How to Configure Backend Droplets for Network Load Balancers

Validated on 20 Jan 2026 • Last edited on 20 Jan 2026

DigitalOcean fully manages Regional Load Balancers and Global Load Balancers, ensuring they are highly available load balancing services. Load balancers distribute traffic to groups of backend resources in specific regions or across different regions, which prevents the health of a service from depending on the health of a single server, cluster, or region.

Note
This guide applies to network load balancers for Droplets. Network load balancers route TCP and UDP traffic at the transport layer (layer 4). If you’re using an HTTP load balancer (layer 7), you don’t need this configuration.

Network load balancers require backend Droplets to have additional routing configuration. Without this configuration, traffic from the load balancer cannot reach the Droplets. You need to add a route for the load balancer’s IP address and make the configuration persistent across reboots.

When you create a load balancer and choose Network as the traffic management type, complete the steps in this guide for each backend Droplet.

Find the Load Balancer IP Address

Find the IP address of your network load balancer. The address is listed on the Load Balancers page in the control panel, or use doctl to retrieve it with the following command:

doctl compute load-balancer list --format Name,IP

The output displays load balancer names and IP addresses:

Name                       IP
nyc3-load-balancer-01      203.0.113.67
global-load-balancer-01    
network-load-balancer      203.0.113.2

Add a Route for the Load Balancer IP Address

Log in to your backend Droplet using SSH or the console. Run the ip route add command to add a route to the kernel’s IP routing table, using the IP address you retrieved in the previous step. Use eth0 for <your_interface> if the load balancer is public, and eth1 if it’s a private, internal-only load balancer:

ip route add to local <your_loadbalancer_ip> dev <your_interface>

Replace <your_loadbalancer_ip> with the correct IP address.

This command directs traffic for the load balancer IP to the local system. The Droplet claims ownership of the IP address on the specified interface, allowing it to process incoming packets and handle traffic.

For private, internal load balancers only, you must also configure Address Resolution Protocol (ARP) announcements on the eth1 interface. Use sysctl to set net.ipv4.conf.eth1.arp_announce to 2:

sysctl -w net.ipv4.conf.eth1.arp_announce=2

Wait for the load balancer health checks to pass before testing connectivity.

Make the Route Permanent

The ip route and sysctl configuration changes do not persist across reboots. Choose a method to make them persistent based on your operating system.

Using systemd Service

This method works on all modern Linux distributions.

Open the file with nano or your preferred text editor:

sudo nano /etc/systemd/system/configure-nlb.service

Paste in the following. Replace <your_loadbalancer_ip> with the correct IP address, and <your_interface> with eth0 for public load balancers or eth1 for private:

[Unit]
Description=Configure Network Load Balancer
After=network.target

[Service]
ExecStart=/sbin/ip route add to local <your_loadbalancer_ip> dev <your_interface>
#ExecStart=/sbin/sysctl -w net.ipv4.conf.eth1.arp_announce=2
Type=oneshot
RemainAfterExit=yes

[Install]
WantedBy=multi-user.target

If you’re configuring a private load balancer, uncomment the ExecStart=/sbin/sysctl ... command by removing the # at the beginning of the line.

Save the file and quit your editor to return to the command prompt.

Use systemctl to enable and start the configure-nlb service:

sudo systemctl enable configure-nlb
sudo systemctl start configure-nlb

Verify the service status:

sudo systemctl status configure-nlb

The output shows enabled and active (exited). The routing changes now persist across system reboots.

Note
If your Droplet uses systemd-networkd (default on Ubuntu 22.04+, Debian 12+), the ip route add command does not survive systemd-networkd restarts, which occur during routine package updates. Debian 12 requires Netplan installation: sudo apt install netplan.io

Create a new Netplan configuration file at /etc/netplan/60-load-balancer.yaml and paste the following:

network:
  version: 2
  ethernets:
    <your_interface>:
      routes:
        - to: <your_loadbalancer_ip>/32
          table: 255
          type: local

Replace <your_loadbalancer_ip> with the correct IP address, and <your_interface> with eth0 for public load balancers or eth1 for private.

Set restrictive permissions on the configuration file:

sudo chmod 600 /etc/netplan/60-load-balancer.yaml

Apply the Netplan configuration:

sudo netplan apply
sudo systemctl restart systemd-networkd

To set the ARP announce behavior, create /etc/sysctl.d/90-load-balancer.conf and paste the following:

net.ipv4.conf.eth1.arp_announce=2

Apply the sysctl settings as follows:

sudo sysctl -p /etc/sysctl.d/90-load-balancer.conf

Verify that the route was added successfully:

ip route show table local | grep <your_loadbalancer_ip>

Verify the ARP setting was applied:

sysctl net.ipv4.conf.eth1.arp_announce

The route now persists through systemd-networkd restarts. The sysctl setting persists automatically as it’s a kernel parameter.

We can't find any results for your search.

Try using different keywords or simplifying your search terms.