Instructions#

How to configure attached interfaces from different subnets#

Manually configuring attached interfaces from different subnets in a UNIX family OS#

The instruction describes the minimum required configuration of attached interfaces to ensure correct operation. It allows you to attach multiple network interfaces belonging to different subnets and having different Elastic IP addresses to an instance.

The required variables to configure interfaces
# You can read the interface name in the "ip a" command output; it can be eth, ens, etc.
# We will use eth1 in the example.
interface_name="eth1"
# rtable – a routing table; you can use anyone, provided it is different for each interface.
# In the example, we will use 10000 plus the interface number.
rtable="10001"
# gateway – the subnet gateway; its address is the first address in a CIDR block (for example, if the CIDR block is 172.31.1.0/24, then the gateway will be at 172.31.1.1).
gateway="172.31.1.1"
# CIDR block is a subnet to which the interface is connected.
cidr="172.31.1.0/24"
# primary_ipv4 is an IP address associated with the interface.
primary_ipv4="172.31.1.4"
Debian 8 and later, as well as Ubuntu up to 18.04
# It is important that the file /etc/network/interfaces containes the line: source /etc/network/interfaces.d/*
# Besides, in some versions the file /etc/network/interfaces can contain a pre-installed configuration of interfaces.
# This can cause conflicts.
# Next, you need to execute:
cat <<- EOF > /etc/network/interfaces.d/config-${interface_name}.cfg
auto ${interface_name}
allow-hotplug ${interface_name}
iface ${interface_name} inet dhcp
post-up ip route add default via ${gateway} dev ${interface_name} table ${rtable}
post-up ip route add ${cidr} dev ${interface_name} proto kernel scope link src ${primary_ipv4} table ${rtable}
post-down ip route del default via ${gateway} dev ${interface_name} table ${rtable}
post-down ip route del ${cidr} dev ${interface_name} proto kernel scope link src ${primary_ipv4} table ${rtable}
EOF
ip rule add from ${primary_ipv4} lookup ${rtable}
ifup ${interface_name}

See more information on configuring interfaces for Debian and Ubuntu 16.04.

CentOS 7 and later, as well as Fedora 28 and later
# It is required to execute:
hwaddr=$(cat /sys/class/net/${interface_name}/address 2>/dev/null)
cat <<- EOF > /etc/sysconfig/network-scripts/ifcfg-${interface_name}
DEVICE=${interface_name}
BOOTPROTO=dhcp
ONBOOT=yes
TYPE=Ethernet
USERCTL=no
PEERDNS=no
HWADDR=${hwaddr}
DEFROUTE=no
EOF
ip rule add from ${primary_ipv4} lookup ${rtable}
ip route add default via ${gateway} dev ${interface_name} table ${rtable}
ip route add -net ${cidr} dev ${interface_name} proto kernel scope link src ${primary_ipv4} table ${rtable}
ifup ${interface_name}
Ubuntu 18 and later
# It is required to execute:
cat <<- EOF > /etc/netplan/config-${interface_name}.yaml
network:
  version: 2
  renderer: networkd
  ethernets:
    ${interface_name}:
    dhcp4: true
    dhcp4-overrides:
            use-routes: false
    routes:
      - to: 0.0.0.0/0
        via: ${gateway}
        table: ${rtable}
      - to: ${cidr}
        via: ${gateway}
        table: ${rtable}
EOF
ip rule add from ${primary_ipv4} lookup ${rtable}
ip link set ${interface_name} up

For more information on how to set up interfaces, please visit:

Automatically configuring attached interfaces from different subnets in a UNIX family OS#

To automatically configure attached interfaces, you can use NGN templates. They are designated as [Cloud Image] and have the c2-ec2-netutils package installed. This utility performs the following actions.

  • If the interface is attached to a running VM, then it:

    • Creates an interface configuration using Instance Metadata API. The configuration can be found in the default path specific to the OS.

    • adds routing rules;

    • adds the required routes;

    • brings up an interface.

  • If the interface is attached to a stopped VM, then it:

    • Once the VM has started, the ec2ifscan service runs and performs the setup.

    • If any interfaces remain unconfigured after the start for some reason, you can run the scanning service manually: systemctl start ec2net-scan.service

  • If you detach an interface from a running instance, then:

    • The entire configuration will be deleted.

  • If you detach an interface from a stopped instance, then:

    • The configuration will not be deleted, but the next time the interface is attached, its MAC address is validated and, if it does not match, the configuration is generated again.

The generated configuration contains the EC2SYNC parameter, whose default value is yes. If it is set to no, the interface configuration will not change. If you detach the interface, its configuration will not be deleted. This feature is useful when you need to create a custom interface configuration. Important notice: the EC2SYNC record structure cannot be changed – you can change only the parameter value, which can be yes or no.

  • To delete the interface configuration and routes and put the interface in the DOWN state, you can use the commands:

    • For CentOS: systemctl stop ec2net-ifup@<interface>.service

    • For Ubuntu: ec2ifdown <interface>

  • To restore the interface and its configuration after deleting the configurations, you can use the commands:

    • For CentOS: systemctl start ec2net-ifup@<interface>.service

    • For Ubuntu: ec2ifup <interface>

Now, the functionality is available in the following NGN templates [Cloud Image]:

  • CentOS 7.5

  • CentOS 7.8

  • CentOS 8.2

  • Ubuntu 18.04

  • Ubuntu 20.04

  • Debian 8

  • Debian 9

  • Debian 10

For source code, follow the link.

Automatically configuring attached interfaces from different subnets in Windows#

If multiple interfaces are created in different subnets, have different Elastic IP addresses and are connected to the same Windows instance, then in order for them to work correcty you must enable the option for the instance to be discovered by other networks when connecting to it for the first time.

After confirmation, the operating system will configure the appropriate settings automatically. Then, configure security policies for the Windows firewall and add an inbound rule for the tcp protocol and 3389 port in the security groups assigned to the network interfaces.

You can use any RDP client to access a Windows instance.