我有一个VPC(例如vpc-a),其CIDR范围为192.170.0.0/16。
我在VPC中创建了3个子网,如下所示:
> aws ec2 describe-subnets --filters Name=vpc-id,Values=vpc-05d932bbfd4bfe3c5
{
"Subnets": [
{
"AvailabilityZone": "ap-south-1b",
"AvailabilityZoneId": "aps1-az3",
"AvailableIpAddressCount": 57,
"CidrBlock": "192.170.80.0/26",
"DefaultForAz": false,
"MapPublicIpOnLaunch": true,
"State": "available",
"SubnetId": "subnet-0a4c7cc6faa094318",
"VpcId": "vpc-05d932bbfd4bfe3c5",
"OwnerId": "336282279309",
"AssignIpv6AddressOnCreation": false,
"Ipv6CidrBlockAssociationSet": [],
"Tags": [
...
],
"SubnetArn": "arn:aws:ec2:ap-south-1:336282279309:subnet/subnet-0a4c7cc6faa094318"
},
{
"AvailabilityZone": "ap-south-1a",
"AvailabilityZoneId": "aps1-az1",
"AvailableIpAddressCount": 48,
"CidrBlock": "192.170.0.0/26",
"DefaultForAz": false,
"MapPublicIpOnLaunch": true,
"State": "available",
"SubnetId": "subnet-0b6e7a1e1840713a9",
"VpcId": "vpc-05d932bbfd4bfe3c5",
"OwnerId": "336282279309",
"AssignIpv6AddressOnCreation": false,
"Ipv6CidrBlockAssociationSet": [],
"Tags": [
...
],
"SubnetArn": "arn:aws:ec2:ap-south-1:336282279309:subnet/subnet-0b6e7a1e1840713a9"
},
{
"AvailabilityZone": "ap-south-1c",
"AvailabilityZoneId": "aps1-az2",
"AvailableIpAddressCount": 49,
"CidrBlock": "192.170.160.0/26",
"DefaultForAz": false,
"MapPublicIpOnLaunch": true,
"State": "available",
"SubnetId": "subnet-0e45e8fc489794ea9",
"VpcId": "vpc-05d932bbfd4bfe3c5",
"OwnerId": "336282279309",
"AssignIpv6AddressOnCreation": false,
"Ipv6CidrBlockAssociationSet": [],
"Tags": [
...
],
"SubnetArn": "arn:aws:ec2:ap-south-1:336282279309:subnet/subnet-0e45e8fc489794ea9"
}
]
}
所以基本上3个子网是:
subnet-0 CIDR: 192.170.0.0/26 Zone: ap-south-1a
subnet-1 CIDR: 192.170.80.0/26 Zone: ap-south-1b
subnet-2 CISR: 192.170.160.0/26 Zone: ap-south-1c
路由表如下:
aws ec2 describe-route-tables --filters Name=vpc-id,Values=vpc-05d932bbfd4bfe3c5
{
"RouteTables": [
{
"Associations": [
{
"Main": true,
"RouteTableAssociationId": "rtbassoc-02f438a98c50824f2",
"RouteTableId": "rtb-04a14541aaf44b1d1",
"AssociationState": {
"State": "associated"
}
}
],
"PropagatingVgws": [],
"RouteTableId": "rtb-04a14541aaf44b1d1",
"Routes": [
{
"DestinationCidrBlock": "192.170.0.0/16",
"GatewayId": "local",
"Origin": "CreateRouteTable",
"State": "active"
}
],
"Tags": [],
"VpcId": "vpc-05d932bbfd4bfe3c5",
"OwnerId": "336282279309"
},
{
"Associations": [
{
"Main": false,
"RouteTableAssociationId": "rtbassoc-047cce5bf22b50a76",
"RouteTableId": "rtb-08371ccc1f79ebfe6",
"SubnetId": "subnet-0e45e8fc489794ea9",
"AssociationState": {
"State": "associated"
}
},
{
"Main": false,
"RouteTableAssociationId": "rtbassoc-0fbf237d4b7af1b57",
"RouteTableId": "rtb-08371ccc1f79ebfe6",
"SubnetId": "subnet-0a4c7cc6faa094318",
"AssociationState": {
"State": "associated"
}
},
{
"Main": false,
"RouteTableAssociationId": "rtbassoc-066c66d94f1aa32a5",
"RouteTableId": "rtb-08371ccc1f79ebfe6",
"SubnetId": "subnet-0b6e7a1e1840713a9",
"AssociationState": {
"State": "associated"
}
}
],
"PropagatingVgws": [],
"RouteTableId": "rtb-08371ccc1f79ebfe6",
"Routes": [
{
"DestinationCidrBlock": "192.168.0.0/24",
"TransitGatewayId": "tgw-065d7ae5e846681b0",
"Origin": "CreateRoute",
"State": "active"
},
{
"DestinationCidrBlock": "192.170.0.0/16",
"GatewayId": "local",
"Origin": "CreateRouteTable",
"State": "active"
},
{
"DestinationCidrBlock": "0.0.0.0/0",
"GatewayId": "igw-0d37c7db290bf696c",
"Origin": "CreateRoute",
"State": "active"
}
],
"Tags": [
{
"Key": "Name",
"Value": "wqw"
}
],
"VpcId": "vpc-05d932bbfd4bfe3c5",
"OwnerId": "336282279309"
}
]
}
我有2个ec2实例:
instance-1 Subnet: subnet-0 , IP : 192.170.0.57
instance-2 Subnet: subnet-1 , IP : 192.170.80.6
我无法从实例1到实例2进行SSH或反之。但是,我可以使用传输网关从cidr 192.168.0.0/16的另一个vpc中的另一个实例SSH到这两个实例,您可以在上面的路由信息中找到它们。
我是否需要在子网subnet-0和subnet-1之间添加其他路由信息?如果是这样,那条路线的“目标”是什么?我尝试在vpc上启用流日志,但是云监视日志中什么也没出现。
在这里感谢一些帮助。