AWS 写了一篇知识中心文章,概述了如何使用 netplan 在 Ubuntu 18/20 下的 EC2 实例上正确启用第二个 ENI:
https://aws.amazon.com/premiumsupport/knowledge-center/ec2-ubuntu-secondary-network-interface/
我希望做同样的事情,除了三个 ENI。我的流量通过前两个 ENI 正常工作,但第三个仍然无法工作。
我用三个 ENI 启动了一个 EC2 实例,并为每个 ENI 预先分配了 10 个私有 IP:
$ ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc mq state UP group default qlen 1000
link/ether 02:a5:08:54:22:9d brd ff:ff:ff:ff:ff:ff
inet 172.31.42.0/20 brd 172.31.47.255 scope global ens5
valid_lft forever preferred_lft forever
inet 172.31.42.1/20 brd 172.31.47.255 scope global secondary ens5
valid_lft forever preferred_lft forever
inet 172.31.42.2/20 brd 172.31.47.255 scope global secondary ens5
valid_lft forever preferred_lft forever
inet 172.31.42.3/20 brd 172.31.47.255 scope global secondary ens5
valid_lft forever preferred_lft forever
inet 172.31.42.4/20 brd 172.31.47.255 scope global secondary ens5
valid_lft forever preferred_lft forever
inet 172.31.42.5/20 brd 172.31.47.255 scope global secondary ens5
valid_lft forever preferred_lft forever
inet 172.31.42.6/20 brd 172.31.47.255 scope global secondary ens5
valid_lft forever preferred_lft forever
inet 172.31.42.7/20 brd 172.31.47.255 scope global secondary ens5
valid_lft forever preferred_lft forever
inet 172.31.42.8/20 brd 172.31.47.255 scope global secondary ens5
valid_lft forever preferred_lft forever
inet 172.31.42.9/20 brd 172.31.47.255 scope global secondary dynamic ens5
valid_lft 3412sec preferred_lft 3412sec
inet6 fe80::a5:8ff:fe54:229d/64 scope link
valid_lft forever preferred_lft forever
3: ens6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 02:ab:b4:a6:57:8d brd ff:ff:ff:ff:ff:ff
inet 172.31.42.17/20 brd 172.31.47.255 scope global ens6
valid_lft forever preferred_lft forever
inet 172.31.42.18/20 brd 172.31.47.255 scope global secondary ens6
valid_lft forever preferred_lft forever
inet 172.31.42.19/20 brd 172.31.47.255 scope global secondary ens6
valid_lft forever preferred_lft forever
inet 172.31.42.20/20 brd 172.31.47.255 scope global secondary ens6
valid_lft forever preferred_lft forever
inet 172.31.42.21/20 brd 172.31.47.255 scope global secondary ens6
valid_lft forever preferred_lft forever
inet 172.31.42.22/20 brd 172.31.47.255 scope global secondary ens6
valid_lft forever preferred_lft forever
inet 172.31.42.23/20 brd 172.31.47.255 scope global secondary ens6
valid_lft forever preferred_lft forever
inet 172.31.42.24/20 brd 172.31.47.255 scope global secondary ens6
valid_lft forever preferred_lft forever
inet 172.31.42.25/20 brd 172.31.47.255 scope global secondary ens6
valid_lft forever preferred_lft forever
inet 172.31.42.16/20 brd 172.31.47.255 scope global secondary ens6
valid_lft forever preferred_lft forever
inet6 fe80::ab:b4ff:fea6:578d/64 scope link
valid_lft forever preferred_lft forever
4: ens7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 02:a5:95:92:71:67 brd ff:ff:ff:ff:ff:ff
inet 172.31.42.32/20 brd 172.31.47.255 scope global ens7
valid_lft forever preferred_lft forever
inet 172.31.42.33/20 brd 172.31.47.255 scope global secondary ens7
valid_lft forever preferred_lft forever
inet 172.31.42.34/20 brd 172.31.47.255 scope global secondary ens7
valid_lft forever preferred_lft forever
inet 172.31.42.35/20 brd 172.31.47.255 scope global secondary ens7
valid_lft forever preferred_lft forever
inet 172.31.42.37/20 brd 172.31.47.255 scope global secondary ens7
valid_lft forever preferred_lft forever
inet 172.31.42.38/20 brd 172.31.47.255 scope global secondary ens7
valid_lft forever preferred_lft forever
inet 172.31.42.39/20 brd 172.31.47.255 scope global secondary ens7
valid_lft forever preferred_lft forever
inet 172.31.42.40/20 brd 172.31.47.255 scope global secondary ens7
valid_lft forever preferred_lft forever
inet 172.31.42.41/20 brd 172.31.47.255 scope global secondary ens7
valid_lft forever preferred_lft forever
inet 172.31.42.36/20 brd 172.31.47.255 scope global secondary ens7
valid_lft forever preferred_lft forever
inet6 fe80::a5:95ff:fe92:7167/64 scope link
valid_lft forever preferred_lft forever
这样做是为了保留那些连续的私有 IP 范围 - 当前只有每个 ENI 的主私有 IP 具有关联的 EIP,其余的将映射到 BYOIP 池中的 EIP:
参考顶部链接的文章,我构建了这个/etc/netplan/51-secondary.yml
文件来配置第二个 ENI (ens6) - 我已经删除了当前没有 EIP 关联的私有 IP:
network:
version: 2
renderer: networkd
ethernets:
ens6:
addresses:
- 172.31.42.16/20
dhcp4: no
routes:
- to: 0.0.0.0/0
via: 172.16.32.1
table: 1000
- to: 172.31.42.16
via: 0.0.0.0
scope: link
table: 1000
routing-policy:
- from: 172.31.42.16
table: 1000
它按预期工作:
$ curl --interface 172.31.42.16 https://api.ipify.org/
35.###.###.###
当我通过将此部分添加到 yaml 文件来扩展此 netplan 配置以添加第三个 ENI 时:
ens7:
addresses:
- 172.31.42.36/20
dhcp4: no
routes:
- to: 0.0.0.0/0
via: 172.16.32.1
table: 2000
- to: 172.31.42.36
via: 0.0.0.0
scope: link
table: 2000
routing-policy:
- from: 172.31.42.36
table: 2000
它不起作用 - 此 cURL 调用超时:
$ curl --interface 172.31.42.36 https://api.ipify.org
将第三个 ENI 的配置与第二个 ENI 进行比较时,第三个 ENI 似乎配置正确。
$ ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc mq state UP mode DEFAULT group default qlen 1000
link/ether 02:a5:08:54:22:9d brd ff:ff:ff:ff:ff:ff
3: ens6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
link/ether 02:ab:b4:a6:57:8d brd ff:ff:ff:ff:ff:ff
4: ens7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
link/ether 02:a5:95:92:71:67 brd ff:ff:ff:ff:ff:ff
$ ip route show
default via 172.31.32.1 dev ens5 proto dhcp src 172.31.42.9 metric 100
172.31.32.0/20 dev ens6 proto kernel scope link src 172.31.42.17
172.31.32.0/20 dev ens5 proto kernel scope link src 172.31.42.0
172.31.32.0/20 dev ens7 proto kernel scope link src 172.31.42.32
172.31.32.1 dev ens5 proto dhcp scope link src 172.31.42.9 metric 100
关于我做错了什么的任何想法/建议?