Instance ID: i-0da64bfed94b696d1
Instance Region: US-Gov-East
Short story: both private IP addresses on primary network interface can be pinged, but both private IP addresses on secondary network interface cannot be pinged.
Long story:
Based on https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/MultipleIP.html#StepTwoConfigOS , using Amazon Linux 2 AMI, it will automatically configure additional network interfaces and IP addresses.
With a micro ec2 instance, theoretically it can have 4 private IP addresses (2 network interfaces, 2 IP addresses on each network interface).
My steps to create the 4 IP addresses:
- Create an ec2 instance from Amazon Linux 2 AMI, set two private IP addresses during creation
- Associate an elastic IP address
- After creation, attach a secondary network interface with 2 private IP addresses (same subnet and same security group as primary NIC).
- Login the instance, restart network interface using the command from the documentation: sudo service network restart
"ip a" output:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc mq state UP group default qlen 1000
link/ether 0e:31:86:22:95:b4 brd ff:ff:ff:ff:ff:ff
inet 172.31.1.101/20 brd 172.31.15.255 scope global dynamic eth0
valid_lft 2509sec preferred_lft 2509sec
inet 172.31.1.102/20 brd 172.31.15.255 scope global secondary eth0
valid_lft forever preferred_lft forever
inet6 fe80::c31:86ff:fe22:95b4/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc mq state UP group default qlen 1000
link/ether 0e:ff:4a:aa:cb:66 brd ff:ff:ff:ff:ff:ff
inet 172.31.2.201/20 brd 172.31.15.255 scope global dynamic eth1
valid_lft 2325sec preferred_lft 2325sec
inet 172.31.2.202/20 brd 172.31.15.255 scope global secondary eth1
valid_lft forever preferred_lft forever
inet6 fe80::cff:4aff:feaa:cb66/64 scope link
valid_lft forever preferred_lft forever
"ip r" output:
default via 172.31.0.1 dev eth0
default via 172.31.0.1 dev eth1 metric 10001
169.254.169.254 dev eth0
172.31.0.0/20 dev eth0 proto kernel scope link src 172.31.1.101
172.31.0.0/20 dev eth1 proto kernel scope link src 172.31.2.201
"ip rule" output:
0: from all lookup local
32764: from 172.31.2.202 lookup 10001
32765: from 172.31.2.201 lookup 10001
32766: from all lookup main
32767: from all lookup default
With all above configuration, both private IP addresses on primary network interface can be pinged (from another ec2 instance). But both IP on secondary network interface CANNOT be pinged (Destination Host Unreachable).
"ip route show table 10001" output:
default via 172.31.0.1 dev eth1
172.31.0.0/20 dev eth1 proto kernel scope link src 172.31.2.201
"sysctl -ar 'conf.eth..arp_'" output:
net.ipv4.conf.eth0.arp_accept = 0
net.ipv4.conf.eth0.arp_announce = 0
net.ipv4.conf.eth0.arp_filter = 0
net.ipv4.conf.eth0.arp_ignore = 0
net.ipv4.conf.eth0.arp_notify = 0
net.ipv4.conf.eth1.arp_accept = 0
net.ipv4.conf.eth1.arp_announce = 0
net.ipv4.conf.eth1.arp_filter = 0
net.ipv4.conf.eth1.arp_ignore = 0
net.ipv4.conf.eth1.arp_notify = 0
Also, setting the security group to open to all traffic from all sources, does not help.
Would you check to see what is missing? Thanks.
Edited by: yahasoft on Jun 15, 2021 2:44 PM
asked 4 years ago
AWS OFFICIALUpdated 9 months ago
