How do I create a Droplet without a private IP?

There is no way to make a Droplet without a private IP address, but you can disable the address on your Droplet from the command line or by updating your Droplet’s eth1 interface configuration.

Since October 2020, we automatically assign private IP addresses to Droplets by default, to make them accessible to the VPC service. As such, private networking is enabled, and there is currently no way create a Droplet without a private IP or disable it from the DigitalOcean Control Panel after creation.

Note
Whether private networking is enabled or disabled on your Droplet, it should have no impact on your Droplet’s ability to connect to other resources using the public networking interface (public IP address).
Warning
DigitalOcean Load Balancers communicate with target Droplets over the VPC network, so if you disable the private IP on your Droplet, it cannot communicate with DigitalOcean Load Balancers and cannot be added as a target to a load balancer’s backend pool.

Disable Private Network Interface

To temporarily disable your Droplet’s private networking interface, use the ip utility:

ip link set eth1 down

This disables the private network interface until your Droplet is rebooted. You can validate that interface is down by running the ip utility with the -br flag.

ip -br a

The -br flag returns only basic information about your Droplet’s network interfaces for better readability. The a argument returns all IP addresses associated with your Droplet’s network interfaces.

Remove your Droplet’s Network Configuration

Alternatively, you can remove the private network interface configuration on your Droplet, permanently disabling it.

To do this, open your Droplet’s network configuration using nano, or your preferred text editor:

nano /etc/netplan/50-cloud-init.yaml

Then comment out the contents of the eth1 stanza by place a # in front of each line:

    
        
            
GNU nano 6.2                                     /etc/netplan/50-cloud-init.yaml
# This file is generated from information provided by the datasource.  Changes
# to it will not persist across an instance reboot.  To disable cloud-init's
# network configuration capabilities, write a file
# /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following:
# network: {config: disabled}
network:
    version: 2
    ethernets:
        eth0:
            addresses:
            - 203.0.113.77/20
            - 203.0.113.25/16
            match:
                macaddress: 86:bc:46:82:4d:95
            mtu: 1500
            nameservers:
                addresses:
                - 67.207.67.3
                - 67.207.67.2
                search: []
            routes:
            -   to: 0.0.0.0/0
                via: 203.0.113.65
            set-name: eth0
#        eth1:
#            addresses:
#            - 10.118.0.4/20
#            match:
#                macaddress: 5a:59:57:e0:f3:9d
#            mtu: 1500
#            nameservers:
#                addresses:
#                - 67.207.67.3
#                - 67.207.67.2
#                search: []
#            routes:
#            -   to: 0.0.0.0/0
#                via: 203.0.113.50
#            set-name: eth1 

        
    

Afterwards, save and exit the file.

Lastly, reboot your Droplet with the following command:

sudo reboot

The interface remains disabled after reboot. You can validate that the interface is down by running the ip utility with the -br flag again.

ip -br a

The command returns a table showing your Droplet’s network interfaces like this:

lo               UNKNOWN        198.18.0.152/8 ::1/128 
eth0             UP            203.0.113.50/20 233.252.0.7/16 fe80::dc6e:e3ff:fe4e:d974/64 
eth1             DOWN     

The eth1 interface should be listed as DOWN.

CentOS uses the ifcfg-eth1 configuration file to manage the eth1 interface. By moving this file to a different directory and deleting the eth1 connection from the NetworkManager, you can effectively disable the interface.

Use the following command to move the eth1 configuration file into the home directory:

mv /etc/sysconfig/network-scripts/ifcfg-eth1 ifcfg-eth1

By moving this file into the home directory, you can re-enable the connection later if needed.

Next, delete the eth1 connection from the NetworkManager using the NetworkManager’s CLI:

nmcli con del "System eth1"

Verify that the connection has been disconnected using the NetworkManager command:

nmcli

Lastly, reboot your Droplet with the following command:

sudo reboot

Once your Droplet has rebooted, log back in to your Droplet and verify that the connection has been disabled using the NetworkManager command:

nmcli

If the NetworkManager command returns that the eth1 connection’s status is connecting (getting IP configuration), wait a few minutes and check the status again.

To add the connection back to your Droplet, move the ifcfg-eth1 file back into the /etc/sysconfig/network-scripts directory and then reboot your Droplet.

What to do in a blackhole event when your traffic stops routing properly.
Ensure your Droplet’s public and private network interfaces are correctly named eth0 and eth1.
Reserved IPs do not support SMTP traffic.