Connect DigitalOcean Droplets Across Regions

Overview

DigitalOcean provides a platform to easily deploy virtual machines called Droplets. You can spin up any number of machines with a variety of operating systems, and get going much more quickly than on other platforms like AWS or Azure. They also have a Marketplace of 1-click apps which make setup even easier.

Droplets and Apps are deployed into Regions, each of which has its own private network. This is great, because it allows Droplets to communicate over a secure network when you have an application that spans multiple machines.

However, sometimes your applications may span regions. In this case, your Droplets need to communicate across these different networks. This article shows how you can bridge DigitalOcean regions with an overlay private network using Netmaker.

The result is a virtual network that spans your droplets worldwide and acts as a sort of “super VPC.” Every machine can access every other machine securely, regardless of region, and it stays secure thanks to Netmaker’s virtual mesh network.

Prerequisites

1. A DigitalOcean account. Sign up for free if you don’t already have one.
2. Create a Netmaker account by logging into https://dashboard.license.netmaker.io. You will need this for a free Netmaker license.
3. [Recommended] Prepare a dedicated subdomain for Netmaker, such as “nm.yourcompany.com.” We will use a wildcard from this subdomain for Netmaker.

Initial Setup

1. Visit https://marketplace.digitalocean.com/apps/netmaker
2. Create a Netmaker Droplet
3. Recommended Settings: if desired, Netmaker can run with 1GB RAM, but we recommend 2GB or larger for production
4. Setup DNS: point the wildcard domain from the prerequisites (e.g. *.nm.yourdomain.com) to the IP of the 1-Click Droplet.
5. Log into your Netmaker Droplet
6. Upon login, you will be prompted with a series of steps to install Netmaker. You can use either Community or Enterprise, but we recommend Enterprise, since it has extra features and a generous free tier.
7. Once everything looks right and you’ve hit confirm, the install script will run. This will take about 5 minutes.
8. Log into the Netmaker dashboard at http://dashboard.yourdomain.com and create a username and password for the Netmaker server.

Set Up Client Droplets

Netmaker requires the “netclient” to run on machines in order to set up the private networks. On each machine in DigitalOcean which you wish to make a part of the mesh, do the following:

1. Use the steps for installing Netclient. For instance, on Debian distros:

   curl -sL 'https://apt.netmaker.org/gpg.key' | sudo tee /etc/apt/trusted.gpg.d/netclient.asc
   curl -sL 'https://apt.netmaker.org/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/netclient.list
   sudo apt update
   sudo apt -y install netclient
   

2. Next, join the network. In Netmaker, go to the “Access Keys” section, click on the access key, and copy the “Join” command. It should look like this:

   netclient join -t anvkr48twsigahkguashleawjieg
   

After completing these steps on all your machine you will see a mesh network, somewhat like this in the Graphs section on the left-hand menu:

Private DNS

Netmaker provides Private DNS for machines in Netmaker networks.

1. Click DNS in the left-hand menu
2. Note the current setup. It should something like the screenshot below:

3. If you’d like, add some custom DNS entries for your Droplets.

Test the Network

1. Have each droplet ping each other droplet by private IP address. If you need the IP address for a droplet, you can visit the Graph or Node section of the UI and view its private IP address. You can also get this from a Netclient by running the following:

   sudo netclient list | jq

2. Try pinging by using the private DNS 3. Assuming everything is reachable, your private network is now complete.

Conclusion

You’ve successfully set up a multi-region network with Netmaker! This network can now act as a foundation for cross-region traffic. There are many more advanced features of Netmaker that can enhance this network, which we’ll go over in future articles.