Below are configuration examples for a route table scenario (backend cluster) and an Elastic IP scenario (frontend cluster).
Route Table scenario (Backend Cluster):
To clarify the administration and operation of Route Table, consider the scenario shown in Figure 1.
This example configuration contains one Amazon VPC™, two Availability Zones (AZ).
There are two Subnets in each AZ.
- A first Subnet (hereinafter referred to as “Public Subnet”) connects to the Internet via Internet Gateway by Route Table – see Route Table of 10.0.1.0/24 and 10.0.3.0/24.
- A second Subnet (hereinafter referred to as “Private Subnet”) connects to the Internet via NAT Instance by Route Table – see Route Table of 10.0.2.0/24 and Route Table of 10.0.4.0/24.
In each Public Subnet, there is an EC2™ instance to which you assigned an Elastic IP for NAT (hereinafter referred to as “NAT Instance”).
In each Private Subnet, there is an EC2™ instance for LifeKeeper Active/Standby (hereinafter referred to as “Node1” and “Node2”), and there are clients that will use the applications protected by Node1/Node2.
Each Node1/Node2 has two Elastic Network Interfaces (ENIs).
Configure the Network ACLs and Security Groups to be able to communicate between each Instance and each Node.
Figure 1. Route Table scenario (When using a NAT instance to connect to a service endpoint)
Route Table of 10.0.1.0/24 and 10.0.3.0/24
10.0.0.0/16 | Local | Default |
0.0.0.0/0 | Internet Gateway | In order to connect to the Internet, requires the allocation of an Elastic IP. |
Route Table of 10.0.2.0/24
10.0.0.0/16 | Local | Default |
10.1.0.10/32 (IP resource) | Elastic Network Interface (ENI) on LifeKeeper Active Node | This Target is updated by Recovery Kit for EC2™ during a switchover. |
0.0.0.0/0 | NAT instance (10.0.1.0) | Connect to the Internet via NAT |
Route Table of 10.0.4.0/24
10.0.0.0/16 | Local | Default |
10.1.0.10/32 (IP resource) | Elastic Network Interface (ENI) on LifeKeeper Active Node | This Target is updated by Recovery Kit for EC2™ during a switchover. |
0.0.0.0/0 | NAT instance (10.0.3.0) | Connect to the Internet via NAT |
When a resource switchover is performed, LifeKeeper will take the IP resource out of service on Node 1. The Target entry of 10.1.0.10/32 in each Private Subnet will be updated to reflect the ENI of Node2. The IP resource will be brought in-service on Node2. Therefore IP address traffic to 10.1.0.10 is effectively redirected to Node2 by the new Route Table configuration changes in the Private Subnet.
If you need to access the IP address 10.1.0.10 from another subnet containing the public subnet, please add the destination route 10.1.0.10/32 to the route table entry for each subnet. LifeKeeper controls all entries for which the destination is set as “10.1.0.10/32” in the route table within the VPC. Additionally, if you have the ec2:CreateRoute access privilege, you can also create an IP resource route in the route table entry when creating the resource.
Elastic IP scenario (Frontend cluster):
To clarify the administration and operation of Elastic IP, consider the scenario shown in Figure 2.
This example configuration contains one Amazon VPC™, two Availability Zones (AZ).
There is one Subnet in each AZ.
Each Subnet connects to the Internet via Internet Gateway by Route Table.
In Subnet, there is an EC2™ instance for LifeKeeper Active/Standby (hereinafter referred to as “Node1” and “Node2”).
Each Node1/Node2 has two Elastic Network Interfaces (ENIs).
Configure the Network ACLs and Security Groups to be able to communicate between each Node.
Figure 2. Elastic IP scenario (When using an Internet gateway)
The system administrator allocates an Elastic IP address of frontend cluster to the ENI.
Assuming that Node1 is the primary server for the resource, the administrator creates the AWS ECC resource hierarchy on Node1 using the wizard described in the section entitled Creating a Resource Hierarchy.
When resource switchover is performed, Recovery Kit for EC2™ disassociates the Elastic IP from the ENI on Node 1. After that Recovery Kit for EC2™ determines if the elastic IP is associated with the ENI on Node 2, if not, associates the Elastic IP to the ENI. Therefore client on the Internet can reach Node 2 via the Elastic IP after switchover.
Post your comment on this topic.