I’m not sure what restrictions Digital Ocean place on their network, but some ISPs will prevent multiple MAC addresses appearing on the VPS network port. In these cases, the bridge and macvlan options are not possible because they make the container appear as another Ethernet device on the network.
When you want to have public IPs inside a container but still want to share the host’s MAC address with the wider network, then routed and ipvlan NIC types are suitable.
The ipvlan NIC type however does not allow the containers to communicate with the host (or vice versa) so may not be appropriate for your situation.
The routed NIC type type does allow this, and uses the same approach as LXD’s ipvlan implementation by using proxy ARP to make the container’s IP appear on the host’s external network, whilst sharing the host’s MAC address. It also configures the static routes on the host needed to route traffic arriving at the host into the container.
When firewalling on the host with routed NICs, container traffic will be processed via the FORWARD table rather than the INPUT or OUTPUT chains, whereas with ipvlan NICs traffic will hit the INPUT chains instead.
See 3.19 and Routed networking mode configuration example needed for a working routed NIC config, including netplan config.