我们意外地在172.168.0.0/16 CIDR块中创建了一个VPC,我们意识到我们需要改变它,但是,是否有人知道这种问题的不良影响?
每次拨打本地IP(我们预期)是否真的通过互联网进行?
我们是否可以与采用这些IP的人发生IP冲突?
如果有人在这个区块中拥有IP,我们的内部流量是否真的可以上网?
编辑:
我们的子网路由表将此范围内的流量路由到本地网络,但我确信仍然会产生不利影响。
答案 0 :(得分:8)
VPC允许您为自己的私人用途创建AWS网络的隔离部分。
您可以在VPC中选择任何范围的IP地址(最大大小为/ 16),并且不会与其他AWS客户发生冲突。
默认情况下,VPC网络不会通过互联网公开。要将子网公开到Internet,您需要以下内容:
现在您的VPC已创建,您将无法修改其IP地址范围。您需要创建一个新的VPC。
我们在http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Introduction.html
的文档中详细解释了VPC[UPDATE]
我测试了使用一系列可公共路由的IP地址创建VPC的用例。我确认 - 毫不奇怪 - 您无法连接到在VPC范围内使用IP地址的基于Internet的计算机(没有到主机的路由)。当VPC尝试在本地路由这些地址时,会出现此行为。
测试详情。
在54.72.0.0/16地址范围内创建一个VPC。
$ aws ec2 describe-vpcs --region us-west-2 --filters Name=tag:Name,Values=test
{
"Vpcs": [
{
"VpcId": "vpc-e5df7680",
"InstanceTenancy": "default",
"Tags": [
{
"Value": "test",
"Key": "Name"
}
],
"State": "available",
"DhcpOptionsId": "dopt-73848e11",
"CidrBlock": "54.72.0.0/16",
"IsDefault": false
}
]
}
在该VPC中创建EC2实例,并自动分配公共IP地址
$ aws ec2 describe-instances --region us-west-2 --query 'Reservations[].Instances[].NetworkInterfaces[?VpcId == `vpc-e5df7680`]'
[
[
{
"Status": "in-use",
"MacAddress": "0a:9c:b1:82:d5:ed",
"SourceDestCheck": true,
"VpcId": "vpc-e5df7680",
"Description": "Primary network interface",
"Association": {
"PublicIp": "54.213.235.16",
"PublicDnsName": "ec2-54-213-235-16.us-west-2.compute.amazonaws.com",
"IpOwnerId": "amazon"
},
"NetworkInterfaceId": "eni-7d37d025",
"PrivateIpAddresses": [
{
"PrivateDnsName": "ip-54-72-24-135.us-west-2.compute.internal",
"Association": {
"PublicIp": "54.213.235.16",
"PublicDnsName": "ec2-54-213-235-16.us-west-2.compute.amazonaws.com",
"IpOwnerId": "amazon"
},
"Primary": true,
"PrivateIpAddress": "54.72.24.135"
}
],
"PrivateDnsName": "ip-54-72-24-135.us-west-2.compute.internal",
"Attachment": {
"Status": "attached",
"DeviceIndex": 0,
"DeleteOnTermination": true,
"AttachmentId": "eni-attach-aaa7e1a2",
"AttachTime": "2015-02-11T19:05:34.000Z"
},
"Groups": [
{
"GroupName": "SSH",
"GroupId": "sg-f2752e97"
}
],
"SubnetId": "subnet-7978bc20",
"OwnerId": "577031028568",
"PrivateIpAddress": "54.72.24.135"
}
],
[]
]
连接到该实例
$ ssh ec2-user@54.213.235.16
Warning: Permanently added '54.213.235.16' (RSA) to the list of known hosts.
__| __|_ )
_| ( / Amazon Linux AMI
___|\___|___|
https://aws.amazon.com/amazon-linux-ami/2014.09-release-notes/
检查私人IP地址(无效范围!)
[ec2-user@ip-54-72-24-135 ~]$ ifconfig eth0
eth0 Link encap:Ethernet HWaddr 0A:9C:B1:82:D5:ED
inet addr:54.72.24.135 Bcast:54.72.24.255 Mask:255.255.255.0
inet6 addr: fe80::89c:b1ff:fe82:d5ed/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:9001 Metric:1
RX packets:23418 errors:0 dropped:0 overruns:0 frame:0
TX packets:2930 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:33618848 (32.0 MiB) TX bytes:274735 (268.2 KiB)
测试互联网连接
[ec2-user@ip-54-72-24-135 ~]$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=54 time=7.75 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=54 time=7.81 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=54 time=7.79 ms
^C
--- 8.8.8.8 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2489ms
rtt min/avg/max/mdev = 7.756/7.790/7.815/0.024 ms
[ec2-user@ip-54-72-24-135 ~]$ curl -I www.stormacq.com
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Date: Wed, 11 Feb 2015 19:23:04 GMT
Server: Apache/2.4.10 (Amazon) PHP/5.5.20
X-Powered-By: PHP/5.5.20
Cache-Control: max-age=3, must-revalidate
WP-Super-Cache: Served supercache file from PHP
Vary: Accept-Encoding,Cookie
X-Cache: Miss from cloudfront
Via: 1.1 4f4f94bdda0837b3f79484c70f2d1348.cloudfront.net (CloudFront)
X-Amz-Cf-Id: us5_V9oNZak_8WAqsbBu6q9wNm4A0S6VRXGu10nDoQnWS5PYnVMwgg==
工作!
现在,使用与我们的VPC相同的IP地址测试与互联网机器的连接
[ec2-user@ip-54-72-24-135 ~]$ ssh 54.72.24.171
ssh: connect to host 54.72.24.171 port 22: No route to host
[ec2-user@ip-54-72-24-135 ~]$ sudo traceroute 54.72.24.171
traceroute to 54.72.24.171 (54.72.24.171), 30 hops max, 60 byte packets
1 ec2-54-72-24-135.eu-west-1.compute.amazonaws.com (54.72.24.135) 2997.785 ms !H 2997.769 ms !H 2997.765 ms !H
失败。