我有两个 AWS EC2 实例 (RedHat 8)sa216p和sa216t,它们连接到同一个子网 172.31.80.0/20。EC2 DHCP 为它们分配了主 IP 地址,分别为 172.31.84.105 和 172.31.92.210。sa216p我使用 为唯一的接口分配了一个辅助地址ip addr add 172.31.92.123/20 dev eth0。
[ec2-user@sa216p ~]$ ip addr show dev eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc fq_codel state UP group default qlen 1000
link/ether 12:a5:24:f4:78:05 brd ff:ff:ff:ff:ff:ff
inet 172.31.84.105/20 brd 172.31.95.255 scope global dynamic noprefixroute eth0
valid_lft 3249sec preferred_lft 3249sec
inet 172.31.92.123/20 scope global secondary eth0
valid_lft forever preferred_lft forever
inet6 fe80::10a5:24ff:fef4:7805/64 scope link
valid_lft forever preferred_lft forever
VPC 的安全组允许子网上的 SSH 和 ICMP 流量。据我所知,两个实例上都没有安装防火墙。AWS 路由表包含一个条目172.31.0.0/16 local,涵盖相关子网。
sa216t我可以sa216p使用它的主机名和 IP 地址来ping 通它:
[ec2-user@sa216t ~]$ ping sa216p
PING sa216p (172.31.84.105) 56(84) bytes of data.
64 bytes from sa216p (172.31.84.105): icmp_seq=1 ttl=64 time=0.584 ms
64 bytes from sa216p (172.31.84.105): icmp_seq=2 ttl=64 time=0.674 ms
64 bytes from sa216p (172.31.84.105): icmp_seq=3 ttl=64 time=0.540 ms
但是,ping 辅助地址仍然失败:
[ec2-user@sa216t ~]$ ping 172.31.92.123
PING 172.31.92.123 (172.31.92.123) 56(84) bytes of data.
From 172.31.92.210 icmp_seq=1 Destination Host Unreachable
From 172.31.92.210 icmp_seq=2 Destination Host Unreachable
From 172.31.92.210 icmp_seq=3 Destination Host Unreachable
^C
邻居表显示地址解析不成功:
[ec2-user@sa216t ~]$ ip neigh
172.31.80.1 dev eth0 lladdr 12:c7:16:59:97:6f REACHABLE
172.31.91.6 dev eth0 lladdr 12:68:fb:11:f5:61 STALE
172.31.84.105 dev eth0 lladdr 12:a5:24:f4:78:05 REACHABLE
172.31.92.123 dev eth0 FAILED
我sa216p可以 ping 两个 IP 地址:
[ec2-user@sa216p ~]$ ping 172.31.84.105
PING 172.31.84.105 (172.31.84.105) 56(84) bytes of data.
64 bytes from 172.31.84.105: icmp_seq=1 ttl=64 time=0.021 ms
64 bytes from 172.31.84.105: icmp_seq=2 ttl=64 time=0.035 ms
64 bytes from 172.31.84.105: icmp_seq=3 ttl=64 time=0.031 ms
64 bytes from 172.31.84.105: icmp_seq=4 ttl=64 time=0.020 ms
^C
--- 172.31.84.105 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3091ms
rtt min/avg/max/mdev = 0.020/0.026/0.035/0.009 ms
[ec2-user@sa216p ~]$ ping 172.31.92.123
PING 172.31.92.123 (172.31.92.123) 56(84) bytes of data.
64 bytes from 172.31.92.123: icmp_seq=1 ttl=64 time=0.021 ms
64 bytes from 172.31.92.123: icmp_seq=2 ttl=64 time=0.043 ms
64 bytes from 172.31.92.123: icmp_seq=3 ttl=64 time=0.033 ms
64 bytes from 172.31.92.123: icmp_seq=4 ttl=64 time=0.035 ms
^C
--- 172.31.92.123 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3071ms
rtt min/avg/max/mdev = 0.021/0.033/0.043/0.007 ms
尽管地址解析显然失败了:
[ec2-user@sa216p ~]$ ip neigh
172.31.92.123 dev eth0 FAILED
172.31.95.166 dev eth0 lladdr 12:e5:55:02:1c:8f REACHABLE
172.31.80.1 dev eth0 lladdr 12:c7:16:59:97:6f REACHABLE
172.31.92.210 dev eth0 lladdr 12:9e:db:f8:9b:7f STALE
172.31.91.6 dev eth0 lladdr 12:68:fb:11:f5:61 REACHABLE
我遗漏了什么?为什么我无法访问sa216p辅助 IP 地址?
PS 有一个类似问题但就我而言,目标主机显然处于活动状态且已连接。
PPS 这可能是特定于 AWS,因为我被告知使用虚拟机在本地运行时,相同的设置可以按预期工作。
答案1
嗯,它是确实特定于 AWS:只能使用 AWS 工具(从管理控制台或使用 CLI)分配辅助私有 IP 地址,因为在文档中描述。