Issue: Unable to Ping Docker Container (192.168.70.132) from EC2 Instance B in AWS VPC

0

I created two ec2 instances in a subnet 10.0.0.0/24 of the network 10.0.0.0/16 in vpc. Let say ec2 instance 1- A(10.0.0.56), ec2 instance 2 - B(10.0.0.125) Now I run a docker-compose environment in A(10.0.0.56), that creates an environment of 192.168.70.128/26 inside A. Now i am able to ping A from B by making some security groups changes in aws. I am not able to ping the docker container(192.168.70.132) from system B. I am able to ping that from the system A itself.

asked 15 days ago43 views
1 Answer
1

The issue you're experiencing is likely due to the way Docker networking is set up within your EC2 instance A and how it interacts with your VPC configuration. Here are a few points to consider:

  1. Docker networking: By default, Docker creates its own internal network for containers, which is not directly accessible from outside the host machine. In your case, the Docker network (192.168.70.128/26) is only visible within instance A.

  2. VPC routing: Your VPC is configured with the CIDR block 10.0.0.0/16, and both EC2 instances are in the same subnet 10.0.0.0/24. The VPC routing table doesn't know how to reach the 192.168.70.0/24 network, as it's internal to instance A.

  3. Network Address Translation (NAT): To make the Docker containers accessible from outside instance A, you would typically need to set up port forwarding or use the host network mode for your containers.

To resolve this issue, you have a few options:

  1. Use port forwarding: Configure your Docker containers to expose specific ports, and then set up port forwarding on instance A to map these ports to the host's IP address. This way, instance B can reach the containers through instance A's IP address and the mapped ports.

  2. Use host network mode: Run your Docker containers using the host network mode, which will make them use the host's network stack directly. However, this may have security implications and is not always recommended.

  3. Set up custom routing: You could potentially set up custom routing in your VPC to direct traffic for the 192.168.70.0/24 network to instance A. This would require additional configuration and may have broader network implications.

  4. Use overlay networking: If you need direct communication between containers across hosts, consider using Docker's overlay networking feature or other container orchestration solutions that provide cross-host networking.

Remember to also check your security group settings to ensure they allow the necessary traffic between instances A and B, as well as to the Docker containers.

Given the complexity of networking in containerized environments, it's often more practical to expose services through port forwarding or by using container orchestration platforms that handle cross-host networking more seamlessly.
Sources
Troubleshooting AWS Cloud9 - AWS Cloud9
Unable to ping my Ec2 instance using Public Ip | AWS re:Post
Routing between Availability Zones in a single VPC | AWS re:Post

profile picture
answered 15 days ago
profile picture
EXPERT
reviewed 15 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions