Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

Data routing to VPC Endpoint from different AZ

1

I have 3 subnets in 3 different AZ. I have VPC endpoint connected to our partner's VPC Endpoint Service. This endpoint connected to each of 3 subnets.

To send data to the endpoint I'm using general DNS name which resolves in 3 Internal IP addresses.

In the meanwhile, I've spotted big amount of paid Cross-AZ traffic. From flow logs it is clear that it is traffic from my instances (or fargate tasks) to this VPC Endpoint.

My question is: **Is it possible to force using VPC Endpoint ENI from the same AZ as origin? ** Or the only way is to use different DNS names in different AZ?

Argomenti
Networking e distribuzione di contenutiServerlessContainer
Tag
Amazon VPCAWS FargateNetworking e distribuzione di contenutiAWS PrivateLink
Lingua
English
profile picture
Smotrov
posta 2 anni fa2970 visualizzazioni
2 Risposte
7

Yes, you can choose which endpoint to use but (as you say) it is up to the DNS entry that you use. Your client machine (EC2 instance or on premises) will resolve multiple IPs if given the "generic" endpoint name; or a single IP if given the AZ-specific name. Note that using an AZ-specific name isn't desirable if there is some failure within that AZ that is causing the endpoint not to respond.

For those reading along, you can find the names for your endpoints in the console or by running aws ec2 describe-vpc-endpoints - you'll see the endpoint DNS name (something like vpce-xxxxxxxx.ec2.region.vpce.amazonaws.com) and you'll also so the AZ-specific names (such as vpce-xxxxxxxx-region-1a.ec2.region.vpce.amazonaws.com).

profile pictureAWS
ESPERTO
Brettski-AWS
con risposta 2 anni fa
  • Smotrov
    2 anni fa

    Tank you for your response! The benefit of cross-zone routing are clear. However, in our case 50-100TB/month it generates pretty significant cost for Cross-AZ traffic. Single AZ or isolated AZ does not have this costs at all.

0

If you prefer not to change the DNS, you can also mange it with specific routes per subnet to point to ENI/IP in the RoutingTable(s), but as suggested here before, if something happen to the endpoint, your AZ is down (at least what's dependent on that route). Also, regardless, make sure you validate with your partner what's the AZ ID (not its name - as those are random per account)

AWS
AWS-ProServe
con risposta 2 anni fa
  • Smotrov
    2 anni fa

    Interesting idea with routing table... How does this routing table record could look like?

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente