Network traffic between a Floating IP and a Droplet flows through an anchor IP, which is an IP address aliased to the Droplet's public network interface (
eth0). Droplets must have an anchor IP before you can assign a Floating IP to it.
An anchor IP is only accessible to the Droplet it belongs to and the floating IP assigned to the Droplet. You should bind any public services that you want to make highly available through a floating IP to the anchor IP to prevent users from using the public IP addresses of your Droplets to bypass your floating IP.
For example, if you are using a floating IP in an active/passive load balancer setup, you should bind your load balancer services to their respective Droplet anchor IPs so they can only be accessed via the floating IP address.
To retrieve your Droplet's anchor IP, you can use standard networking utilities, like
ip addr show eth0. For simplicity, we recommend using the Droplet Metadata service by running
curl on the Droplet.
To get a Droplet's anchor IP,
curl the anchor interface IPv4 address endpoint from the Droplet:
curl -s http://169.254.169.254/metadata/v1/interfaces/public/0/anchor_ipv4/address
Learn more in the metadata API documentation.