#aws | #devops

June 3, 2020

Routing to a single IP address in a cluster in AWS

We currently have a customer that has a legacy application that needs to be able to fail between two nodes (think old school clustering) their application, and can really only talk to it via an IP address. Since DNS is not possible, I needed a solution to move a single IP address from one node to the other. Also, this is Windows. This point is important because I’ve previously done something similar on Linux a long time ago.

Ultimately the solution is to set an IP on a loopback address and then have a static route in the VPC route table that points to the instance.

Something like this:

AWS Routing Diagram

I had a bit of trouble figuring out how to do this in Windows, so figured I would write something up in the hope that this will someone else one day.

Disable Src/Dest Check

First, in AWS you need to disable the Src/Dest Check on the EC2 instances involved.

Loopback Setup

First you need to setup the Microsoft Legacy Loopback device and put an address on it by itself (e.g. /32 or 255.255.255.255 subnet mask). I used an IP address that didn’t clash with any of the VPC subnets, peered VPC or anything over the direct connect. example 10.1.1.1/32

Enable Routing

Doing anything fun and interesting in Windows wouldn’t be complete without editing the registry.

You need to set (or create) the following REG_DWORD to 1: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\IPEnableRouter

Obligatory Reboot

Of course no Windoes configuration change wouldn’t be complete without a reboot of the operating system.

Changing the route

Now that we have the OS and EC2 configuration complete, we can change the route table in the VPC.

Here is an example bash script that gets the instance_id and then sets a static route in the route table in the VPC to send anything to 10.1.1.1/32 to the current instance_id.

instance-id=$(curl http://169.254.169.254/latest/meta-data/instance-id)
aws ec2 delete-route --route-table-id rtb-0c41d9d623bafb584 --destination-cidr-block 10.1.1.1/32
aws ec2 create-route --route-table-id rtb-0c41d9d623bafb584 --destination-cidr-block 10.1.1.1/32 --instance-id $instance-id

And here’s an example using powershell.

$instance_id = Invoke-RestMethod http://169.254.169.254/latest/meta-data/instance-id
Set-EC2Route -RouteTableId rtb-0c41d9d623bafb584 -DestinationCidrBlock 10.1.1.1/32 -InstanceId $instance_id

Conclusion

Hopefully someone else finds this useful and it saves them time searching the Internet.

Similar articles:

© Greg Cockburn

Powered by Hugo & Kiss.