the Droplets. You need to add a route for the load balancer’s IP address and make the configuration persistent across reboots. When you [create a load balancer](https://docs.digitalocean.com/products/networking/load-balancers/how-to/create/index.html.md) and choose **Network** as the traffic management type, complete the steps in this guide for each backend Droplet. ## Find the Load Balancer IP Address Find the IP address of your network load balancer. The address is listed on [the **Load Balancers** page](https://cloud.digitalocean.com/networking/load_balancers) in the control panel, or [use `doctl`](https://docs.digitalocean.com/reference/doctl/how-to/install/index.html.md) to retrieve it with the following command: ```shell doctl compute load-balancer list --format Name,IP ``` The output displays load balancer names and IP addresses: ``` Name IP nyc3-load-balancer-01 203.0.113.67 global-load-balancer-01 network-load-balancer 203.0.113.2 ``` **Note**: IPv6 network load balancers require IPv6-enabled backend Droplets. Read [How to Enable IPv6 on Droplets](https://docs.digitalocean.com/products/networking/ipv6/how-to/enable/index.html.md) to enable IPv6 if necessary. ## Add a Route for the Load Balancer IP Address Log in to your backend Droplet using SSH or the console. Run the `ip route add` command to add a route to the kernel’s IP routing table, using the IP address you retrieved in the previous step. Use `eth0` for `` if the load balancer is public, and `eth1` if it’s a private, internal-only load balancer: ```shell ip route add to local dev ``` Replace `` with the correct IP address. This command directs traffic for the load balancer IP to the local system. The Droplet claims ownership of the IP address on the specified interface, allowing it to process incoming packets and handle traffic. **For private, internal load balancers only**, you must also configure Address Resolution Protocol (ARP) announcements on the `eth1` interface. Use `sysctl` to set `net.ipv4.conf.eth1.arp_announce` to `2`: ```shell sysctl -w net.ipv4.conf.eth1.arp_announce=2 ``` Wait for the load balancer health checks to pass before testing connectivity. ## Make the Route Permanent The `ip route` and `sysctl` configuration changes do not persist across reboots. Choose a method to make them persistent based on your operating system. ## systemd Service ### Using systemd Service This method works on all modern Linux distributions. Open the file with `nano` or your preferred text editor: ```shell sudo nano /etc/systemd/system/configure-nlb.service ``` Paste in the following. Replace `` with the correct IP address, and `` with `eth0` for public load balancers or `eth1` for private: ```ini [Unit] Description=Configure Network Load Balancer After=network.target [Service] ExecStart=/sbin/ip route add to local dev #ExecStart=/sbin/sysctl -w net.ipv4.conf.eth1.arp_announce=2 Type=oneshot RemainAfterExit=yes [Install] WantedBy=multi-user.target ``` If you’re configuring a private load balancer, uncomment the `ExecStart=/sbin/sysctl ...` command by removing the `#` at the beginning of the line. Save the file and quit your editor to return to the command prompt. Use `systemctl` to enable and start the `configure-nlb` service: ```shell sudo systemctl enable configure-nlb sudo systemctl start configure-nlb ``` Verify the service status: ```shell sudo systemctl status configure-nlb ``` The output shows `enabled` and `active (exited)`. The routing changes now persist across system reboots. ## Netplan ### Using Netplan (Recommended for Debian 12+/Ubuntu 22.04+) **Note**: If your Droplet uses **systemd-networkd** (default on Ubuntu 22.04+, Debian 12+), the `ip route add` command **does not survive systemd-networkd restarts**, which occur during routine package updates. Debian 12 requires Netplan installation: `sudo apt install netplan.io` Create a new Netplan configuration file at `/etc/netplan/60-load-balancer.yaml` and paste the following: ```yaml network: version: 2 ethernets: : routes: - to: /32 table: 255 type: local ``` Replace `` with the correct IP address, and `` with `eth0` for public load balancers or `eth1` for private. Set restrictive permissions on the configuration file: ```shell sudo chmod 600 /etc/netplan/60-load-balancer.yaml ``` Apply the Netplan configuration: ```shell sudo netplan apply sudo systemctl restart systemd-networkd ``` To set the ARP announce behavior, create `/etc/sysctl.d/90-load-balancer.conf` and paste the following: ```shell net.ipv4.conf.eth1.arp_announce=2 ``` Apply the `sysctl` settings as follows: ```shell sudo sysctl -p /etc/sysctl.d/90-load-balancer.conf ``` Verify that the route was added successfully: ```shell ip route show table local | grep ``` Verify the ARP setting was applied: ```shell sysctl net.ipv4.conf.eth1.arp_announce ``` The route now persists through `systemd-networkd` restarts. The `sysctl` setting persists automatically as it’s a kernel parameter.