After stop and start, we are loosing public IP of EC2

0

Hello Team, We have ec2 with multiple ENI attached to IT. as soon as we are attaching secondary ENI's and stopping and starting the ec2 we are loosing EC2 public address.

1]We are loosing SSM manager access too. Is there any way to prevent this.

2]If we configure NLB for such EC2 instance where apache is installed our targets are unhealthy. Is this because of multiple ENI's?

Thank you!.

Priti
已提問 3 個月前檢視次數 186 次
3 個答案
3

If you are using public IPv4 addresses, and not Elastic IP addresses you will lose the IP if the instance is stopped. See the following about releasing public IPs from EC2 instances:

You are most likely losing SSM Manager access when the public IP is lost. SSM requires either internet access to reach the service, or VPC Endpoints/PrivateLink if there is no internet access. https://docs.aws.amazon.com/systems-manager/latest/userguide/setup-create-vpc.html

For the NLB issue it sounds like you may be using the wrong port, protocol, or have a security group blocking the request. Check out this article on things to look for with failed health checks. https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-troubleshooting.html

AWS
Jason
已回答 3 個月前
profile pictureAWS
專家
已審閱 2 個月前
  • Thanks for this reply. yes, we are using EIP for few ENI's or interface. I am just confused here is like I have other interface attached to same EC2 which is having EIP in this case it should have internet access. there are 4 different ENI's attached to EIP.

1

Hello.

1]We are loosing SSM manager access too. Is there any way to prevent this.

There may be a problem with the network interface settings on the OS side.
If you check the EC2 system log, there may be some error logs output.
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/troubleshoot-unreachable-instance.html#instance-console-console-output

2]If we configure NLB for such EC2 instance where apache is installed our targets are unhealthy. Is this because of multiple ENI's?

Are you listening on the port number used for NLB health checks in EC2?
Also, are the necessary communications allowed in the EC2 security group?

profile picture
專家
已回答 3 個月前
profile pictureAWS
專家
已審閱 3 個月前
  • Thank you @ Riku_Kobayashi for your reply We have added necessary port number and details in SG. we are just implementing basic scenario, where apache is running on EC2 instance. Here, problem is we have few ENI's which are not having EIP and few ENI's are having EIP.

    If I have only one ENI with one EIP then my health check is working.

    By Default apache is listening on all ethernet Listen 80 this is mentioned in the official document.

0

Sounds like a IP routing issue on the server when you have more than one ENI.

All return packets take the default route.

profile picture
專家
已回答 3 個月前

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南