- Newest
- Most votes
- Most comments
There can be a lot of variables here. start by checking these
- Security group of Instance where you want to reach allow traffic from instance sending traffic.
- Check route table for both subnets, generally having a route to local on VPC CIDR is expected to talk with private IPs.
- Can you confirm using telnet (yum install telnet) => $ telnet <PRIVATE-IP> 22. Generally SSH daemon is running on EC2 machines.
- For ping ICMP protocol should be checked in Security group.
- Also, make sure VPC is same.
Also to add to your questions:
1. Is it supported to use private ip addresses of EC2 instances across two local zones in the same region?
Yes, it is supported to have communication between 2 EC2 machines across different AZs as in us-east-1a and us-east-1b, but there should be a route between them to reach to each other. (172.31.0.0/16 local - in Route Table)
2. Why does this only work in us-west-2?
From just the description of this question, it is difficult to say this, but looks like in us-west-2, the routes are properly set and in us-east-1 the routes have been fiddled with. Can you try to roughly compare the subnets/route tables.
Apologies for not asking this earlier.
What response do you get from PING and telnet?
If it is refused that means there is nothing running there. else,
if is connection timed out => there is some network problem which is not allowing communication.
when testing with telnet, you tried port 22 for SSH, during this did you make sure security group on INBOUND had 22 open.
additionally can you try to allow all traffic on instance which you are trying to send packets to from security group attached to instance sending requests?
Thanks. Let us know if this works?
Relevant content
- Accepted Answerasked 2 years ago
- asked a year ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
Thanks for the reply! The security group for each subnet is set to allow all ICMP, the VPC is the same, and the route table contains 172.31.0.0/16 local. Settings between my us-east-1 and us-west-2 setup are the same. I also tried with telnet and could not connect. Telnet and ping do work from an instance in a local zone(us-east-1-bos-1a) to a private ip address in us-east-1a just not from one local zone to another (us-east-1-bos-1a to us-east-1-mia-1a). This is why I thought local zones specifically might not be supported.