EIP and VPC
0 views
Skip to first unread message
Beckham, Tony
Dec 11, 2014, 8:09:56 PM12/11/14
to qa-...@eucalyptus.com
Folks,
Just wanted to bring attention to some things I have run into with Elastic IPs with VPC.
First, I am not sure the correct way to successfully associate an IP with a VPC instance. I have tried using euca2ools, eucalobo and CloudFormation. In each case specifying "–d vpc" or Domain: "vpc" when allocating an address and associating to a VPC instance using the eip allocation ID. The result is the instance public IP is updated with the elastic IP but I lose connectivity to it or any other instance in the VPC. At this point networking is shot. The only recourse I have found is to delete the default VPC and create a new default VPC. At first I tried just disassociating the EIP but networking was still dorked. In this case I notice that the instance no longer will have a public IP, its public IP is its private IP.
I know at first I was not aware of using allocation id when associating an EIP with a VPC instance. Also, I was not aware that when allocating in VPC you must supply –d/domain of VPC. In these two cases I think we could have some guide rails. Probably not validation from the euca2ools but as an error response from the system, then the tool could give the error, just a thought. The other big issue is just the functionality. I simply have not gotten it to work yet. So, if you are aware of anything that "special" that needs to be done or a parameter that eucalyptus needs when allocating and associating an elastic IP with a VPC instance I'd love to know about it. At this point we really should have a better user experience in cases where things were not done correctly. Having networking hosed is not going to fly especially since this will be new functionality for a lot of users.
Thanks.
--
Tony
Just wanted to bring attention to some things I have run into with Elastic IPs with VPC.
First, I am not sure the correct way to successfully associate an IP with a VPC instance. I have tried using euca2ools, eucalobo and CloudFormation. In each case specifying "–d vpc" or Domain: "vpc" when allocating an address and associating to a VPC instance using the eip allocation ID. The result is the instance public IP is updated with the elastic IP but I lose connectivity to it or any other instance in the VPC. At this point networking is shot. The only recourse I have found is to delete the default VPC and create a new default VPC. At first I tried just disassociating the EIP but networking was still dorked. In this case I notice that the instance no longer will have a public IP, its public IP is its private IP.
I know at first I was not aware of using allocation id when associating an EIP with a VPC instance. Also, I was not aware that when allocating in VPC you must supply –d/domain of VPC. In these two cases I think we could have some guide rails. Probably not validation from the euca2ools but as an error response from the system, then the tool could give the error, just a thought. The other big issue is just the functionality. I simply have not gotten it to work yet. So, if you are aware of anything that "special" that needs to be done or a parameter that eucalyptus needs when allocating and associating an elastic IP with a VPC instance I'd love to know about it. At this point we really should have a better user experience in cases where things were not done correctly. Having networking hosed is not going to fly especially since this will be new functionality for a lot of users.
Thanks.
--
Tony
Daniel Nurmi
Dec 11, 2014, 9:26:50 PM12/11/14
to Beckham, Tony, qa-...@eucalyptus.com
tony - ack
it would help a lot if you could share a list of cmds that you're running, i'd like to dive in and figure out is going south on the backend. i've honestly been testing with a fairly limited range of api calls since i've been focused on back end stuff, but its time to find the ways in which users might interact with vpc and ensure a clear path
if you have some cmd sequences it would help me a lot!
d
Sent from my iPad
it would help a lot if you could share a list of cmds that you're running, i'd like to dive in and figure out is going south on the backend. i've honestly been testing with a fairly limited range of api calls since i've been focused on back end stuff, but its time to find the ways in which users might interact with vpc and ensure a clear path
if you have some cmd sequences it would help me a lot!
d
Sent from my iPad
Beckham, Tony
Dec 11, 2014, 10:24:09 PM12/11/14
to Daniel Nurmi, qa-...@eucalyptus.com
Dan,
No problemo. Here are some commands executed and the results,
http://fpaste.org/158995/18354211/
What that paste demonstrates:
1. DNS enabled and instance running in VPC
2. Ping instance on public IP: SUCCESS
3. Allocate address (euca-allocate-address -d vpc)
4. Associate address with the instance (euca-associate-address -a
eipalloc-439828dc -i i-66f151d9)
5. Describe address shows association (euca-describe-addresses)
6. Describe instances shows EIP as public IP
7. Ping instance on the EIP public IP: FAIL
8. Disassociate address (euca-disassociate-address -a eipassoc-949fd5cb)
9. Describe instances, the instance's public IP is now the same as it's
private
10. Instance still cannot be pinged
--
Tony
No problemo. Here are some commands executed and the results,
http://fpaste.org/158995/18354211/
What that paste demonstrates:
1. DNS enabled and instance running in VPC
2. Ping instance on public IP: SUCCESS
3. Allocate address (euca-allocate-address -d vpc)
4. Associate address with the instance (euca-associate-address -a
eipalloc-439828dc -i i-66f151d9)
5. Describe address shows association (euca-describe-addresses)
6. Describe instances shows EIP as public IP
7. Ping instance on the EIP public IP: FAIL
8. Disassociate address (euca-disassociate-address -a eipassoc-949fd5cb)
9. Describe instances, the instance's public IP is now the same as it's
private
10. Instance still cannot be pinged
--
Tony
Nurmi, Daniel
Dec 12, 2014, 1:46:02 PM12/12/14
to Beckham, Tony, Daniel Nurmi, qa-...@eucalyptus.com
Thanks Tony, I'm hoping to get some hours to work on code today and this
is super useful - will keep the team informed
is super useful - will keep the team informed
-d
Reply all
Reply to author
Forward
0 new messages