我刚刚进入VPC,试图了解一切是如何运作的.到目前为止,我遇到的最大障碍是,每当我向机器添加第二个Elastic NIC时,VPC中的任何其他IP都无法访问第二个IP.这就是我做的
>推出Canonical为Ubuntu 12.10 x64 EBS提供AMI.
>在启动期间,我将其配置为两个网络接口(相同的子网)
>一旦机器启动,我将以下内容添加到/ etc / network / interfaces:
auto eth1
iface eth1 inet dhcp
> ifup eth1
>运行ifconfig,验证第二个地址是否已启动.
在我的主要(可访问Internet)实例上:
> ping(新实例eth0的IP) – 正常工作
> ping(新实例eth1的IP) – FAILS
没有ACL可以阻止ping,因为它与eth0一起使用.机器上没有防火墙设置.我已经在多个SG和具有多个接口的AZ上尝试了4个不同的实例,所有这些实例都具有相同的结果.
我一直在靠墙砸我的头比我想承认的更长.我无法弄清楚错误在哪里.
默认情况下,路由表仅将流量路由到eth0.
即使ubuntu检测到其他ENI,您仍然需要将流量路由到它.
即使ubuntu检测到其他ENI,您仍然需要将流量路由到它.
你必须做一些高级路由:
1)立即和暂时允许访问第二个ENI.
来源:http://www.rjsystems.nl/en/2100-adv-routing.php
# this will show your route table,i'll assume you have eth0 and eth1 # and your default is for eth0 to point to the gateway # for this example lets assume the following: # eth0 = 192.168.100.5 # eth1 = 192.168.100.10 # gateway = 192.168.100.1 ip route show ; # first step is to create a routing table for your new device cat /etc/iproute2/rt_tables ; echo 2 eth1_rt >> /etc/iproute2/rt_tables ; # next add the eth1_rt route table,so by default it will also point to the gateway ip route add default via 192.168.100.1 dev eth1 table eth1_rt ; # next take a look at your ip rules # i'll assume the defaults here,and things flows to default with priority 32767 ip rule; # let's add a rule,if we see traffic from eth1's IP address,# use its new routing table we setup,and give it higher priority than default ip rule add from 192.168.100.10 lookup eth1_rt prio 1000 ; # done! now check your traffic from both IPs,they should both work.
2)在重新启动时启用对第二个ENI的访问但持续访问.
来源:http://blog.bluemalkin.net/multiple-ips-and-enis-on-ec2-in-a-vpc/
此外,如果您希望此更改保持不变,您可以在接口文件中进行所有这些更改,只需重新启动网络服务或重新启动即可使其生效.
# NOTE: add the eth1_rt routing table to /etc/iproute2/rt_tables as show in previous section
# original config to make dchp,I add mine to /etc/network/interfaces.d/eth1.cfg
auto eth1
iface eth1 inet dchp
# your extra rules for eth1
up ip route add default via 192.168.100.1 dev eth1 table eth1_rt
up ip rule add from 192.168.100.10 lookup eth1_rt prio 1000
要使其完全生效,请重新启动系统.
注意:我试过/etc/init.d/networking restart;但它没有拿起路线/规则的变化,不知道为什么,所以我重启了.如果您想立即使用它,请执行这两种方法.
