We hope you find this tutorial helpful. In addition to guides like this one, we provide simple cloud infrastructure for developers. Learn more →

How To Enable DigitalOcean Private Networking on Existing Droplets

PostedSeptember 11, 2013 63.1k views Networking DigitalOcean

Introduction


DigitalOcean now offers shared private networking for newly created Droplets in certain data centers. Click here to learn how to enable private networking with newly created Droplets.

For Droplets created in these data centers prior to the implementation of private networking, you can enable private networking manually.

In this article, we will cover how to manually enable private networking for old Droplets located in data centers where private networking has since been enabled.

Step One - Power Droplet Down


In order to enable private networking, you will need to power off your Droplet temporarily.

This step is required so that the private networking layer can be cleanly implemented in the next step.

Step Two - Enable Private Networking


Next, you need to select the Networking option in your Droplet menu:

Enable private networking button

Click on the Enable button within the Private network section.

Your Droplet will then incorporate the new private networking features.

Step Three - Power Droplet Back On


Power on your Droplet after the event completes.

You will notice your Droplet has an event called "Enable Private Networking" in the Droplet History.

Select the Networking item in your Droplet menu again:

Private networking settings button

Notice how the Private network section now has private networking details. You will need the information in this section to configure private networking on your Droplet in the next section.

When your Droplet is booted, SSH in or log in through the Console Access button.

Step Four - Manually Configure Private Networking


You should now be logged into your Droplet. The steps that follow will be dependent on which distribution of Linux you are running. Follow the appropriate steps.

Ubuntu 16.04 and Higher

For Ubuntu 16.04 and higher, you must first disable consistent network device naming, which is not necessary in a Cloud environment. Disabling this allows us to predictably rely on the eth0 interface being used for public traffic and the eth1 interface with private traffic.

Open the /etc/default/grub.d/50-cloudimg-settings.cfg file in your editor with sudo privileges:

  • sudo nano /etc/default/grub.d/50-cloudimg-settings.cfg

Find the GRUB_CMDLINE_LINUX_DEFAULT setting. At the end of the line, within the quotations, add net.ifnames=0, like this:

/etc/default/grub.d/50-cloudimg-settings.cfg
. . .
GRUB_CMDLINE_LINUX_DEFAULT="console=tty1 console=ttyS0 net.ifnames=0"
. . .

Save and close the file when you are finished.

Update Grub with the new settings by typing:

  • sudo update-grub

Now, reboot the Droplet:

  • sudo reboot

Your network interface should now be configured using the traditional ethX naming scheme. Follow the steps for Ubuntu & Debian below to continue configuration.

Ubuntu & Debian


First, look at the current network interfaces by typing:

sudo ifconfig

You will notice the eth0 interface, which is the public internet interface and the lo interface, which is the local loopback device.

If you would like to see the private interface that we will be configuring, you can type:

sudo ifconfig -a

This will show the eth1 interface that we will be setting up now.

Ubuntu and Debian configure their network interfaces in a file called /etc/network/interfaces. Open it now:

sudo nano /etc/network/interfaces

You will see two main sections, each used to define the two active network interfaces. We will create another section at the bottom to describe the eth1 interface that will be used for private networking.

Add the following section to the bottom of the file. Fill in the information taken from the "settings" tab of your Droplet's page.

auto eth1
iface eth1 inet static
        address Private_IP_from_settings
        netmask Private_netmask_from_settings

Save and close the file.

Restart your Droplet by typing:

sudo shutdown -r now

If you log back into your Droplet, you should see the eth1 interface when you type:

sudo ifconfig

Your Droplet should now be reachable by other Droplets with private networking enabled.

CentOS & Fedora


In CentOS and Fedora, the networking interfaces are configured in the /etc/sysconfig/network-scripts directory.

Before we continue though, we need to find a key piece of information. Type type following command:

sudo ifconfig -a

You need to write down or otherwise save a piece of information from the output.

If you are on CentOS, you need to copy the value of "HWaddr" in the eth1 section:

eth1      Link encap:Ethernet  HWaddr 12:23:34:45:56:67

If you are on Fedora, copy the value of "ether" under the eth1 section:

eth1: flags=4163  mtu 1500
        inet 12.34.56.78  netmask 255.255.0.0  broadcast 12.34.56.78
        inet6 xxxx::xxx:xxx:xxx:xx  prefixlen 64  scopeid 0x20
        ether 12:23:34:45:56:67  txqueuelen 1000  (Ethernet)
        . . .

Next, we will go to the interface configuration directory:

cd /etc/sysconfig/network-scripts

Create a new configuration file to describe the private networking interface:

sudo nano ifcfg-eth1

Copy and paste the following information into the file. Edit the values in red with the information found in the "settings" tab of your Droplet's page and the piece of information you copied from the ifconfig -a command:

DEVICE="eth1"
HWADDR=info_from_ifconfig
IPADDR=Private_IP_from_settings
BOOTPROTO=none
ONBOOT="yes"
NETMASK=Private_netmask_from_settings
NM_CONTROLLED="yes"
IPV6INIT="no"
DEFROUTE="no"

Save and close the file.

Restart your Droplet by typing:

sudo shutdown -r now

If you log back into your Droplet, you should see the eth1 interface when you type:

sudo ifconfig

It should be populated with the information you entered in the configuration file. The Droplet should now be reachable through the private IP address from other Droplets with private networking configured.

Step Five - Test the Configuration


You can test that your Droplet's private networking is enabled by typing the following from another Droplet in the same data center with private networking enabled:

ping private_ip_of_droplet

You should not receive any errors if you configured everything correctly.

If you would like to test a file transfer between two Droplets on the private network and edit your /etc/hosts file to make it easier to keep track of your Droplets, follow steps four and five from this link.

Conclusion


You should now have private networking enabled. It is important to secure your private networking interface the same way you would secure a public interface.

We suggest that you enable firewall settings that make sense for your situation. Here is a beginning article on how to configure an iptables firewall to get you started.

By Justin Ellingwood

28 Comments

Creative Commons License