Amazon-Web-Services

用於 RHEL ec2 實例上的額外 eni 的 ip 路由

  • August 6, 2017

我注意到,當在 ec2 上添加額外的 ENI 時,讓路由工作非常困難,並且沒有任何文件可供參考。

我確實知道,如果使用 Amazon Linux ami,一切都會自動執行良好,無需任何額外工作。但是使用任何其他 ami,必須配置路由才能工作。

非亞馬遜 Linux

[root@ip-10-11-2-20 ~]# cat /etc/*release
NAME="Red Hat Enterprise Linux Server"
VERSION="7.3 (Maipo)"
ID="rhel"
ID_LIKE="fedora"
VERSION_ID="7.3"
PRETTY_NAME="Red Hat Enterprise Linux Server 7.3 (Maipo)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:redhat:enterprise_linux:7.3:GA:server"
HOME_URL="https://www.redhat.com/"
BUG_REPORT_URL="https://bugzilla.redhat.com/"

REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 7"
REDHAT_BUGZILLA_PRODUCT_VERSION=7.3
REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="7.3"
Red Hat Enterprise Linux Server release 7.3 (Maipo)
Red Hat Enterprise Linux Server release 7.3 (Maipo)

[root@ip-10-11-2-20 ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.11.2.1       0.0.0.0         UG    100    0        0 eth0
0.0.0.0         10.11.2.1       0.0.0.0         UG    101    0        0 eth1
10.11.2.0       0.0.0.0         255.255.255.0   U     100    0        0 eth0
10.11.2.0       0.0.0.0         255.255.255.0   U     101    0        0 eth1
[root@ip-10-11-2-20 ~]# ip route
default via 10.11.2.1 dev eth0  proto static  metric 100
default via 10.11.2.1 dev eth1  proto static  metric 101
10.11.2.0/24 dev eth0  proto kernel  scope link  src 10.11.2.20  metric 100
10.11.2.0/24 dev eth1  proto kernel  scope link  src 10.11.2.247  metric 101

[root@ip-10-11-2-20 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 9001
       inet 10.11.2.20  netmask 255.255.255.0  broadcast 10.11.2.255
       inet6 fe80::1012:30ff:feca:4bd0  prefixlen 64  scopeid 0x20<link>
       ether 12:12:30:ca:4b:d0  txqueuelen 1000  (Ethernet)
       RX packets 3065  bytes 258041 (251.9 KiB)
       RX errors 0  dropped 0  overruns 0  frame 0
       TX packets 2375  bytes 351169 (342.9 KiB)
       TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 9001
       inet 10.11.2.247  netmask 255.255.255.0  broadcast 10.11.2.255
       inet6 fe80::1034:1bff:fe8d:c742  prefixlen 64  scopeid 0x20<link>
       ether 12:34:1b:8d:c7:42  txqueuelen 1000  (Ethernet)
       RX packets 473  bytes 22008 (21.4 KiB)
       RX errors 0  dropped 0  overruns 0  frame 0
       TX packets 58  bytes 5544 (5.4 KiB)
       TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
       inet 127.0.0.1  netmask 255.0.0.0
       inet6 ::1  prefixlen 128  scopeid 0x10<host>
       loop  txqueuelen 1  (Local Loopback)
       RX packets 140  bytes 11924 (11.6 KiB)
       RX errors 0  dropped 0  overruns 0  frame 0
       TX packets 140  bytes 11924 (11.6 KiB)
       TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@ip-10-11-2-20 ~]# ping -c 3 10.11.2.20
PING 10.11.2.20 (10.11.2.20) 56(84) bytes of data.
64 bytes from 10.11.2.20: icmp_seq=1 ttl=64 time=0.013 ms
64 bytes from 10.11.2.20: icmp_seq=2 ttl=64 time=0.027 ms
64 bytes from 10.11.2.20: icmp_seq=3 ttl=64 time=0.025 ms

--- 10.11.2.20 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 0.013/0.021/0.027/0.008 ms

[root@ip-10-11-2-20 ~]# ping -c 3 10.11.2.247
PING 10.11.2.247 (10.11.2.247) 56(84) bytes of data.
64 bytes from 10.11.2.247: icmp_seq=1 ttl=64 time=0.013 ms
64 bytes from 10.11.2.247: icmp_seq=2 ttl=64 time=0.024 ms
64 bytes from 10.11.2.247: icmp_seq=3 ttl=64 time=0.024 ms

--- 10.11.2.247 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 0.013/0.020/0.024/0.006 ms

亞馬遜 Linux

[root@ip-10-11-2-149 ~]# cat  /etc/*release
NAME="Amazon Linux AMI"
VERSION="2017.03"
ID="amzn"
ID_LIKE="rhel fedora"
VERSION_ID="2017.03"
PRETTY_NAME="Amazon Linux AMI 2017.03"
ANSI_COLOR="0;33"
CPE_NAME="cpe:/o:amazon:linux:2017.03:ga"
HOME_URL="http://aws.amazon.com/amazon-linux-ami/"
Amazon Linux AMI release 2017.03

[root@ip-10-11-2-149 ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.11.2.1       0.0.0.0         UG    0      0        0 eth0
0.0.0.0         10.11.2.1       0.0.0.0         UG    10001  0        0 eth1
10.11.2.0       0.0.0.0         255.255.255.0   U     0      0        0 eth0
10.11.2.0       0.0.0.0         255.255.255.0   U     0      0        0 eth1
169.254.169.254 0.0.0.0         255.255.255.255 UH    0      0        0 eth0

[root@ip-10-11-2-149 ~]# ip route
default via 10.11.2.1 dev eth0
default via 10.11.2.1 dev eth1  metric 10001
10.11.2.0/24 dev eth0  proto kernel  scope link  src 10.11.2.149
10.11.2.0/24 dev eth1  proto kernel  scope link  src 10.11.2.61
169.254.169.254 dev eth0

[root@ip-10-11-2-149 ~]# ifconfig
eth0      Link encap:Ethernet  HWaddr 12:B2:B8:77:D0:F8
         inet addr:10.11.2.149  Bcast:10.11.2.255  Mask:255.255.255.0
         inet6 addr: fe80::10b2:b8ff:fe77:d0f8/64 Scope:Link
         UP BROADCAST RUNNING MULTICAST  MTU:9001  Metric:1
         RX packets:1490 errors:0 dropped:0 overruns:0 frame:0
         TX packets:1441 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:1000
         RX bytes:129285 (126.2 KiB)  TX bytes:143368 (140.0 KiB)

eth1      Link encap:Ethernet  HWaddr 12:9B:45:32:EB:BA
         inet addr:10.11.2.61  Bcast:10.11.2.255  Mask:255.255.255.0
         inet6 addr: fe80::109b:45ff:fe32:ebba/64 Scope:Link
         UP BROADCAST RUNNING MULTICAST  MTU:9001  Metric:1
         RX packets:263 errors:0 dropped:0 overruns:0 frame:0
         TX packets:347 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:1000
         RX bytes:16825 (16.4 KiB)  TX bytes:25705 (25.1 KiB)

lo        Link encap:Local Loopback
         inet addr:127.0.0.1  Mask:255.0.0.0
         inet6 addr: ::1/128 Scope:Host
         UP LOOPBACK RUNNING  MTU:65536  Metric:1
         RX packets:2 errors:0 dropped:0 overruns:0 frame:0
         TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:1
         RX bytes:140 (140.0 b)  TX bytes:140 (140.0 b)

[root@ip-10-11-2-149 ~]# ping -c 3 10.11.2.149
PING 10.11.2.149 (10.11.2.149) 56(84) bytes of data.
64 bytes from 10.11.2.149: icmp_seq=1 ttl=255 time=0.018 ms
64 bytes from 10.11.2.149: icmp_seq=2 ttl=255 time=0.027 ms
64 bytes from 10.11.2.149: icmp_seq=3 ttl=255 time=0.026 ms

--- 10.11.2.149 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2035ms
rtt min/avg/max/mdev = 0.018/0.023/0.027/0.006 ms

[root@ip-10-11-2-149 ~]# ping -c 3 10.11.2.61
PING 10.11.2.61 (10.11.2.61) 56(84) bytes of data.
64 bytes from 10.11.2.61: icmp_seq=1 ttl=255 time=0.018 ms
64 bytes from 10.11.2.61: icmp_seq=2 ttl=255 time=0.027 ms
64 bytes from 10.11.2.61: icmp_seq=3 ttl=255 time=0.029 ms

--- 10.11.2.61 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2034ms
rtt min/avg/max/mdev = 0.018/0.024/0.029/0.007 ms

現在這是下面的問題…看看非 mazon Linux 如何在 Amazon Linux 上同時 pingeth0eth1ENI,但 Amazon Linux 無法 pingeth1非 Amazon Linux

INTER NETWORKING

非亞馬遜 Linux

[root@ip-10-11-2-20 ~]# ping -c 3 10.11.2.149
PING 10.11.2.149 (10.11.2.149) 56(84) bytes of data.
64 bytes from 10.11.2.149: icmp_seq=1 ttl=255 time=0.629 ms
64 bytes from 10.11.2.149: icmp_seq=2 ttl=255 time=0.486 ms
64 bytes from 10.11.2.149: icmp_seq=3 ttl=255 time=0.472 ms

--- 10.11.2.149 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 0.472/0.529/0.629/0.070 ms

[root@ip-10-11-2-20 ~]# ping -c 3 10.11.2.61
PING 10.11.2.61 (10.11.2.61) 56(84) bytes of data.
64 bytes from 10.11.2.61: icmp_seq=1 ttl=255 time=0.595 ms
64 bytes from 10.11.2.61: icmp_seq=2 ttl=255 time=0.560 ms
64 bytes from 10.11.2.61: icmp_seq=3 ttl=255 time=0.522 ms

--- 10.11.2.61 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 0.522/0.559/0.595/0.029 ms

亞馬遜 Linux

[root@ip-10-11-2-149 ~]# ping -c 3 10.11.2.20
PING 10.11.2.20 (10.11.2.20) 56(84) bytes of data.
64 bytes from 10.11.2.20: icmp_seq=1 ttl=64 time=0.446 ms
64 bytes from 10.11.2.20: icmp_seq=2 ttl=64 time=0.465 ms
64 bytes from 10.11.2.20: icmp_seq=3 ttl=64 time=0.481 ms

--- 10.11.2.20 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2030ms
rtt min/avg/max/mdev = 0.446/0.464/0.481/0.014 ms

[root@ip-10-11-2-149 ~]# ping -c 3 10.11.2.247
PING 10.11.2.247 (10.11.2.247) 56(84) bytes of data.
^C
--- 10.11.2.247 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2028ms

如何允許路由到eth1添加到 RHEL 7 ec2 實例的額外 ENI?

我以前遇到過這個問題,發現這篇博文很有幫助

關於路線設置不正確的一些事情。我已將此添加到 Userdata 腳本中,以便在啟動時正確添加路由。假設我們在 eth1 連接了一個新的 ENI。

# Use the AWS CLI to get the id of the ENI to be attached
 NETWORK_INTERFACE_ID=`aws ec2 describe-network-interfaces --filters "Name=status,Values=available" "Name=tag:Name,Values=$ENI_NAME" "Name=subnet-id,Values=$SUBNET_ID" --output json --query "NetworkInterfaces[0].NetworkInterfaceId" | grep -o 'eni-[a-z0-9]*'`
 # Attach the ENI (and display the attachment id)
 echo "Attaching ENI:$ENI_NAME  NETID:$NETWORK_INTERFACE_ID Index:$ENI_INDEX"

 aws ec2 attach-network-interface --network-interface-id $NETWORK_INTERFACE_ID --instance-id $SELF_INSTANCE_ID --device-index $ENI_INDEX


 printf '\nauto eth1\niface eth1 inet dhcp' >> /etc/network/interfaces.d/eth1.cfg

 GATEWAY=`ip route | awk '/default/ { print $3 }'`
 #get the secondary ip
 SECOND_IP=`aws ec2 describe-network-interfaces --filters  "Name=tag:Name,Values=$ENI_NAME" "Name=subnet-id,Values=$SUBNET_ID" --output text --query "NetworkInterfaces[0].PrivateIpAddress"`
 #add the routes



 echo "Adding the IP routes and rules for secondary $SECOND_IP"
 printf "\nup ip route add default via $GATEWAY dev eth1 tab 2\n" >> /etc/network/interfaces.d/eth1.cfg
 printf "up ip rule add from $SECOND_IP/32 tab 2 prio 1000\n" >> /etc/network/interfaces.d/eth1.cfg

 sleep 20 # the attach takes some time to happen

 systemctl restart networking.service

 ifup eth1

 ip rule list

 ifconfig

引用自:https://serverfault.com/questions/867047