Check Your Droplet's Network Configuration
Droplet networking issues can be caused by incorrect network configurations on the Droplet itself. This is highly likely if you’ve recently altered any network configuration files on your Droplet or installed software on the Droplet that may have made network changes.
In this step of the Connectivity Troubleshooting Guide, you will:
- Make a snapshot of your Droplet for backup purposes.
- Verify the Droplet’s network interfaces are up and running.
- Review the Droplet’s network configuration file and correct any discrepancies.
- Review the Droplet’s DNS settings and correct any discrepancies.
Prerequisites
Altering network configurations can cause you to lose access to your Droplet or other problems. We recommend taking a snapshot of the Droplet before making any changes to its network configuration. You can use the snapshot to rebuild the Droplet to the state it was in at the time when you took the snapshot.
Verify Network Interfaces
Your Droplet has a few different network interfaces that are configured to connect to specific networks or gateways. It is important to check if the network interfaces are running.
To check if your Droplet’s network interfaces are running, run the command:
ip -br a
The -br flag returns only basic information about the Droplet’s network interfaces for better readability. The a arugment returns all IP addresses associated with the Droplet’s network interfaces.
The command returns the status of each network interface on the Droplet:
lo UNKNOWN 198.51.100.1/8 ::1/128
eth0 UP 203.0.113.154/20 240.0.255.85/16 f2001:DB8:AC1:FE01/64
eth1 UP 10.139.40.88/16 f2001:DB8:0CDE:211E/64
In the example above, the command returned the status for the lo, eth0, and eth1 interfaces. Beside each interface’s name is the interface’s status, either UP, DOWN, or UNKNOWN.
With the exception of the lo interface, if any of the interfaces are DOWN, enable them by running:
sudo ifup <your-droplet-interface-name>
For example, if the eth0 interface was DOWN, the command would look like this:
sudo ifup eth0
If all of the interfaces are UP, you can restart each interface by running the following commands:
sudo ifdown <your-droplet-interface-name>
sudo ifup <your-droplet-interface-name>
If either of these commands fail, the interface may be in an UNKNOWN state. You can add the --force flag to force the interfaces to restart.
sudo ifdown --force <your-droplet-interface name>
sudo ifup <your-droplet-interface name>
Once you have enabled all of the interfaces, see if your Droplet’s connection issues persist. You can use ping from the Droplet’s command line to see if the Droplet can reach the internet. Additionally, you can ping your Droplet from a terminal on your local machine to ensure the Droplet is receiving network traffic.
ping is a simple network diagnostic tool that measures the availability, latency, and packet loss between the sending and receiving devices. To run ping:
ping google.com
If your Droplet’s connectivity issues persist, review the next section.
Note
ping diagnostic tool uses the ICMP protocol to verify connections. If your cloud firewall doesn’t have an inbound rule for ICMP, it will block any attempts to the reach the Droplet with ping.A successful ping means that you Droplet can connect to hostnames and returns results similar to this:
PING google.com (142.250.80.46): 56 data bytes
64 bytes from 142.250.80.46: icmp_seq=0 ttl=115 time=16.030 ms
64 bytes from 142.250.80.46: icmp_seq=1 ttl=115 time=16.699 ms
64 bytes from 142.250.80.46: icmp_seq=2 ttl=115 time=17.051 ms
If the ping returns an error, continue the next section of this guide.
Check Network Configuration File
Your Droplet’s network configuration files contain information about the Droplet’s network interfaces. If you’ve recently changed one of these files, the changes may have not persisted after a reboot or may be misconfigured.
Before making any changes to your network file configuration, we recommend taking a snapshot of the Droplet and making a backup of the Droplet’s current network configuration.
Choose your Droplet’s operating system for troubleshooting instructions.
On Ubuntu Droplets, the Droplet’s network configuration is located in the /etc/netplan/50-cloud-init.yaml file. We recommend making a backup copy of this file before altering it. This copy allows you to reinstate the original network configuration if something goes wrong after editing the current configuration.
To make a copy of your Droplet’s network configuration, run the following command:
cp /etc/netplan/50-cloud-init.yaml /etc/netplan/50-cloud-init.yaml.old
After making a copy of the configuration, view your Droplet’s network configuration file by running the following command:
nano /etc/netplan/50-cloud-init.yaml
The Droplet’s network configuration opens using the nano text editor.
network:
version: 2
ethernets:
eth0:
addresses:
- 203.0.113.154/20
- 203.0.255.85/16
gateway4: 192.75.31.155
match:
macaddress: 0a:ee:7a:c3:93:aa
nameservers:
addresses:
- 67.207.67.2
- 67.207.67.3
search: []
set-name: eth0
eth1:
addresses:
- 198.51.100.88/16
match:
macaddress: 12:01:77:bc:cb:d5
nameservers:
addresses:
- 67.207.67.2
- 67.207.67.3
search: []
set-name: eth1
In the example configuration file above, the Droplet has two network interfaces: eth0 and eth1.
eth0- Contains information about the Droplet’s public network interface (the interface used to connect to the internet).eth1- Contains information about the Droplet’s VPC network interface (the interface used to connect to other resources in the datacenter it resides in).
Other interfaces may be listed based on your Droplet’s overall configuration.
You can check for discrepancies in the interfaces originally configured by DigitalOcean (eth0 and eth1) by logging in to the DigitalOcean Control Panel and comparing the IP addresses in each interface (in the addresses stanza) to the ones listed in the control panel.
To locate your Droplet’s network information in the control panel, click Droplets in the main navigation and select the target Droplet from the list of Droplets. From the Droplet’s overview page, click Networking.
Troubleshooting any interfaces beyond the ones originally configured by DigitalOcean may require additional research beyond this guide.
If you see any discrepancies between the IP addresses in your configuration, correct them, save the changes to the file, and then close it. Test the updated configuration by running:
netplan try --debug
This command temporarily applies the network settings to the Droplet and gives you 120 second to test the Droplet’s connections with the new configuration before rolling back to the prior configuration. This is helpful in case the new configuration locks you out of the Droplet. The --debug flag verifies that the YAML file’s formatting is correct.
Use ping again from the Droplet’s command line to test if the Droplet can reach google.com. Also ping the Droplet from a terminal on your local machine to ensure that the Droplet can receive traffic.
If this resolves your connectivity issue, press ENTER, before the 120 second timer ends, to confirm it and apply it. If you’re unsatisfied with the new configuration, press CTRL + C to revert the settings to the prior configuration.
If this doesn’t resolve your Droplet’s connectivity, check your Droplet’s DNS settings in the next section.
Check DNS Nameservers
The nameservers section in the configuration file specifies which DNS resolver servers your Droplet should be querying when trying to connect to a hostname like example.com. If the nameservers are misconfigured, your Droplet won’t connect to hostnames.
Test DNS Resolution
You can test your Droplet’s DNS resolution by logging in to the Droplet and using the ping tool.
To test your Droplet’s DNS resolution, ping the IP address 8.8.8.8 (Google’s DNS servers):
ping 8.8.8.8
You should receive output similar to this:
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=119 time=8.35 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=119 time=7.83 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=119 time=7.80 ms
...
Next, ping the hostname google.com:
ping google.com
You should receive similar results or a name resolution error like this:
ping: google.com: Temporary failure in name resolution
Results
If you receive a name resolution error from pinging the hostname but not the IP address, your network’s DNS configuration is likely incorrect.
If you receive errors from pinging both the hostname and the IP address, your network configuration could be misconfigured elsewhere, such as your DigitalOcean cloud firewall or Droplet level firewall.
If you received data from pinging both the IP address and hostname, your Droplet is resolving DNS correctly and you can skip to the next section.
Correcting DNS Resolution
Each Droplet’s network configuration should contain the IP addresses of DigitalOcean DNS resolvers, as shown in this example:
network:
version: 2
ethernets:
eth0:
addresses:
- 143.110.178.152/20
- 10.47.0.5/16
gateway4: 192.75.31.155
match:
macaddress: 0a:ee:7a:c3:93:aa
nameservers:
addresses:
- 67.207.67.2
- 67.207.67.3
search: []
set-name: eth0
....
If the nameservers section has different IP addresses assigned to it than the ones shown above and your Droplet is experiencing hostname resolution issues, try adding DigitalOcean’s resolvers back to the nameservers section.
DigitalOcean’s nameserver resolver addresses are:
67.207.67.2
67.207.67.3
Save and Apply Any Changes
If you made any changes to the file after reviewing it, save the changes and then close the file. If you’re using the nano text editor, to save the changes and close the file, press ctrl + O and then ctrl + X.
To test the new configuration, run the netplan trial command again:
netplan try --debug
Use ping again from the Droplet’s command line to test if the Droplet can reach google.com. If the command returns successful results, your Droplet can connect to hostnames.
If this resolves your connectivity issue, press ENTER, before the 120 second timer ends, to confirm it and apply it. If you’re unsatisfied with the new configuration, press CTRL + C to revert the settings to the prior configuration.
If this does not resolve your Droplet’s connectivity issue, review the conclusion section of this guide.
On Ubuntu 16.04 and Debian Droplets, the Droplet’s network configuration is located in the /etc/netplan/50-cloud-init.yaml file. To make a copy of your Droplet’s network configuration, run the following command:
cp /etc/network/interfaces.d/50-cloud-init.cfg /etc/network/interfaces.d/50-cloud-init.cfg.old
To view your Droplet’s network configuration file, run the following command:
nano /etc/network/interfaces.d/50-cloud-init.cfg
The Droplet’s network configuration opens using the nano text editor.
auto lo
iface lo inet loopback
dns-nameservers 67.207.67.3 67.207.67.2
auto eth0
iface eth0 inet static
address 203.0.113.154/20
gateway 192.75.31.155
# control-alias eth0
iface eth0 inet static
address 198.51.100.88/16
auto eth1
iface eth1 inet static
address 203.0.113.88/16
In the example configuration file above, the Droplet has two network interfaces: eth0 and eth1.
eth0- Contains information about the Droplet’s public network interface (the interface used to connect to the internet).eth1- Contains information about the Droplet’s VPC network interface (the interface used to connect to other resources in the datacenter).
Other interfaces may be listed based on your Droplet’s overall configuration and software.
You can check for discrepancies in the interfaces originally configured by DigitalOcean (eth0 and eth1) by logging in to the DigitalOcean Control Panel and comparing the IP addresses in each interface to the ones listed in the control panel.
To locate your Droplet’s network information in the control panel, click Droplets in the main navigation and select the target Droplet from the list of Droplets. From the Droplet’s overview page, click Networking.
Troubleshooting any interfaces beyond the ones originally configured by DigitalOcean may require additional research beyond this guide.
Correct any discrepancies you may see in the file, save the changes to the file, and then close it. Test the updated configuration by running:
netplan try --debug
This command temporarily applies the network settings to the Droplet and gives you 120 second to test the Droplet’s connections with the new configuration before rolling back to the prior configuration. This is helpful in case the new configuration locks you out of the Droplet. The --debug flag verifies that the YAML file’s formatting is correct.
Use ping again from the Droplet’s command line to test if the Droplet can reach google.com. Also ping the Droplet from a terminal on your local machine to ensure that the Droplet can receive traffic.
If this resolves your connectivity issue, press ENTER, before the 120 second timer ends, to confirm it and apply it. If you’re unsatisfied with the new configuration, press CTRL + C to revert the settings to the prior configuration.
If this doesn’t resolve your Droplet’s connectivity, check your Droplet’s DNS settings in the next section.
Check DNS Nameservers
The nameservers section in the configuration file specifies which DNS resolver servers your Droplet should be querying when trying to connect to a hostname like example.com. If the nameservers are misconfigured, your Droplet won’t connect to hostnames.
Test DNS Resolution
You can test your Droplet’s DNS resolution by logging in to the Droplet and using the ping tool.
To test your Droplet’s DNS resolution, ping the IP address 8.8.8.8 (Google’s DNS servers):
ping 8.8.8.8
You should receive output similar to this:
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=119 time=8.35 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=119 time=7.83 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=119 time=7.80 ms
...
Next, ping the hostname google.com:
ping google.com
You should receive similar results or a name resolution error like this:
ping: google.com: Temporary failure in name resolution
Results
If you receive a name resolution error from pinging the hostname but not the IP address, your network’s DNS configuration is likely incorrect.
If you receive errors from pinging both the hostname and the IP address, your network configuration could be misconfigured elsewhere, such as your DigitalOcean cloud firewall or Droplet level firewall.
If you received data from pinging both the IP address and hostname, your Droplet is resolving DNS correctly and you can skip to the next section.
Correcting DNS Resolution
Each Droplet’s network configuration should contain the IP addresses of DigitalOcean DNS resolvers, as shown in this example:
network:
version: 2
ethernets:
eth0:
addresses:
- 143.110.178.152/20
- 10.47.0.5/16
gateway4: 192.75.31.155
match:
macaddress: 0a:ee:7a:c3:93:aa
nameservers:
addresses:
- 67.207.67.2
- 67.207.67.3
search: []
set-name: eth0
....
If the nameservers section has different IP addresses assigned to it than the ones shown above and your Droplet is experiencing hostname resolution issues, try adding DigitalOcean’s resolvers back to the nameservers section.
DigitalOcean’s DNS resolver addresses are:
67.207.67.2
67.207.67.3
Save and Apply Any Changes
If you made any changes to the file after reviewing it, save the changes and then close the file. If you’re using the nano text editor, to save the changes and close the file, press ctrl + O and then ctrl + X.
Once you have made your changes, restart the networking service:
systemctl restart NetworkManager.service
If the Droplet disconnects and you can’t regain access to it, access the Droplet using the DigitalOcean Droplet Console and replace the altered network configuration with the original one you copied at the beginning of this section.
Use ping again from the Droplet’s command line to test if the Droplet can reach google.com. If the command returns successful results, your Droplet can connect to hostnames.
If this does not resolve your Droplet’s connectivity issue, review the conclusion section of this guide.
CentOS maintains a configuration file for each of the Droplet’s network interfaces. Before altering one, you should make a backup copy of it. The /etc/sysconfig/network-scripts/ directory contains the configuration files.
To make a copy of a network configuration file, run the following command, replacing the <interface-file> with the name of the file you intend on altering:
cp /etc/sysconfig/network-scripts/<interface-file> /etc/sysconfig/network-scripts/<interface-file>.old
To view your Droplet’s network configuration file, run the following command:
vi /etc/sysconfig/network-scripts/<interface-file>
The Droplet’s network configuration opens using the vi text editor.
# Created by cloud-init on instance boot automatically, do not edit.
#
BOOTPROTO=none
DEFROUTE=yes
DEVICE=eth0
GATEWAY=192.75.31.155
HWADDR=86:60:94:1b:11:1d
IPADDR=203.0.113.154
IPADDR1=198.51.100.88
IPV6ADDR=f2001:DB8:AC1:FE01/64
IPV6INIT=yes
IPV6_DEFAULTGW=f2001:DB8:0CDE:211E
MTU=1500
NETMASK=255.255.240.0
NETMASK1=255.255.0.0
ONBOOT=yes
TYPE=Ethernet
USERCTL=no
The example configuration file above contains the configuration for the eth0 interface, the interface that connects to the public internet.
You can check for discrepancies in the interfaces originally configured by DigitalOcean (eth0 and eth1) by logging in to the DigitalOcean Control Panel and comparing the IP addresses in each interface to the ones listed in the control panel.
To locate your Droplet’s network information in the control panel, click Droplets in the main navigation and select the target Droplet from the list of Droplets. From the Droplet’s overview page, click Networking.
Troubleshooting any interfaces beyond the ones originally configured by DigitalOcean may require additional research beyond this guide.
If you see any discrepancies in the configuration file, correct them, save the file and then close it.
Once you have made your changes, restart the networking service:
systemctl restart networking.service
If the Droplet disconnects you and you can’t regain access to it, access the Droplet using the DigitalOcean Droplet Console and replace the altered network configuration with the original one you copied at the beginning of this section.
Use ping again from the Droplet’s command line to test if the Droplet can reach google.com. Also ping the Droplet from a terminal on your local machine to ensure that the Droplet can receive traffic.
If this doesn’t resolve your Droplet’s connectivity, check your Droplet’s DNS settings in the next section.
Check DNS Nameservers
The nameservers section in the configuration file specifies which DNS resolver servers your Droplet should be querying when trying to connect to a hostname like example.com. If the nameservers are misconfigured, your Droplet won’t connect to hostnames.
Test DNS Resolution
You can test your Droplet’s DNS resolution by logging in to the Droplet and using the ping tool.
To test your Droplet’s DNS resolution, ping the IP address 8.8.8.8 (Google’s DNS servers):
ping 8.8.8.8
You should receive output similar to this:
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=119 time=8.35 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=119 time=7.83 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=119 time=7.80 ms
...
Next, ping the hostname google.com:
ping google.com
You should receive similar results or a name resolution error like this:
ping: google.com: Temporary failure in name resolution
Results
If you receive a name resolution error from pinging the hostname but not the IP address, your network’s DNS configuration is likely incorrect.
If you receive errors from pinging both the hostname and the IP address, your network configuration could be misconfigured elsewhere, such as your DigitalOcean cloud firewall or Droplet level firewall.
If you received data from pinging both the IP address and hostname, your Droplet is resolving DNS correctly and you can skip to the next section.
Correcting DNS Resolution
If your Droplet can successfully ping IP addresses but not hostnames, review your Droplet’s DNS resolvers to ensure they have the correct IP addresses. To review the Droplet’s DNS resolvers, run:
vi /etc/resolv.conf
Each Droplet’s network configuration should contain the IP addresses of DigitalOcean DNS resolvers, as shown in this example:
; Created by cloud-init on instance boot automatically, do not edit.
;
nameserver 67.207.67.3
nameserver 67.207.67.2
If the resolv.conf file has different IP addresses assigned to it than the ones shown above and your Droplet is experiencing hostname resolution issues, try adding DigitalOcean’s resolvers back to the nameservers section.
DigitalOcean’s nameserver resolver addresses are:
67.207.67.2
67.207.67.3
If you edited the file, save the changes and then close it. Then restart the networking service:
systemctl restart networking.service
Use ping again from the Droplet’s command line to test if the Droplet can reach google.com. If the command returns successful results, your Droplet can connect to hostnames.
If this does not resolve your Droplet’s connectivity issue, review the conclusion section of this guide.
Conclusion
If you’re still unable to get your Droplet to connect properly, you can open a support ticket. Make sure to include the following information:
- Your Droplet’s full OS version information. You can find this by running
cat /etc/*release. - The full output of any errors related to the network issue.
- All of the information you’ve gathered from troubleshooting so far.
- Anything you were unclear about while referencing this article.
Including all the above diagnostic information and clarifying where you are encountering the issue can help us quickly get up to speed with where your need on the issue is.
