By using AWS re:Post, you agree to the Terms of Use

Peering connection with ansible: "No route to host"

0

Hi,

I have an EC2 instance in us-east-1 which would like to communicate with another instance in ** us-west-2**.

The CIDRs:

  • VPC-East CIDR: 172.16.0.0/16
  • VPC-West CIDR: 172.17.0.0/16

The **used subnets **in these VPCs are 172.(16 or 17).0.0/24 correspondingly.

I've created a Peering Connection between the two regions' VPCs and maybe it would help so I allowed these:

  • Allow accepter VPC to resolve DNS of hosts in requester VPC to private IP addresses
  • Allow requester VPC to resolve DNS of hosts in accepter VPC to private IP addresses

I also added a new route at the route tables, this is East's.

I've created a Reachability Analyzer from both the East and West instance to the Peering Connection and both succeed.

But ansible still fails to connect from East to West (From East to East it worked earlier).

Failed to connect to the host via ssh: ssh: connect to host 172.17.0.129 port 22: No route to host

Maybe it's not related to my main problem, but:

Another instance in the west can be accessed via a public IP by me and by East instance. But it show this:

Instance reachability check failed

While I can SSH, access the website it hosts, etc.

Thanks in advance!

1 Answer
0

Hi Tudvari,

It seems you are having trouble establishing communication between your two EC2 instances located in the east(VPC-East) and west region(VPC-West).

It looks like your main issue is you only added a route table in the VPC-East and not a route table to your VPC-West. In order to enable the flow of traffic between the VPCs using private IP addresses, you need to manually add one or more route in both VPCs. Here is AWS peering documentation that will help walk you through the steps in creating the route tables for your VPCs[1].

Secondly, verify your security group for the EC2 instances and the NACLs for each resource in each VPC is configured to allow traffic to the peered VPCs. Here is documentation on the proper configuration for both the security groups[2] and NACL[3].

Let us know if we can be of anymore assistance!

References: [1] https://docs.aws.amazon.com/vpc/latest/peering/vpc-peering-basics.html [2] https://docs.aws.amazon.com/vpc/latest/peering/vpc-peering-security-groups.html [3] https://docs.aws.amazon.com/vpc/latest/peering/troubleshoot-vpc-peering-connections.html

answered 2 months ago
SUPPORT ENGINEER
reviewed a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions