By using AWS re:Post, you agree to the Terms of Use

Questions tagged with Amazon VPC

Sort by most recent

Browse through the questions and answers listed below or filter and sort to narrow down your results.

Slowness within the AWS (EC2 and Workspaces) in Internet browsing itself, sometimes almost impossible to access a simple website.

Hello, We are experiencing browsing internet related slowness within the AWS (EC2 and Workspaces), browsing in simple websites itself is slow. We had the same problem on 03/2022, we hired support business, but they didn't solve the problem and it went back to normal on its own. Monitoring via CloudWatch, we noticed that the slowness is related to the NAT Gateway, as the documentation says the following: [*"If the value of ConnectionEstablishedCount is less than the value of ConnectionAttemptCount, clients behind the NAT gateway tried to establish new connections for which there was no response."*](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway-cloudwatch.html) And as you can see in the attached graphs, whenever there is a slowdown, the ConnectionEstablishedCount metric is lower than the ConnectionAttemptCount metric ![Enter image description here](/media/postImages/original/IM4BtTaWe7TFqUgYfQiDmSsA) Internet browsing itself is slow, sometimes almost impossible to access a simple website, and this is directly impacting our internal use and customer service, as all our internal and support applications require the internet. It is also worth mentioning that we migrated our entire On-Premise structure to AWS in October/2021, and this is the second time this has happened. We even set up a new NAT Gateway in another AZ but it didn't work and it was still slow. Has anyone ever experienced this? Do you know what it could be and how to fix it? Thanks
1
answers
0
votes
69
views
asked a month ago

EC2 mysteriously loses connectivity - telnet google.com 80 not working - AMI on another EC2 works without problems

I have an ec2 instance on a public subnet with Ubuntu running for months without problems. Today, when connecting to it via ssh I have seen the following error: ``` Failed to connect to https://changelogs.ubuntu.com/meta-release-lts. Check your Internet connection or proxy settings ``` Investigating a little more in depth I see that a simple ``` telnet google.com 80 Trying 172.217.19.238... ``` does not work, it does not establish a connection. I have also tried ``` nslookup google.com Server: 127.0.0.53 Address: 127.0.0.53#53 Non-authoritative answer: Name: google.com Address: 172.217.19.238 Name: google.com Address: 2a00:1450:4007:80d::200e ``` and it works fine. A telnet to another instance of the same vpc and subnet works ok. The systemd-resolved.service is up and without errors: ``` systemctl status systemd-resolved.service ● systemd-resolved.service - Network Name Resolution Loaded: loaded (/lib/systemd/system/systemd-resolved.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2022-08-23 10:37:22 UTC; 46min ago Docs: man:systemd-resolved.service(8) https://www.freedesktop.org/wiki/Software/systemd/resolved https://www.freedesktop.org/wiki/Software/systemd/writing-network-configuration-managers https://www.freedesktop.org/wiki/Software/systemd/writing-resolver-clients Main PID: 1586 (systemd-resolve) Status: "Processing requests..." Tasks: 1 (limit: 4637) Memory: 4.3M CGroup: /system.slice/systemd-resolved.service └─1586 /lib/systemd/systemd-resolved Aug 23 10:37:22 ip-172-31-34-169 systemd[1]: Starting Network Name Resolution... Aug 23 10:37:22 ip-172-31-34-169 systemd-resolved[1586]: Positive Trust Anchors: Aug 23 10:37:22 ip-172-31-34-169 systemd-resolved[1586]: . IN DS 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237> Aug 23 10:37:22 ip-172-31-34-169 systemd-resolved[1586]: Negative trust anchors: 10.in-addr.arpa 16.172.in-addr.arpa 17.172.in-addr> Aug 23 10:37:22 ip-172-31-34-169 systemd-resolved[1586]: Using system hostname 'ip-172-31-34-169'. Aug 23 10:37:22 ip-172-31-34-169 systemd[1]: Started Network Name Resolution. ``` I have created an AMI of this instance and I have raised another ec2 with this AMI, and everything works correctly, the new ec2 is in the same vpc and subnet and has the same security group, so I rule out connectivity problems in the vpc, route table , ACL, internet gateway etc... Could it be due to some problem in the network interface? Any idea what could be happening?
2
answers
0
votes
34
views
asked a month ago

VPN Client Endpoint - losing internet access even with split tunnel enabled

Hi, I have been working with aws vpn client for some time and I have enough understanding of how it works and its config. The only thing Im having issues with right now is even when I have the split tunnel feature enabled, I lose internet access from my computer, at home. If I understand this correctly the whole idea behind the split tunnel is to make sure AWS traffic is only what goes through the vpn tunnel, to avoid extra charges,...etc. I have older endpoints created previously and are working as expected, both at home and at the office. All clients have the same configs with the CIDR being the only difference, and the new one was created using AWS CDK. My local routing seems ok, but when trying to access "amazon.com" for example I get DNS resolution error in my browser, simply nothing works. Following is my routing when connected to the vpn client im having issues with. I use 192.168.0.0/16 for my vpc. ``` Internet: Destination Gateway Flags Netif Expire default 10.0.0.1 UGScg en0 10/24 link#15 UCS en0 ! 10.0.0.1/32 link#15 UCS en0 ! 10.0.0.1 f4:c1:14:8e:ad:16 UHLWIir en0 1190 10.0.0.131 a4:93:3f:60:53:84 UHLWI en0 668 10.0.0.145 f8:28:19:3d:bb:b6 UHLWI en0 ! 10.0.0.166/32 link#15 UCS en0 ! 10.0.0.245 e:bf:67:db:69:3 UHLWI en0 ! 10.0.0.255 ff:ff:ff:ff:ff:ff UHLWbI en0 ! 127 127.0.0.1 UCS lo0 127.0.0.1 127.0.0.1 UH lo0 169.254 link#15 UCS en0 ! 192.168.0/16 192.168.100.1 UGSc utun3 192.168.100/27 192.168.100.2 UGSc utun3 192.168.100.2 192.168.100.2 UH utun3 ```
2
answers
0
votes
86
views
asked a month ago