Understanding EC2 internal/external IP addresses

Posted on Thursday, December 6, 2012

I am writing this to better understand how ec2 internal and external IP addresses change and work.

Non VPC Servers

This will just explore normal, non VPC EC2 servers and how their internal and external IPs can change, are used, and how they are accessed. 

To start off my testing I am creating an ubuntu 12.04 instance via the command line tools

  >  ec2-run-instances ami-9c78c0f5 -b /dev/sda1=:8:true -k my-keypair -t t1.micro -g default --availability-zone us-east-1a

Now log into your Ubuntu 12.04 EC2 instance
In my case it’s at ec2-184-73-114-208.compute-1.amazonaws.com (you can find this info by running ec2-describe-instaces)

   >   ssh -i .ec2/my-keypair.pem ubuntu@ec2-184-73-114-208.compute-1.amazonaws.com

All Amazon EC2 instances are assigned two IP addresses at launch: a private IP address (RFC 1918) and a public IP address that are directly mapped to each other through network address translation (NAT). Private IP addresses are only reachable from within the Amazon EC2 network. Public addresses are reachable from the Internet.

From the running EC2 instance run the following command to see the IP addresses assigned to this instance.

  >  ifconfig -a

This will show the internal IP address, in this case
Another way to get the IP address is querying the machine itself.   A good spot to learn more about this is http://www.practicalclouds.com/content/guide/accessing-aws-information-within-your-instance [2]

You could use CURL but I use the GET perl tools for this.
To install GET command line on Ubuntu 12.04 run the following command

  >   sudo apt-get install libwww-perl

To get the local internal IP address run

  >   GET; echo

To get the external IP address run

  >  GET; echo

A third way to find this information out is via the AWS console. 

Sign into the AWS web console

Click on My Account/Console à AWS management Console

Select EC2

Click on instances then select the instance you want the IP address of.

Select the description tag and scroll down a bit

Here is the public and private DNS.  It list the private IP but not the public IP.  However the public IP is within the public DNS name

DNS and the internal address

The public DNS name for this server is

and the private one is

From a server outside the Amazon space.  If I run the following dig command

  > dig ec2-184-73-114-208.compute-1.amazonaws.com +short

I get

The correct public IP address

If I run the same command from within an EC2 instance

  > dig ec2-184-73-114-208.compute-1.amazonaws.com +short

I get the internal IP address.   

From amazons documentation
The public DNS name resolves to the public IP address outside the Amazon EC2 network and the private IP address within the Amazon EC2 network.

This is nice as it allows you to use the external DNS name within amazon and get the internal address, this should speed up transfers between your instances and save money as data transfer within amazon is free.


What happens to the IP addresses after a server reboot.

Reboot your ec2 instance

  >  sudo reboot now

Log back in and check the Internal and external IP addresses

  >  GET; echo
  >  GET; echo

I get

Local IP          :
Public IP         :

For good measure I rebooted a dozen times and always got the same local IP and public IP address.    (this is a reboot from the command line not an aws reboot of the machine)

AWS console Reboot, Start/Stop

So what happens when you reboot from the aws console?

Log into the console select the ec2 instance and click on Instance Actionsà Reboot 

You may need to click refresh in the upper right hand corner to update the console.

Looking at the details after a reboot the IP addresses stayed the same.  According to this article http://alestic.com/2011/09/ec2-reboot-stop-start [3] it’s the same as a command line reboot.

Checking my internal and public ip addresses via the command line yielded the same results, they were preserved.

I finally found this FAQ from amazon http://aws.amazon.com/articles/1145#10 [4] which says

If you reboot an instance, the IP address is maintained.

If you stop an instance you give up its IP addresses.    Here I stop the server via the AWS console by selecting Instance Actionsà Stop

Give it a minute to stop (click refresh if need be)

Select the now stopped server and click on Instance Actionsà Start

Looking at the description you will now see that its IP addresses have changed.  Which means I have to update my ssh login

  >  ssh -i .ec2/my-keypair.pem ubuntu@ec2-54-243-11-123.compute-1.amazonaws.com

Run the following commands again.

  >  GET; echo
  >  GET; echo

Local IP          :
Public IP         :

To sum this part up, you will keep your IP through a reboot, but you will lose it and get a new set of IP addresses if you stop and start a server.

Route 53 and internal Addresses

We already know that if you use the public DNS name of your instance from within amazon (same zone) you will get the private IP address.

  >  dig ec2-54-243-11-123.compute-1.amazonaws.com +short


From within an ec2 instance

And yields

Outside the amazon AWS zone.

If you are a user of Route 53 for your DNS how does this effect how you use it?

From the AWS console Route 53 section 

Click on Create Record Set

Enter an A record with a subdomain of testip and enter the public IP of this machine.  Then click Create Record Set.  (took 6 minutes for mine to propagate out)

Running this command from within or outside of the AWS zone will result in the same results

  > dig testip.10x13.com +short

If you want it to return the internal address when inside the AWS zone you cannot use an A record you have to use a CNAME

Create a CNAME type and enter the public DNS

Running the following command

  > dig test2ip.10x13.com +short

From outside AWS zone it will give you


From within the AWS zone you will get


Elastic IP addresses

How does this effect Elastic IPs?  I am going to try a few things to see.

Log into AWS console EC2 section.   Click on Elastic IPs à  Allocate New Address.

Click on Yes, Allocate

Select the new address and click associate address.

Select the instance and click Yes, Associate.

Upon clicking this, what happens to the IP addresses of the instance?

Looking at the details of the instance

If you were logged in you get booted out, as the address has changed.

Looking at the description you will now see that its IP addresses have changed.  Which means I have to update my ssh login

  >  ssh -i .ec2/my-keypair.pem ubuntu@ec2-50-19-82-64.compute-1.amazonaws.com

Or you could use the EIP address

  >  ssh -i .ec2/my-keypair.pem ubuntu@

Run the following commands again.

  >  GET; echo
  > GET; echo

Local IP          :
Public IP         :

The local IP has remained the same but the public IP has changed to the EIP address.

Using dig with an EIP attached has the expected results.

  > dig ec2-50-19-82-64.compute-1.amazonaws.com +short

Within the AWS zone

Outside the AWS zone

Route 53 also has the same expected results.  I updated the A record to and the CNAME to ec2-50-19-82-64.compute-1.amazonaws.com and got the same results I did before,  EIP does not effect it in any special way.

How do you deal with servers talking to each other within an AWS zone?

I think the answer to this is using the VPC features, which I will write about in another paper. But if you do not plan on using them here are a few ways I think you could deal with it.

Do it all by hand, you could update all your route53 records using CNAME and update all your /etc/hosts files by hand.

You could script it to auto update all these things.  One example I found is here http://crishantha.com/wp/?p=416 [5].    This helps a lot but it’s still a bit of a convoluted solution.  But it may be just what you are looking for.

I think the thing that makes this hard is that you need to plan for your servers to go down.  They will go down, and should the need to be stopped/started or replaces with a new instance you will get new internal IP addresses (even if you are using Elastic IPs).   So if you plan for that pain point if you plan on handling your servers this way.

[1]  Instance IP Addresses
       Visited 11/2012
[2]  Accessing AWS information from within your instance
       Visited 11/2012
[3]  Rebooting vs. Stop/Start of Amazon EC2 Instance
       Visited 11/2012
[4]  Can I have a static IP address?
       Visited 11/2012
[5]  Amazon EC2 internal IP changes – How to overcome?
       Visited 11/2012

No comments:

Post a Comment