Recently, we have covered a topic on Implementation of to NAT Gateway. In this article, let’s understand the implementation of Elastic Network Interface.
The topic “Elastic Network Interface” addresses the Design and Implementation of AWS Networks topic as highlighted in the AWS Blueprint for the exam guide
What is Elastic Network Interface?
AWS Elastic Network Interface is simply a virtual interface that can be attached to an instance in a Virtual Private Cloud (VPC). Followings are the attributes of a network interface:
- A primary private IPv4 address
- One Elastic IP address (IPv4) per private IPv4 address
- One or more secondary private IPv4 addresses
- One public IPv4 address
- One or more security groups
- One or more IPv6 addresses
- A source/destination check flag
- A MAC address
- A description
By default, each instance will have a primary network interface. This can be seen while the instance is being created.
This IP will get a Private IP address. It will also get a public IP address if the setting has been enabled for the Subnet in which the instance is located in. You can also add Secondary IP addresses to an Elastic Network Interface.
You can also add Secondary Network Interfaces to an Instance.
In our Implement example, we will see how to swap network interfaces between 2 instances. This can be done for implementing fault tolerance for an application.
Let’s say we have 2 Instances, one is a primary instance which hosts a web application. This has been assigned a secondary network interface. This interface has an Elastic IP assigned which is accessed by external Users. Let’s say that you have a standby instance which has the same web server installed but is in the non-active state. Only if the primary instance fails for any reason, then a failover happens to the secondary instance.
So now to ensure that the failover happens from the primary to secondary instance seamlessly so that the same Elastic IP address can be used for standby instance, the ENI can be shifted to the secondary Instance. It needs to be ensured that the subnets for the instances belong to the same availability zone.
So now let’s look at the implementation of this.
Note: CIDR is one of the important terms an AWS Network Engineer should know about. CIDR offers the benefits of effective management of available IP address space and reduces the number of routing table entries. If you are still wondering what does CIDR stand for, learn more!
Implementation of Failover using the Elastic Network Interface
Followings are the steps to implement Elastic Network Interface:
Step 1) Firstly we will create 2 Instances of the type Amazon Machine Image. These Instances will be created in the subnet of the same availability zone
Here the Servers have been named as Primary and Standby Server. Each of these servers only has the primary network interface
Step 2) On the PrimaryServer and Standby Server, we are going to install a Web server known as nginx via the following commands
sudo yum update
sudo yum install nginx
Once done, we need to start the nginx service on the primary server
sudo service nginx start
When you go to the Public IP of the Primary Server, you should get the following page. Ensure that the Security Group of the PrimaryServer allows traffic on port 80.
Step 3) Now let’s create a Secondary Network Interface. This will be attached to the Primary Server. In the EC2 Dashboard, click on Create Network Interface
Give a description of the new network interface. Create it in Subnet A, because that is where the PrimaryServer resides. Attach the Security Group of the Primary Server to the Elastic Network Interface.
Then Create the Interface.
Once the Interface has been created, click the Interface and click on Attach
Attach it to the Primary Server
Once the network interface has been attached, this will reflect in the Instance configuration.
In the EC2 dashboard, for the Primary Server, you will see 2 Private IP’s now.
Note that we chose the Amazon Machine Image because the configuration happens automatically for this AMI. If you choose another Linux Instance like Ubuntu, you need to do the configuration manually for the secondary network interface.
Step 4) Now let’s attach an Elastic IP to the Secondary ENI which we have attached to the primary instance.
Go to the Elastic IP section. Allocate a new Elastic IP address if one is not present.
Let’s now associate it to the Secondary Private IP on the PrimaryServer
Step 5) To ensure the web server is running on the Elastic IP of the primary server, you need to ensure the Secondary private IP is entered in the configuration file for the Web server. For nginx, this setting will be in the /etc/nginx/nginx.conf file. First, stop the nginx server, change the Private IP and port number to the below. This IP is the private IP of the secondary ENI attached to the primary server.
listen [::]:80 default_server;
Then start the nginx server to confirm it is running, now on the Elastic IP
Step 6) Now to initiate a proper failover we need to perform the following
- Install nginx on the SecondaryServer
- Now we are going to modify the home page displayed by nginx just to understand that when we browse to this server, it is reflecting the page on this server
We need to go to the /usr/share/nginx/html folder and modify the index.html file. So if you browse to the home page of the web server on the Secondary Server, it would look like the below
Here the Welcome to message says “Welcome to nginx on Secondary Server”
- Next, we need to ensure to modify the nginx.conf file on this server as well to ensure it listens to the private IP as shown below. This is so that when the switch happens, the Elastic IP would anyway point to the below private IP and that would point to the web server on the secondary server.
listen [::]:80 default_server;
Step 7) Now let’s swap the Secondary ENI from the primary to the standby server
First Detach the Secondary Network Interface
Once detached, attach it to the Standby Server
Now when you browse to the Elastic IP, you will get the home page of the Standby Server
Important Points About Elastic Network Interface
- You can attach a network interface in one subnet to an instance in another subnet in the same VPC; however, both the network interface and the instance must reside in the same Availability Zone.
- You may require to bring up the second interface manually for the hot or warm attach of the additional network interface. So, it is advised to first configure the private IPv4 address, and then modify the route table according to that.
- The procedure of the attachment of another network interface to an existing instance (for example, a NIC teaming configuration) cannot be used to increase the network bandwidth to or from the dual-homed instance.
- If two or more network interfaces from the same subnet are attached to an instance, you may encounter networking issues such as asymmetric routing. It is recommended to use a secondary private IPv4 address on the primary network interface, if possible.
The aim of Whizlabs is to help the individuals in their journey of preparing and passing AWS Certified Advanced Networking Specialty certification exam. We deliver the best and high-quality preparation material to evolve professional career. Whizlabs content is prepared by the industry experts who have a great knowledge and passion for cloud computing. We are continuously growing our cloud expert’s community.
- 7 pro tips to prepare for the AZ-500: Microsoft Azure Security Technologies Exam - November 14, 2022
- Preparation Guide on DVA-C01: AWS Certified Developer Associate Exam - November 8, 2022
- Preparation Guide on SK-005: CompTIA Server+ Certification Exam - October 26, 2022
- Free Questions on Microsoft Azure AI Solution Exam AI-102 Certification - October 14, 2022
- Preparation Guide on PAS-C01: SAP on AWS Specialty Certification Exam - October 3, 2022
- How to prepare for Microsoft Information Protection Administrator SC-400 exam? - September 21, 2022
- 25 Free Question on Microsoft Power Platform Solutions Architect (PL-600) - August 28, 2022
- All you need to know about AZ-104 Microsoft Azure Administrator Certification - August 17, 2022