Check Your Droplet's Network Configuration

Droplet networking issues can be caused by incorrect network configurations on the Droplet itself. This is highly likely if you’ve recently altered any network configuration files on your Droplet or installed software on the Droplet that may have made network changes.

In this step of the Connectivity Troubleshooting Guide, you will:

  1. Make a snapshot of your Droplet for backup purposes.
  2. Verify the Droplet’s network interfaces are up and running.
  3. Review the Droplet’s network configuration file and correct any discrepancies.
  4. Review the Droplet’s DNS settings and correct any discrepancies.

Prerequisites

Altering network configurations can cause you to lose access to your Droplet or other problems. We recommend taking a snapshot of the Droplet before making any changes to its network configuration. You can use the snapshot to rebuild the Droplet to the state it was in at the time when you took the snapshot.

Verify Network Interfaces

Your Droplet has a few different network interfaces that are configured to connect to specific networks or gateways. It is important to check if the network interfaces are running.

To check if your Droplet’s network interfaces are running, run the command:

ip -br a

The -br flag returns only basic information about the Droplet’s network interfaces for better readability. The a arugment returns all IP addresses associated with the Droplet’s network interfaces.

The command returns the status of each network interface on the Droplet:

lo               UNKNOWN        198.51.100.1/8 ::1/128
eth0             UP             203.0.113.154/20 240.0.255.85/16 f2001:DB8:AC1:FE01/64
eth1             UP             10.139.40.88/16 f2001:DB8:0CDE:211E/64

In the example above, the command returned the status for the lo, eth0, and eth1 interfaces. Beside each interface’s name is the interface’s status, either UP, DOWN, or UNKNOWN.

With the exception of the lo interface, if any of the interfaces are DOWN, enable them by running:

sudo ifup <your-droplet-interface-name>

For example, if the eth0 interface was DOWN, the command would look like this:

sudo ifup eth0

If all of the interfaces are UP, you can restart each interface by running the following commands:

sudo ifdown <your-droplet-interface-name>
sudo ifup <your-droplet-interface-name>

If either of these commands fail, the interface may be in an UNKNOWN state. You can add the --force flag to force the interfaces to restart.

sudo ifdown --force <your-droplet-interface name>
sudo ifup <your-droplet-interface name>

Once you have enabled all of the interfaces, see if your Droplet’s connection issues persist. You can use ping from the Droplet’s command line to see if the Droplet can reach the internet. Additionally, you can ping your Droplet from a terminal on your local machine to ensure the Droplet is receiving network traffic.

ping is a simple network diagnostic tool that measures the availability, latency, and packet loss between the sending and receiving devices. To run ping:

ping google.com

If your Droplet’s connectivity issues persist, review the next section.

Note
If your Droplet is behind a cloud firewall, you need to add an inbound traffic rule that allows ICMP traffic to reach the Droplet. The ping diagnostic tool uses the ICMP protocol to verify connections. If your cloud firewall doesn’t have an inbound rule for ICMP, it will block any attempts to the reach the Droplet with ping.

A successful ping means that you Droplet can connect to hostnames and returns results similar to this:

PING google.com (142.250.80.46): 56 data bytes
64 bytes from 142.250.80.46: icmp_seq=0 ttl=115 time=16.030 ms
64 bytes from 142.250.80.46: icmp_seq=1 ttl=115 time=16.699 ms
64 bytes from 142.250.80.46: icmp_seq=2 ttl=115 time=17.051 ms

If the ping returns an error, continue the next section of this guide.

Check Network Configuration File

Your Droplet’s network configuration files contain information about the Droplet’s network interfaces. If you’ve recently changed one of these files, the changes may have not persisted after a reboot or may be misconfigured.

Before making any changes to your network file configuration, we recommend taking a snapshot of the Droplet and making a backup of the Droplet’s current network configuration.

Choose your Droplet’s operating system for troubleshooting instructions.

On Ubuntu Droplets, the Droplet’s network configuration is located in the /etc/netplan/50-cloud-init.yaml file. We recommend making a backup copy of this file before altering it. This copy allows you to reinstate the original network configuration if something goes wrong after editing the current configuration.

To make a copy of your Droplet’s network configuration, run the following command:

cp /etc/netplan/50-cloud-init.yaml /etc/netplan/50-cloud-init.yaml.old

After making a copy of the configuration, view your Droplet’s network configuration file by running the following command:

nano /etc/netplan/50-cloud-init.yaml

The Droplet’s network configuration opens using the nano text editor.

    
        
network:
    version: 2
    ethernets:
        eth0:
            addresses:
            - 203.0.113.154/20
            - 203.0.255.85/16
            gateway4: 192.75.31.155
            match:
                macaddress: 0a:ee:7a:c3:93:aa
            nameservers:
                addresses:
                - 67.207.67.2
                - 67.207.67.3
                search: []
            set-name: eth0
        eth1:
            addresses:
            - 198.51.100.88/16
            match:
                macaddress: 12:01:77:bc:cb:d5
            nameservers:
                addresses:
                - 67.207.67.2
                - 67.207.67.3
                search: []
            set-name: eth1

    

In the example configuration file above, the Droplet has two network interfaces: eth0 and eth1.

  • eth0 - Contains information about the Droplet’s public network interface (the interface used to connect to the internet).
  • eth1 - Contains information about the Droplet’s VPC network interface (the interface used to connect to other resources in the datacenter it resides in).

Other interfaces may be listed based on your Droplet’s overall configuration.

You can check for discrepancies in the interfaces originally configured by DigitalOcean (eth0 and eth1) by logging in to the DigitalOcean Control Panel and comparing the IP addresses in each interface (in the addresses stanza) to the ones listed in the control panel.

To locate your Droplet’s network information in the control panel, click Droplets in the main navigation and select the target Droplet from the list of Droplets. From the Droplet’s overview page, click Networking.

Droplet's Networking page

Troubleshooting any interfaces beyond the ones originally configured by DigitalOcean may require additional research beyond this guide.

If you see any discrepancies between the IP addresses in your configuration, correct them, save the changes to the file, and then close it. Test the updated configuration by running:

netplan try --debug

This command temporarily applies the network settings to the Droplet and gives you 120 second to test the Droplet’s connections with the new configuration before rolling back to the prior configuration. This is helpful in case the new configuration locks you out of the Droplet. The --debug flag verifies that the YAML file’s formatting is correct.

Use ping again from the Droplet’s command line to test if the Droplet can reach google.com. Also ping the Droplet from a terminal on your local machine to ensure that the Droplet can receive traffic.

If this resolves your connectivity issue, press ENTER, before the 120 second timer ends, to confirm it and apply it. If you’re unsatisfied with the new configuration, press CTRL + C to revert the settings to the prior configuration.

If this doesn’t resolve your Droplet’s connectivity, check your Droplet’s DNS settings in the next section.

Check DNS Nameservers

The nameservers section in the configuration file specifies which DNS resolver servers your Droplet should be querying when trying to connect to a hostname like example.com. If the nameservers are misconfigured, your Droplet won’t connect to hostnames.

Test DNS Resolution

You can test your Droplet’s DNS resolution by logging in to the Droplet and using the ping tool.

To test your Droplet’s DNS resolution, ping the IP address 8.8.8.8 (Google’s DNS servers):

ping 8.8.8.8

You should receive output similar to this:

PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=119 time=8.35 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=119 time=7.83 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=119 time=7.80 ms
...

Next, ping the hostname google.com:

ping google.com

You should receive similar results or a name resolution error like this:

ping: google.com: Temporary failure in name resolution

Results

If you receive a name resolution error from pinging the hostname but not the IP address, your network’s DNS configuration is likely incorrect.

If you receive errors from pinging both the hostname and the IP address, your network configuration could be misconfigured elsewhere, such as your DigitalOcean cloud firewall or Droplet level firewall.

If you received data from pinging both the IP address and hostname, your Droplet is resolving DNS correctly and you can skip to the next section.

Correcting DNS Resolution

Each Droplet’s network configuration should contain the IP addresses of DigitalOcean DNS resolvers, as shown in this example:

    
        
network:
    version: 2
    ethernets:
        eth0:
            addresses:
            - 143.110.178.152/20
            - 10.47.0.5/16
            gateway4: 192.75.31.155

            match:
                macaddress: 0a:ee:7a:c3:93:aa
            nameservers:
                addresses:
                - 67.207.67.2
                - 67.207.67.3
                search: []
            set-name: eth0
....

    

If the nameservers section has different IP addresses assigned to it than the ones shown above and your Droplet is experiencing hostname resolution issues, try adding DigitalOcean’s resolvers back to the nameservers section.

DigitalOcean’s nameserver resolver addresses are:

67.207.67.2
67.207.67.3
Note
DigitalOcean’s resolvers have limits of 100 queries per second. If you intend to exceed that rate, we recommend adding Google Public DNS’s or OpenDNS’s resolvers to your file, as well.

Save and Apply Any Changes

If you made any changes to the file after reviewing it, save the changes and then close the file. If you’re using the nano text editor, to save the changes and close the file, press ctrl + O and then ctrl + X.

To test the new configuration, run the netplan trial command again:

netplan try --debug

Use ping again from the Droplet’s command line to test if the Droplet can reach google.com. If the command returns successful results, your Droplet can connect to hostnames.

If this resolves your connectivity issue, press ENTER, before the 120 second timer ends, to confirm it and apply it. If you’re unsatisfied with the new configuration, press CTRL + C to revert the settings to the prior configuration.

If this does not resolve your Droplet’s connectivity issue, review the conclusion section of this guide.

On Ubuntu 16.04 and Debian Droplets, the Droplet’s network configuration is located in the /etc/netplan/50-cloud-init.yaml file. To make a copy of your Droplet’s network configuration, run the following command:

cp /etc/network/interfaces.d/50-cloud-init.cfg /etc/network/interfaces.d/50-cloud-init.cfg.old

To view your Droplet’s network configuration file, run the following command:

nano /etc/network/interfaces.d/50-cloud-init.cfg

The Droplet’s network configuration opens using the nano text editor.

    
        
auto lo
iface lo inet loopback
    dns-nameservers 67.207.67.3 67.207.67.2

auto eth0
iface eth0 inet static
    address 203.0.113.154/20
    gateway 192.75.31.155

# control-alias eth0
iface eth0 inet static
    address 198.51.100.88/16

auto eth1
iface eth1 inet static
    address 203.0.113.88/16

    

In the example configuration file above, the Droplet has two network interfaces: eth0 and eth1.

  • eth0 - Contains information about the Droplet’s public network interface (the interface used to connect to the internet).
  • eth1 - Contains information about the Droplet’s VPC network interface (the interface used to connect to other resources in the datacenter).

Other interfaces may be listed based on your Droplet’s overall configuration and software.

You can check for discrepancies in the interfaces originally configured by DigitalOcean (eth0 and eth1) by logging in to the DigitalOcean Control Panel and comparing the IP addresses in each interface to the ones listed in the control panel.

To locate your Droplet’s network information in the control panel, click Droplets in the main navigation and select the target Droplet from the list of Droplets. From the Droplet’s overview page, click Networking.

Droplet's Networking page

Troubleshooting any interfaces beyond the ones originally configured by DigitalOcean may require additional research beyond this guide.

Correct any discrepancies you may see in the file, save the changes to the file, and then close it. Test the updated configuration by running:

netplan try --debug

This command temporarily applies the network settings to the Droplet and gives you 120 second to test the Droplet’s connections with the new configuration before rolling back to the prior configuration. This is helpful in case the new configuration locks you out of the Droplet. The --debug flag verifies that the YAML file’s formatting is correct.

Use ping again from the Droplet’s command line to test if the Droplet can reach google.com. Also ping the Droplet from a terminal on your local machine to ensure that the Droplet can receive traffic.

If this resolves your connectivity issue, press ENTER, before the 120 second timer ends, to confirm it and apply it. If you’re unsatisfied with the new configuration, press CTRL + C to revert the settings to the prior configuration.

If this doesn’t resolve your Droplet’s connectivity, check your Droplet’s DNS settings in the next section.

Check DNS Nameservers

The nameservers section in the configuration file specifies which DNS resolver servers your Droplet should be querying when trying to connect to a hostname like example.com. If the nameservers are misconfigured, your Droplet won’t connect to hostnames.

Test DNS Resolution

You can test your Droplet’s DNS resolution by logging in to the Droplet and using the ping tool.

To test your Droplet’s DNS resolution, ping the IP address 8.8.8.8 (Google’s DNS servers):

ping 8.8.8.8

You should receive output similar to this:

PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=119 time=8.35 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=119 time=7.83 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=119 time=7.80 ms
...

Next, ping the hostname google.com:

ping google.com

You should receive similar results or a name resolution error like this:

ping: google.com: Temporary failure in name resolution

Results

If you receive a name resolution error from pinging the hostname but not the IP address, your network’s DNS configuration is likely incorrect.

If you receive errors from pinging both the hostname and the IP address, your network configuration could be misconfigured elsewhere, such as your DigitalOcean cloud firewall or Droplet level firewall.

If you received data from pinging both the IP address and hostname, your Droplet is resolving DNS correctly and you can skip to the next section.

Correcting DNS Resolution

Each Droplet’s network configuration should contain the IP addresses of DigitalOcean DNS resolvers, as shown in this example:

    
        
network:
    version: 2
    ethernets:
        eth0:
            addresses:
            - 143.110.178.152/20
            - 10.47.0.5/16
            gateway4: 192.75.31.155
            match:
                macaddress: 0a:ee:7a:c3:93:aa
            nameservers:
                addresses:
                - 67.207.67.2
                - 67.207.67.3
                search: []
            set-name: eth0
....

    

If the nameservers section has different IP addresses assigned to it than the ones shown above and your Droplet is experiencing hostname resolution issues, try adding DigitalOcean’s resolvers back to the nameservers section.

DigitalOcean’s DNS resolver addresses are:

67.207.67.2
67.207.67.3
Note
DigitalOcean’s resolvers have limits of 100 queries per second. If you intend to exceed that rate, we recommend adding Google Public DNS’s or OpenDNS’s resolvers to your file, as well.

Save and Apply Any Changes

If you made any changes to the file after reviewing it, save the changes and then close the file. If you’re using the nano text editor, to save the changes and close the file, press ctrl + O and then ctrl + X.

Once you have made your changes, restart the networking service:

systemctl restart NetworkManager.service

If the Droplet disconnects and you can’t regain access to it, access the Droplet using the DigitalOcean Droplet Console and replace the altered network configuration with the original one you copied at the beginning of this section.

Use ping again from the Droplet’s command line to test if the Droplet can reach google.com. If the command returns successful results, your Droplet can connect to hostnames.

If this does not resolve your Droplet’s connectivity issue, review the conclusion section of this guide.

CentOS maintains a configuration file for each of the Droplet’s network interfaces. Before altering one, you should make a backup copy of it. The /etc/sysconfig/network-scripts/ directory contains the configuration files.

To make a copy of a network configuration file, run the following command, replacing the <interface-file> with the name of the file you intend on altering:

cp /etc/sysconfig/network-scripts/<interface-file> /etc/sysconfig/network-scripts/<interface-file>.old

To view your Droplet’s network configuration file, run the following command:

vi /etc/sysconfig/network-scripts/<interface-file>

The Droplet’s network configuration opens using the vi text editor.

    
        
# Created by cloud-init on instance boot automatically, do not edit.
#
BOOTPROTO=none
DEFROUTE=yes
DEVICE=eth0
GATEWAY=192.75.31.155
HWADDR=86:60:94:1b:11:1d
IPADDR=203.0.113.154
IPADDR1=198.51.100.88
IPV6ADDR=f2001:DB8:AC1:FE01/64
IPV6INIT=yes
IPV6_DEFAULTGW=f2001:DB8:0CDE:211E
MTU=1500
NETMASK=255.255.240.0
NETMASK1=255.255.0.0
ONBOOT=yes
TYPE=Ethernet
USERCTL=no

    

The example configuration file above contains the configuration for the eth0 interface, the interface that connects to the public internet.

You can check for discrepancies in the interfaces originally configured by DigitalOcean (eth0 and eth1) by logging in to the DigitalOcean Control Panel and comparing the IP addresses in each interface to the ones listed in the control panel.

To locate your Droplet’s network information in the control panel, click Droplets in the main navigation and select the target Droplet from the list of Droplets. From the Droplet’s overview page, click Networking.

Droplet's Networking page

Troubleshooting any interfaces beyond the ones originally configured by DigitalOcean may require additional research beyond this guide.

If you see any discrepancies in the configuration file, correct them, save the file and then close it.

Once you have made your changes, restart the networking service:

systemctl restart networking.service

If the Droplet disconnects you and you can’t regain access to it, access the Droplet using the DigitalOcean Droplet Console and replace the altered network configuration with the original one you copied at the beginning of this section.

Use ping again from the Droplet’s command line to test if the Droplet can reach google.com. Also ping the Droplet from a terminal on your local machine to ensure that the Droplet can receive traffic.

If this doesn’t resolve your Droplet’s connectivity, check your Droplet’s DNS settings in the next section.

Check DNS Nameservers

The nameservers section in the configuration file specifies which DNS resolver servers your Droplet should be querying when trying to connect to a hostname like example.com. If the nameservers are misconfigured, your Droplet won’t connect to hostnames.

Test DNS Resolution

You can test your Droplet’s DNS resolution by logging in to the Droplet and using the ping tool.

To test your Droplet’s DNS resolution, ping the IP address 8.8.8.8 (Google’s DNS servers):

ping 8.8.8.8

You should receive output similar to this:

PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=119 time=8.35 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=119 time=7.83 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=119 time=7.80 ms
...

Next, ping the hostname google.com:

ping google.com

You should receive similar results or a name resolution error like this:

ping: google.com: Temporary failure in name resolution

Results

If you receive a name resolution error from pinging the hostname but not the IP address, your network’s DNS configuration is likely incorrect.

If you receive errors from pinging both the hostname and the IP address, your network configuration could be misconfigured elsewhere, such as your DigitalOcean cloud firewall or Droplet level firewall.

If you received data from pinging both the IP address and hostname, your Droplet is resolving DNS correctly and you can skip to the next section.

Correcting DNS Resolution

If your Droplet can successfully ping IP addresses but not hostnames, review your Droplet’s DNS resolvers to ensure they have the correct IP addresses. To review the Droplet’s DNS resolvers, run:

vi /etc/resolv.conf

Each Droplet’s network configuration should contain the IP addresses of DigitalOcean DNS resolvers, as shown in this example:

    
        
; Created by cloud-init on instance boot automatically, do not edit.
;
nameserver 67.207.67.3
nameserver 67.207.67.2

    

If the resolv.conf file has different IP addresses assigned to it than the ones shown above and your Droplet is experiencing hostname resolution issues, try adding DigitalOcean’s resolvers back to the nameservers section.

DigitalOcean’s nameserver resolver addresses are:

67.207.67.2
67.207.67.3
Note
DigitalOcean’s resolvers have limits of 100 queries per second. If you intend to exceed that rate, we recommend adding Google Public DNS’s or OpenDNS’s resolvers to your file, as well.

If you edited the file, save the changes and then close it. Then restart the networking service:

systemctl restart networking.service

Use ping again from the Droplet’s command line to test if the Droplet can reach google.com. If the command returns successful results, your Droplet can connect to hostnames.

If this does not resolve your Droplet’s connectivity issue, review the conclusion section of this guide.

Conclusion

If you’re still unable to get your Droplet to connect properly, you can open a support ticket. Make sure to include the following information:

  • Your Droplet’s full OS version information. You can find this by running cat /etc/*release.
  • The full output of any errors related to the network issue.
  • All of the information you’ve gathered from troubleshooting so far.
  • Anything you were unclear about while referencing this article.

Including all the above diagnostic information and clarifying where you are encountering the issue can help us quickly get up to speed with where your need on the issue is.

Diagnose and troubleshoot firewall issues that could be causing network connectivity issues.
Check things like Droplet status and logs before continuing to diagnose network issues.
Diagnose and troubleshoot firewall and load balancer issues that could be causing network connectivity issues.