what is the purpose of network 10.17.0.0/16 on eth0?

May 9, 2018 906 views
Firewall Networking Security Ubuntu 18.04

while configuring firewall rules for a new (ubuntu 18.04 in nyc3) droplet today, i noticed that the output of route (below) shows three networks instead of the normal two (public, private).

can anyone tell me why the network 10.17.0.0 exists in our droplets?

104.131.0.0 - public
10.132.0.0 - private
10.17.0.0 - ???

root@104:~# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         _gateway        0.0.0.0         UG    0      0        0 eth0
10.17.0.0       0.0.0.0         255.255.0.0     U     0      0        0 eth0
10.132.0.0      0.0.0.0         255.255.0.0     U     0      0        0 eth1
104.131.0.0     0.0.0.0         255.255.192.0   U     0      0        0 eth0

thanks!
-lee

4 Answers

Are you using any floating IPs or a load balancer with your droplet? Floating IPs will appear as another local network interface rather than an interface with the public floating ip shown.

Thanks for the speedy reply ryanpq!

Nope, it's just a basic droplet with private networking, so no floating IPs or load balancing. Also no backup plan, monitoring, cloud-firewall or IPv6.

Your public network interface has an "Anchor IP" associated with it for the use of a floating IP:

https://www.digitalocean.com/community/tutorials/how-to-use-floating-ips-on-digitalocean#getting-anchor-and-floating-ip-information

by Melissa Anderson
A DigitalOcean Floating IP is a publicly-accessible static IP address that can be mapped to one of your Droplets. A Floating IP can also be instantly remapped, via the DigitalOcean Control Panel or API, to one of your other Droplets in the same datacenter. This instant remapping capability grants you the ability to design and create High Availability (HA) server infrastructures by adding redundancy to the entry point, or gateway, to your servers.

ok. got it. thanks!

so apparently, even when a droplet has no floating ip enabled at the time of it's creation, the anchor ip will be configured for the droplet regardless, to ease the process of enabling floating ip at a later time.

Have another answer? Share your knowledge.