Understanding EC2 internal/external IP addresses

Posted on Thursday, December 6, 2012



I am writing this to better understand how ec2 internal and external IP addresses change and work.

Non VPC Servers


This will just explore normal, non VPC EC2 servers and how their internal and external IPs can change, are used, and how they are accessed. 



To start off my testing I am creating an ubuntu 12.04 instance via the command line tools


  >  ec2-run-instances ami-9c78c0f5 -b /dev/sda1=:8:true -k my-keypair -t t1.micro -g default --availability-zone us-east-1a


Now log into your Ubuntu 12.04 EC2 instance
In my case it’s at ec2-184-73-114-208.compute-1.amazonaws.com (you can find this info by running ec2-describe-instaces)


   >   ssh -i .ec2/my-keypair.pem ubuntu@ec2-184-73-114-208.compute-1.amazonaws.com



All Amazon EC2 instances are assigned two IP addresses at launch: a private IP address (RFC 1918) and a public IP address that are directly mapped to each other through network address translation (NAT). Private IP addresses are only reachable from within the Amazon EC2 network. Public addresses are reachable from the Internet.


From the running EC2 instance run the following command to see the IP addresses assigned to this instance.


  >  ifconfig -a




This will show the internal IP address, in this case 10.195.207.86
  
Another way to get the IP address is querying the machine itself.   A good spot to learn more about this is http://www.practicalclouds.com/content/guide/accessing-aws-information-within-your-instance [2]

You could use CURL but I use the GET perl tools for this.
To install GET command line on Ubuntu 12.04 run the following command


  >   sudo apt-get install libwww-perl


To get the local internal IP address run


  >   GET http://169.254.169.254/latest/meta-data/local-ipv4; echo



To get the external IP address run


  >  GET http://169.254.169.254/latest/meta-data/public-ipv4/; echo



184.73.114.208

A third way to find this information out is via the AWS console. 

Sign into the AWS web console




Click on My Account/Console à AWS management Console

Select EC2








Click on instances then select the instance you want the IP address of.





Select the description tag and scroll down a bit




Here is the public and private DNS.  It list the private IP but not the public IP.  However the public IP is within the public DNS name
ec2-184-73-114-208.compute-1.amazonaws.com



DNS and the internal address


The public DNS name for this server is
ec2-184-73-114-208.compute-1.amazonaws.com

and the private one is
ip-10-195-207-86.ec2.internal


From a server outside the Amazon space.  If I run the following dig command


  > dig ec2-184-73-114-208.compute-1.amazonaws.com +short


I get


184.73.114.208

The correct public IP address

If I run the same command from within an EC2 instance


  > dig ec2-184-73-114-208.compute-1.amazonaws.com +short


I get



10.195.207.86 the internal IP address.   


From amazons documentation
The public DNS name resolves to the public IP address outside the Amazon EC2 network and the private IP address within the Amazon EC2 network.


This is nice as it allows you to use the external DNS name within amazon and get the internal address, this should speed up transfers between your instances and save money as data transfer within amazon is free.


Reboot


What happens to the IP addresses after a server reboot.

Reboot your ec2 instance


  >  sudo reboot now


Log back in and check the Internal and external IP addresses


  >  GET http://169.254.169.254/latest/meta-data/local-ipv4; echo
  >  GET http://169.254.169.254/latest/meta-data/public-ipv4/; echo



I get



Local IP          :  10.195.207.86
Public IP         :  184.73.114.208

For good measure I rebooted a dozen times and always got the same local IP and public IP address.    (this is a reboot from the command line not an aws reboot of the machine)


AWS console Reboot, Start/Stop

So what happens when you reboot from the aws console?





Log into the console select the ec2 instance and click on Instance Actionsà Reboot 





You may need to click refresh in the upper right hand corner to update the console.









Looking at the details after a reboot the IP addresses stayed the same.  According to this article http://alestic.com/2011/09/ec2-reboot-stop-start [3] it’s the same as a command line reboot.

Checking my internal and public ip addresses via the command line yielded the same results, they were preserved.

I finally found this FAQ from amazon http://aws.amazon.com/articles/1145#10 [4] which says

If you reboot an instance, the IP address is maintained.







If you stop an instance you give up its IP addresses.    Here I stop the server via the AWS console by selecting Instance Actionsà Stop

Give it a minute to stop (click refresh if need be)





Select the now stopped server and click on Instance Actionsà Start









Looking at the description you will now see that its IP addresses have changed.  Which means I have to update my ssh login



  >  ssh -i .ec2/my-keypair.pem ubuntu@ec2-54-243-11-123.compute-1.amazonaws.com



Run the following commands again.


  >  GET http://169.254.169.254/latest/meta-data/local-ipv4; echo
  >  GET http://169.254.169.254/latest/meta-data/public-ipv4/; echo





Local IP          : 10.212.105.230
Public IP         : 54.243.11.123

To sum this part up, you will keep your IP through a reboot, but you will lose it and get a new set of IP addresses if you stop and start a server.


Route 53 and internal Addresses


We already know that if you use the public DNS name of your instance from within amazon (same zone) you will get the private IP address.


  >  dig ec2-54-243-11-123.compute-1.amazonaws.com +short


Yields


From within an ec2 instance

And yields



Outside the amazon AWS zone.

If you are a user of Route 53 for your DNS how does this effect how you use it?


From the AWS console Route 53 section 




Click on Create Record Set





Enter an A record with a subdomain of testip and enter the public IP of this machine.  Then click Create Record Set.  (took 6 minutes for mine to propagate out)

Running this command from within or outside of the AWS zone will result in the same results


  > dig testip.10x13.com +short


54.243.11.123

If you want it to return the internal address when inside the AWS zone you cannot use an A record you have to use a CNAME




Create a CNAME type and enter the public DNS


Running the following command


  > dig test2ip.10x13.com +short


From outside AWS zone it will give you

ec2-54-243-11-123.compute-1.amazonaws.com.
54.243.11.123


From within the AWS zone you will get

ec2-54-243-11-123.compute-1.amazonaws.com.
10.212.105.230






Elastic IP addresses


How does this effect Elastic IPs?  I am going to try a few things to see.





Log into AWS console EC2 section.   Click on Elastic IPs à  Allocate New Address.





Click on Yes, Allocate





Select the new address and click associate address.






Select the instance and click Yes, Associate.

Upon clicking this, what happens to the IP addresses of the instance?

Looking at the details of the instance



If you were logged in you get booted out, as the address has changed.

Looking at the description you will now see that its IP addresses have changed.  Which means I have to update my ssh login



  >  ssh -i .ec2/my-keypair.pem ubuntu@ec2-50-19-82-64.compute-1.amazonaws.com


Or you could use the EIP address


  >  ssh -i .ec2/my-keypair.pem ubuntu@50.19.82.64


Run the following commands again.


  >  GET http://169.254.169.254/latest/meta-data/local-ipv4; echo
  > GET http://169.254.169.254/latest/meta-data/public-ipv4/; echo





Local IP          : 10.212.105.230
Public IP         : 50.19.82.64

The local IP has remained the same but the public IP has changed to the EIP address.

Using dig with an EIP attached has the expected results.


  > dig ec2-50-19-82-64.compute-1.amazonaws.com +short


Within the AWS zone

10.212.105.230

Outside the AWS zone

50.19.82.64

Route 53 also has the same expected results.  I updated the A record to 50.19.82.64 and the CNAME to ec2-50-19-82-64.compute-1.amazonaws.com and got the same results I did before,  EIP does not effect it in any special way.



How do you deal with servers talking to each other within an AWS zone?


I think the answer to this is using the VPC features, which I will write about in another paper. But if you do not plan on using them here are a few ways I think you could deal with it.

Do it all by hand, you could update all your route53 records using CNAME and update all your /etc/hosts files by hand.

You could script it to auto update all these things.  One example I found is here http://crishantha.com/wp/?p=416 [5].    This helps a lot but it’s still a bit of a convoluted solution.  But it may be just what you are looking for.

I think the thing that makes this hard is that you need to plan for your servers to go down.  They will go down, and should the need to be stopped/started or replaces with a new instance you will get new internal IP addresses (even if you are using Elastic IPs).   So if you plan for that pain point if you plan on handling your servers this way.




References
[1]  Instance IP Addresses
       Visited 11/2012
[2]  Accessing AWS information from within your instance
       Visited 11/2012
[3]  Rebooting vs. Stop/Start of Amazon EC2 Instance
       Visited 11/2012
[4]  Can I have a static IP address?
       Visited 11/2012
[5]  Amazon EC2 internal IP changes – How to overcome?
       Visited 11/2012





No comments:

Post a Comment