How do I configure the LNI of my EC2 instance that runs on an Outposts server?

11 minute read

I want to configure the local network interface (LNI) in the operating system (OS) of my Amazon Elastic Compute Cloud (Amazon EC2) instance. My EC2 instance runs on an AWS Outposts server.

Short description

When you're configuring the networking in the OS of your Outposts server instance, complete the following tasks:

Assign an IP address to the LNI.
Configure the routing to use the LNI and your local network's gateway.
Configure the policy-based routing to use your local network's gateway for traffic that's sourced from the LNI.

To configure the network interfaces in your instance's OS, complete the following steps:

Identify and activate the network device that's associated to the LNI.
(Optional) Assign a static IP address to your LNI.
Configure your interface routes and rules.
Make your changes persistent.

Resolution

The following resolution applies to these OS distributions:

Linux: Amazon Linux 2, Amazon Linux 2023, Red Hat Enterprise Linux (RHEL) 8, RHEL9, SUSE 12, SUSE 15, Ubuntu 18.04, Ubuntu 20.04, Ubuntu 22.04
Windows: Windows Servers 2008 R2 and later

Prerequisites

Note: In the following steps, replace these example values with your values:

eth1 with the LNI's device name.
192.168.59.11/24 with the IP address that you want to assign to your LNI.
192.168.59.255 with your local network's broadcast address.
192.168.59.254 with your local network's gateway.
8.8.8.8/32 with the external IP address or subnet.
8.8.8.8 with your external IP address.
255.255.255.255 with your MASK
ens6 with the LNI's device name
0a:64:7a:00:4f:92 with the LNI's MAC address.
192.168.59.11/24 with the static IP address that's assigned to the LNI in CIDR notation.
192.168.59.0/24 with your local network's CIDR.
24 with the local network's prefix.
Wired connection 1 with the connection name.

Identify and activate the network device that's associated to the LNI

Complete the following steps:

Open the Amazon EC2 console.
In the navigation pane, under Instances, choose Instances.
Select the instance that's running on the Outposts server.
In the Networking section, under Network Interfaces, select the LNI's interface ID.
Under IP addresses, note the LNI's MAC address.

Linux

(For RHEL8 and RHEL9) Turn off nm-cloud-setup.service and nm-cloud-setup.timer so that the LNI isn't automatically configured with the IP address visible in the Amazon EC2 console:

$ sudo systemctl disable --now nm-cloud-setup.service nm-cloud-setup.timer

Run the following command to show the network device's MAC address:

# sudo ip link show | egrep -o "(^[0-9]:.*:)|([0-9a-f]{2}:)+[0-9a-f]{2}"

Note the network device name with the same MAC address as the device that's attached to your LNI. If the interface is down, then run the following command to activate it:
```
sudo ip link set dev eth1 up
```

Windows

As an administrator, run the following command to show the network device's MAC address:
```
getmac /v
```
Find the network device with the same MAC address as the device that's attached to your LNI.
Review the adapter settings for the adapter that's associated to the LNI. To verify that the adapter is turned on, choose Network and Sharing Center, and then choose Change adapter settings.

(Optional) Assign a static IP address to your LNI

Note: If you use DHCP in your local network, then proceed to Configure your LNI interface routes and rules. If you use RHEL8 and RHEL9, then proceed to Make your changes persistent.

Complete the following steps:

Linux

Assign an IP address to the network interface that you identified as the LNI:

# sudo ip addr add 192.168.59.11/24 brd 192.168.59.255 dev eth1

Windows

See How can I assign a static IP address to my Amazon EC2 Windows instance?

Note: The default gateway is assigned to the primary network adapter. To keep the default gateway for the primary elastic network interface, don't specify a default gateway for the LNI. Instead, define static routes for the destinations that specify your local network gateway.

Configure your LNI interface routes and rules

Note: If you use RHEL8 and RHEL9, then proceed to Make your changes persistent.

Complete the following steps:

Linux

Open your instance's OS.

Create a record in /etc/iproute2/rt_tables for route table LNI with an ID of 300 for the LNI to use:

# echo "300 LNI" | sudo tee -a /etc/iproute2/rt_tables

Create a rule to check the LNI table for traffic that's sourced from the CIDR of the local network where the LNI resides:
```
# sudo ip rule add from 192.168.59.0/24 table LNI
```
Note: If you use a static IP address, then define rules based on a single IP address and not the entire local network. If you assign multiple IP addresses to the LNI and want to use different rules, then define the rules based on single IP addresses.

Create a default route in the LNI table:

# sudo ip route add default via 192.168.59.254 dev eth1 table LNI

Create a route for outbound traffic to the external IP address or subnet. Configure the outbound traffic to use your local network's gateway to go through the LNI:

# sudo ip route add 8.8.8.8/32 via 192.168.59.254 dev eth1

Windows

Open your instance's OS.
As an administrator, open a command prompt window.

Create a route to force the outbound traffic to the external IP address or subnet to use your local gateway's network:

route ADD 8.8.8.8 MASK 255.255.255.255 192.168.59.254

Repeat the steps to add a route for each external IP address or subnet that can contact the LNI. Configure these routes with your local network's gateway and based on your local network configuration and firewall rules.

Make your changes persistent

Note: The following example configurations are based on the steps in previous sections, including the static IP address assignment to the LNI. Replace the values according to your network configurations and use case.

Complete the following steps based on your OS distribution:

Amazon Linux 2023

Open your instance's OS.

Create a new file in /etc/systemd/network/ with your LNI configuration requirements:

sudo vi /etc/systemd/network/20-ens6.network

[Match]
MACAddress=0a:64:7a:00:4f:92

[Link]
Description=LNI Outposts Server
Name=ens6

[Network]
Address=192.168.59.11/24

[RoutingPolicyRule]
From=192.168.59.0/24
Table=300

[Route]
Destination=8.8.8.8/32
Gateway=192.168.59.254

[Route]
Destination=0.0.0.0/0
Gateway=192.168.59.254
Table=300

Restart the systemd-networkd service to apply the configurations, and then test the connectivity:

sudo systemctl restart systemd-networkd

Reboot the system to make sure that the configurations are successfully applied.

Amazon Linux 2

Open your instance's OS.

Turn off the automation that the amazon-ec2-net-utils package provides for the LNI's network device:

sudo sed -i -e 's/^EC2SYNC=yes/EC2SYNC=no/' /etc/sysconfig/network-scripts/ifcfg-eth1

Check the ifcfg-<LNI_name> file, and apply your configurations:

sudo vi  /etc/sysconfig/network-scripts/ifcfg-eth1

DEVICE=eth1
BOOTPROTO=static
ONBOOT=yes
TYPE=Ethernet
USERCTL=yes
HWADDR=0a:0b:6b:85:88:7c
IPADDR="192.168.59.11"
PREFIX=24
EC2SYNC=no

In your configuration file /etc/sysconfig/network-scripts/route-<LNI_name>, add the routes with your LNI configuration requirements:

sudo vi /etc/sysconfig/network-scripts/route-eth1

0.0.0.0/0 via 192.168.59.254 dev eth1 table LNI
8.8.8.8/32 via 192.168.59.254 dev eth1

Note: If the file doesn't exist, then the previous command creates a configuration file.

Create a rule in the /etc/sysconfig/network/ifroute-<LNI_name> configuration file for the network device to use the LNI table for traffic that's sourced from the CIDR:
```
# sudo vi /etc/sysconfig/network-scripts/rule-eth1

from 192.168.59.0/24 lookup LNI
```
Note: If you use a static IP address, then define rules based on a single IP address instead of the entire local network. Or, if you assigned multiple IP addresses to the LNI and want to use different rules, then define the rules based on single IP addresses.
Reboot the system to make sure that the configurations are successfully applied.

RHEL 8 and RHEL 9

Note: For network device naming best practices, see Implementing consistent network interface naming for RHEL 8 and Implementing consistent network interface naming for RHEL 9 on the Red Hat website.

Open your instance's OS.

Turn off the nm-cloud-setup.service and nm-cloud-setup.timer:

$ sudo systemctl disable --now nm-cloud-setup.service nm-cloud-setup.timer

Create a record in /etc/iproute2/rt_tables for route table LNI with an ID of 300 for the LNI to use:

# echo "300 LNI" | sudo tee -a /etc/iproute2/rt_tables

To find the connection name that's related to the LNI device, run the following command:
```
$ sudo nmcli connection show
```

To change the connection name to LNI, run the following command:

$ sudo nmcli connection modify "Wired connection 1" connection.id "LNI"

To configure your connection to automatically connect at boot and turn off the default gateway, run the following command:

$ sudo nmcli connection modify "LNI" connection.autoconnect true ipv4.never-default yes

If you use a static IP address, then use nmcli to permanently set it for the LNI interface:

$ sudo nmcli connection modify "LNI" ipv4.method manual ipv4.addresses 192.168.59.11/24

Activate the LNI connection:

$ sudo nmcli conn up LNI

Use nmcli to create your permanent routes:

$ sudo nmcli connection modify "LNI" ipv4.routes "0.0.0.0/0 192.168.59.254 table=300"

$ sudo nmcli connection modify "LNI" +ipv4.routes "8.8.8.8/32 192.168.59.254"

Create a permanent rule in the configuration file. Configure the network device to use the LNI table for traffic that's sourced from the CIDR.
Reboot the system to make sure that the configurations are successfully applied.

SUSE12 and 15

Open your instance's OS.

Review your udev rules. To keep the LNI device name tied to its MAC address, you must base the rules on your LNI's MAC address:

sudo cat /etc/udev/rules.d/70-persistent-net.rules
# This file was automatically generated by the /usr/lib/udev/write_net_rules
# program, run by the persistent-net-generator.rules rules file.
#
# You can modify it, as long as you keep each rule on a single
# line, and change only the value of the NAME= key.

# hotplug net device
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="0a:0b:6b:85:88:7c", KERNEL=="eth*", NAME="eth1"

Based on your use case, configure the LNI:

# sudo vi /etc/sysconfig/network/ifcfg-eth1

STARTMODE="auto"
DEVICE="eth1"
BOOTPROTO="static"
IPADDR="192.168.59.11/24"
CLOUD_NETCONFIG_MANAGE='no'

In your configuration file, add the routes to /etc/sysconfig/network/ifroute-<LNI_name> with your LNI configuration requirements:

# sudo vi /etc/sysconfig/network/ifroute-eth1

0.0.0.0/0 192.168.59.254 - eth1 table LNI
8.8.8.8/32 192.168.59.254 - eth1

Create a rule in the /etc/sysconfig/network/ifrule-<LNI_name> configuration file. Configure the network device to use the LNI table for traffic that's sourced from the CIDR.
```
# sudo vi /etc/sysconfig/network/ifrule-eth1

from 192.168.59.0/24 lookup LNI
```
Note: If you use a static IP address, then define rules based on a single IP address instead of the entire local network. Or, if you assigned multiple IP addresses to the LNI and want to use different rules, then define the rules based on single IP addresses.
Reboot the system to make sure that the configurations are successfully applied.

Ubuntu 18.04, Ubuntu 20.04, and Ubuntu 22.04

Open your instance's OS.

Create a new file in /etc/netplan/ with your LNI configuration requirements:

sudo vi /etc/netplan/51-ens6.yaml

network:
  version: 2
  renderer: networkd
  ethernets:
    ens6:
      dhcp4: false
      dhcp4-overrides:
         use-dns: false
         route-metric: 100
      dhcp6: false
      match:
         macaddress: 0a:0b:6b:85:88:7c
      set-name: ens6
      addresses: [192.168.59.11/24]
      routes:
       - to: 0.0.0.0/0
         via: 192.168.59.254
         table: 300
       - to: 8.8.8.8/32
         via: 192.168.59.254
      routing-policy:
        - from: 192.168.59.0/24
          table: 300

To restrict access to the network configuration files inside /etc/netplan/, modify the file permissions:

$ sudo chmod 600 /etc/netplan/*.yaml

Use netplan to apply the configurations, and then test the connectivity:
```
sudo netplan apply
```
Reboot the system to make sure that the configurations are successfully applied.

Windows (Any)

Open your instance's OS.
As an administrator, open a command prompt window.

Create a permanent route to force the outbound traffic to the external IP or subnet to use your local network's gateway:

route -p ADD 8.8.8.8 MASK 255.255.255.255 192.168.59.254

Repeat the steps to add a permanent route for each external IP address and subnet that can contact the LNI. Configure these routes with your local network's gateway and based on your local network configuration and firewall rules.

Topics

Compute

Relevant content

EKS on Outposts Server
Adnan
asked 2 months ago
EKS on Outposts Server
Adnan
asked 2 months ago
Availability of AMIs on outpost
Accepted Answer
AWS-User-3917334
asked 4 years ago
Is the pricing of using services in outpost the same as using on cloud?
Accepted Answer
SRQ
asked 2 years ago
What is the uptime SLA of AWS Outposts?
Ronnie
asked 9 months ago
Why is some EC2 instance capacity missing on my Outpost?
AWS OFFICIALUpdated 3 years ago
How do I turn on and configure enhanced networking on my EC2 instances?
AWS OFFICIALUpdated a year ago
How do I troubleshoot an AWS Outposts server failing to provision or initialize for Outposts?
AWS OFFICIALUpdated a year ago
How can I configure the password policy for my RDS for SQL Server instance?
AWS OFFICIALUpdated a year ago
The Advantages of Using VMware Cloud on AWS for Your Business
EXPERT
Sedat Salman
published 10 months ago