By using AWS re:Post, you agree to the Terms of Use
/Amazon Machine Images (AMI)/

Questions tagged with Amazon Machine Images (AMI)

Sort by most recent
  • 1
  • 90 / page

Browse through the questions and answers listed below or filter and sort to narrow down your results.

Linux OS networking bug in Elastic Beanstalk AMI with Tomcat & Corretto

We use AWS Elastic Beanstalk with an Amazon AMI with Tomcat & Corretto running on Amazon Linux 2 (`aws-elasticbeanstalk-amzn-2.0.20220316.64bit-eb_tomcat85corretto8_amazon_linux_2-hvm-2022-03-29T20-48`) and are running into an [OS networking bug](https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1924298) when Tomcat is under load. The result of this bug are that TCP connections from clients connect but timeout while the server is under load. The networking bug is due to a race condition in the TCP stack which is fixed in Linux 5.10 kernels. A description and diff of the bug can be found in [this commit](https://github.com/torvalds/linux/commit/01770a166165738a6e05c3d911fb4609cc4eb416). From the description of this bug it looks like this race condition affects all TCP networking and is not specific to Tomcat, but manifests more often under load. Currently, as far as I can tell, all the latest Amazon AMIs for Elastic Beanstalk for Tomcat or Corretto are using a 4.14 kernel. The AMI which we are using has a kernel of `4.14.268-205.500.amzn2.x86_64`. I have been able to reproduce the bug on this AMI using the sample server code in the Ubuntu bug report, which is independent of Tomcat. I have also tried reproing the bug on newer versions of Amazon Linux 2 (AMI `amzn2-ami-kernel-5.10-hvm-2.0.20220419.0-x86_64-gp2`) which are using a `5.10.109-104.500.amzn2.x86_64` kernel, but have not been able to repro the bug on this kernel. We would prefer not to have to create our own AMI for using Elastic Beanstalk, but were wondering if and when there will be an update to the Amazon Elastic Beanstalk AMI's which incorporate this OS bug fix since this is affecting the reliability of networking under load?
0
answers
2
votes
5
views
Chris-G-206
asked 24 days ago

Mikrotik CHR sever connection lost

I have created a server using the Mikrotik created AMI for their CHR software. I keep losing connection to the server entirely; no Winbox, no SSH, no console connect from the Instances page. I keep having to spin up a new server and rebuild my work. No other AWS server (mostly Ubuntu AMI's) on our account has had this issue. I am assuming there is something about the CHR AMI that I am missing which is causing this issue. I am attempting to set up a VPN using OpenVPN to connect the field devices my employer creates. A previous VPN project was run last year and that server was up for nearly the full year and we could still connect to it, until I removed the PPTP setup and replaced it with the Mikrotik built-in OpenVPN server. Here is the config export for the CHR. ``` # mar/31/2022 17:55:47 by RouterOS 6.44.3 # software id = # # # /interface bridge add arp=local-proxy-arp fast-forward=no name=afads priority=0x8192 \ transmit-hold-count=1 /interface ethernet set [ find default-name=ether1 ] disable-running-check=no /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik /ip pool add name=afadpool ranges=10.8.0.1-10.8.127.255 /ppp profile set *0 bridge=afads change-tcp-mss=default local-address=10.8.0.1 only-one=\ yes use-encryption=yes add bridge=afads local-address=10.8.0.1 name=SmartFlaggerL3 only-one=yes \ remote-address=afadpool use-encryption=yes /interface bridge port add bridge=afads hw=no interface=ether1 add bridge=afads interface=*F005C9 add bridge=afads interface=*F004E9 add bridge=afads interface=dynamic /interface ovpn-server server set auth=sha1 certificate=[ServerCertName] cipher=aes256 default-profile=\ SmartFlaggerL3 enabled=yes keepalive-timeout=30 netmask=17 /ip firewall address-list add address=10.8.40.1 list=undeployed [Removed approx 4000 lines, similar to the one above] /ip firewall filter add action=accept chain=forward comment=\ "Allows units in the Test group to communicate." dst-address-list=test \ src-address-list=test add action=accept chain=forward comment=\ "Allows all traffic from Internal Trusted Servers to units." \ dst-address-list=!InternalTrustedServers src-address=0.0.0.0 \ src-address-list=InternalTrustedServers add action=accept chain=forward comment=\ "Allows all traffic from units to Internal Trusted Servers." \ dst-address-list=InternalTrustedServers add action=accept chain=forward comment="Test of unit to unit communication" \ disabled=yes dst-address-list=test src-address-list=test add action=accept chain=forward comment=\ "Accept Forward for Established and Related Connections" \ connection-state=established,related,untracked add action=accept chain=forward comment="Allow Forwarding by OVPN Clients" \ src-address=192.168.22.128/25 add action=accept chain=input comment=\ "Accept Input for Established and Related Connections" connection-state=\ established,related,untracked add action=accept chain=input comment="Allow OpenVPN Connection" dst-port=\ 1194 protocol=tcp add action=accept chain=input comment="Allow Input by OVPN Clients" \ in-interface=all-ppp add action=accept chain=input comment="Allow Winbox Input" dst-port=8291 \ protocol=tcp add action=accept chain=input comment="Allow HTTPS Input" dst-port=443 \ protocol=tcp add action=drop chain=input comment="Input drop for all other connection" \ disabled=yes add action=drop chain=forward comment="Forward drop for all other connection" \ disabled=yes add action=drop chain=forward comment="Invalid drop for all other connection" \ connection-state=invalid disabled=yes add action=drop chain=forward comment="PREVENT ALL TALK BETWEEN UNITS." \ disabled=yes src-address=!10.8.0.5 /ip firewall nat add action=masquerade chain=srcnat out-interface=all-ppp /ip service set telnet disabled=yes set ftp disabled=yes set www disabled=yes set api-ssl disabled=yes /ppp secret add name=AFD0001 password=[Redacted] profile=SmartFlaggerL3 remote-address=\ 10.8.80.1 service=ovpn [Removed nearly 4000 lines, similar to the one above] /system identity set namep[AWS instance auto-generated name] /system logging add topics=ovpn add topics=debug ```
0
answers
0
votes
0
views
Watts
asked a month ago
  • 1
  • 90 / page