21. 設定
AWS
Source / Dest Check OFF (standby, too)
Secondary Private IP: $NAT_VIP (=10.0.0.254)
Elastic IP
Associate with $NAT_VIP (≠Primary Private IP)
Allow Reassociation
ちなみにAWS側の2nd IP設
Linux, sysctl
定せずにLinux側だけでIP
Aliasした場合、arp解決がで
きなくて疎通できません
sysctl -w net.ipv4.ip_forward=1
sysctl -w net.netfilter.nf_conntrack_max=262144
Linux, iptables
iptables -t nat -A POSTROUTING -s 10.0.0.0/16 -o eth0
-j SNAT --to-source $NAT_VIP
ip addr add $NAT_VIP dev eth0 label eth0:nat
ip route add default via 10.0.0.1 dev eth0 src $NAT_VIP
22. フェイルオーバーの流れ
新Active
iptables -t nat -F POSTROUTING
iptables -t nat -A POSTROUTING -s 10.0.0.0/16 -o eth0
-j SNAT --to-source $NAT_VIP
ip addr add $NAT_VIP/24 dev eth0 label eth0:nat
ip route del default
ip route add default via $I_GW dev eth0 src $NAT_VIP
AWS API
aws ec2 assign-private-ip-addresses
--network_interface_id $ENI_ID_of_NEW_ACTIVE
--private_ip_addresses $NAT_VIP
--allow-reassignment
旧Active (if possible)
iptables -t nat -F POSTROUTING
ip addr del $NAT_VIP/24 dev eth0 label eth0:nat
ip route del default
ip route add default via $NAT_VIP dev eth0