How to Send Outbound Traffic Over a Reserved IP
A DigitalOcean Reserved IP address is a publicly-accessible static IP address that you can assign to a Droplet and then reassign to another Droplet later, as needed. You can implement a failover mechanism with reserved IPs to build a high availability infrastructure.
Note
You can configure your Droplet’s network settings to send outbound traffic over a reserved IP address assigned to the Droplet. This causes traffic to originate from the reserved IP address instead of the Droplet’s original IPv4 address.
Prerequisites
To configure a Droplet to send its outbound traffic over a reserved IP address assigned to it, you need the gateway address of the Droplet’s anchor IP address.
Most Droplets already have an anchor IP, but Droplets created before October 2015 and Droplets created using custom images don’t have anchor IPs assigned by default.
On Droplets without an anchor IP, first manually assign an anchor IP to the Droplet, then continue following this guide.
On Droplets with an anchor IP, get the gateway address by querying its metadata using a curl request. The -s flag mutes any progress meters or error messages and returns only the output.
curl -s http://169.254.169.254/metadata/v1/interfaces/public/0/anchor_ipv4/gateway
The command returns an IPv4 address, like 198.51.100.237, which is the anchor IP’s gateway address. You will use this address to update your server’s default IPv4 gateway, enabling outbound traffic from your reserved IP.
Enable Outbound Reserved IP Traffic Immediately
To immediately update your network configuration, use the ip route command to add this address as the gateway for the default route. The following command removes the default route from your Droplet’s public network interface and replaces it with a route that uses the anchor’s gateway IP address. Be sure to replace <anchor-gateway-IP-address> with the IP address you retrieved in the previous step:
sudo sh -c "ip route del 0/0; ip route add default via <anchor-gateway-IP-address> dev eth0"
The command may take a moment to complete and prints no output.
Verify that the Droplet’s traffic is being routed through the reserved IP address by sending a curl request to icanhazip.com, a website that returns the request’s originating public IP. The -4 flag instructs curl to use the Droplet’s IPv4 address only:
curl -4 https://icanhazip.com/
Changes made with the ip route command will be lost when you restart your Droplet. To make the setting persist after reboot, you need to modify the Droplet’s network configuration files. How you do this depends on which operating system you’re using.
Persist Outbound Reserved IP Traffic After Reboot
First, disable cloud-init’s automatic network configuration, otherwise your settings could be overwritten:
echo "network: {config: disabled}" | sudo tee /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg
Open the Droplet’s network interface configuration file:
sudo nano /etc/netplan/50-cloud-init.yaml
Under the eth0 configuration, update the via field under the routes section to use the Droplet’s anchor IP gateway address:
network:
version: 2
ethernets:
eth0:
addresses:
- 203.0.113.216/20
- 10.17.0.5/16
match:
macaddress: da:f8:7a:69:ce:ea
mtu: 1500
nameservers:
addresses:
- 67.207.67.2
- 67.207.67.3
search: []
routes:
- to: 0.0.0.0/0
via: <anchor-gateway-IP-address>
set-name: eth0
eth1:
addresses:
- 10.132.0.5/16
match:
macaddress: a6:08:53:fb:fb:7d
mtu: 1500
nameservers:
addresses:
- 67.207.67.2
- 67.207.67.3
search: []
set-name: eth1
This updates the default gateway for the interface.
Save and close the configuration file, then use the netplan command to apply the changes:
sudo netplan apply
Verify that the changes to your network now persist through a reboot:
sudo reboot
Open the Droplet’s network interface configuration file:
sudo nano /etc/network/interfaces
Update the gateway field with the Droplet’s anchor IP gateway address:
auto lo
iface lo inet loopback
dns-nameservers 67.207.67.2 67.207.67.3
auto eth0
iface eth0 inet static
hwaddress 5e:6c:28:98:28:ce
address 203.0.113.216
netmask 255.255.240.0
gateway <anchor-gateway-IP-address>
post-up ifup eth0:1
This updates the default gateway for the interface.
Save and close the configuration file. Then run the following command to check the configuration’s syntax and apply the network changes:
sudo systemctl restart networking
Verify that the changes to your network now persist through a reboot:
sudo reboot
Open the Droplet’s public network interface configuration file:
nano /etc/NetworkManager/system-connections/cloud-init-eth0.nmconnection
Under the [ipv4] section, replace the second IP address in the route1 field with your Droplet’s anchor gateway IP address:
[connection]
id=cloud-init eth0
uuid=1dd9a779-d327-56e1-8454-c65e2556c12c
type=ethernet
[user]
org.freedesktop.NetworkManager.origin=cloud-init
[ethernet]
mtu=1500
mac-address=E2:67:39:7C:55:85
[ipv4]
method=manual
may-fail=false
address1=143.110.211.104/20
route1=0.0.0.0/0,<anchor-gateway-IP-address>
address2=10.20.0.7/16
This updates the default gateway for the interface.
Save and close the file, then reboot the Droplet:
sudo reboot
Open the Droplet’s public network interface configuration file:
sudo vi /etc/sysconfig/network-scripts/ifcfg-eth0
Update the GATEWAY= field with the Droplet’s anchor gateway IP address:
BOOTPROTO=none
DEFROUTE=yes
DEVICE=eth0
GATEWAY=<anchor-gateway-IP-address>
HWADDR=36:7d:f2:8d:72:15
IPADDR=203.0.113.216
IPADDR1=10.17.0.5
MTU=1500
NETMASK=255.255.240.0
NETMASK1=255.255.0.0
ONBOOT=yes
TYPE=Ethernet
USERCTL=no
This updates the default gateway for the interface.
Save and close the configuration file, then reboot the Droplet:
sudo reboot
Once the Droplet has rebooted, log back in to the Droplet and verify that its traffic is being routed through the reserved IP address by sending another curl request to icanhazip.com:
curl -4 https://icanhazip.com/