Date
1 - 2 of 2
AWS DNS resolution + micro bosh
|
John Wong
By default everything in a VPC outbound is restricted, whether you are in a
"public subnet" or "private subnet" or not. http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_NAT_Instance.html The only thing that makes "public subnet" public is that you have a public IP attached. Regardless, you can tune how traffic is routed via the routing table. Amazon has a VPC service and there you can create subnets. One of the options provides one-click to create public and private subnet with NAT. This NAT is address translation unit. Basically all outbound traffic in private subnet will go through this NAT (which resides in the public subnet with EIP). This is enabled via routing table, which Amazon does the creation for you. You can also choose to update the routing table yourself, or create the routing tables and subnets all together on your own (manually or cloudformation, doesn't matter). Now, I don't know if your VPC is set up with the concept of public and private subnet. If not, I urge you run in such mode. I hope this helps you debug your issue. Run CF in your private subnet. To allow people to get inside your CF apps use some webserver like nginx; to allow CF to have outgoing traffic (such as getting packages), go through the NAT. On Sat, May 2, 2015 at 3:03 PM, Sumanth Yamala <Sumanth.Yamala(a)sas.com> wrote: I create 2 VMs one with elastic IP and the other one is default network
|
|
|
|
Sumanth Yamala <Sumanth.Yamala@...>
Thanks. I will try this and keep you posted.
toggle quoted messageShow quoted text
Sent from my iPhone
On May 2, 2015, at 7:14 PM, "John Wong" <gokoproject(a)gmail.com<mailto:gokoproject(a)gmail.com>> wrote:
By default everything in a VPC outbound is restricted, whether you are in a "public subnet" or "private subnet" or not. http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_NAT_Instance.html The only thing that makes "public subnet" public is that you have a public IP attached. Regardless, you can tune how traffic is routed via the routing table. Amazon has a VPC service and there you can create subnets. One of the options provides one-click to create public and private subnet with NAT. This NAT is address translation unit. Basically all outbound traffic in private subnet will go through this NAT (which resides in the public subnet with EIP). This is enabled via routing table, which Amazon does the creation for you. You can also choose to update the routing table yourself, or create the routing tables and subnets all together on your own (manually or cloudformation, doesn't matter). Now, I don't know if your VPC is set up with the concept of public and private subnet. If not, I urge you run in such mode. I hope this helps you debug your issue. Run CF in your private subnet. To allow people to get inside your CF apps use some webserver like nginx; to allow CF to have outgoing traffic (such as getting packages), go through the NAT. On Sat, May 2, 2015 at 3:03 PM, Sumanth Yamala <Sumanth.Yamala(a)sas.com<mailto:Sumanth.Yamala(a)sas.com>> wrote: I create 2 VMs one with elastic IP and the other one is default network with 10.0.0.6 as the DNS. Both are created in the same subnet/vpc The vm with elastic IP has no issues. The Vm with DNS turned on can resolve other VMs via powerDNS but cannot resolve www. It eventually times out. Sent from my iPhone On May 2, 2015, at 1:48 PM, "John Wong" <gokoproject(a)gmail.com<mailto:gokoproject(a)gmail.com>> wrote: By hanging I supposed eventually timeout? If so...you sure you have the routing table configured for that subnet of your VPC? Create a vm in the same subnet and try if you get the same hanging. On Fri, May 1, 2015 at 9:02 PM, Sumanth Yamala <Sumanth.Yamala(a)sas.com<mailto:Sumanth.Yamala(a)sas.com>> wrote: There is no error. That VM hangs when I execute apt-get update or do a traceroute to Yahoo. Thanks Sumanth Sent from my iPhone On May 1, 2015, at 6:04 PM, "Dmitriy Kalinin" <dkalinin(a)pivotal.io<mailto:dkalinin(a)pivotal.io>> wrote: Does it not work at all or is some error is shown? On Fri, May 1, 2015 at 1:28 PM, Sumanth Yamala <Sumanth.Yamala(a)sas.com<mailto:Sumanth.Yamala(a)sas.com>> wrote: I tried putting 10.0.0.2 as my dns.recursor...I am still having issues with DNS resolution on nodes which use network with DNS entry of micro-bosh (10.0.0.6) for the other nodes provisioned there is no issue. Thanks, Sumanth From: Dmitriy Kalinin [mailto:dkalinin(a)pivotal.io<mailto:dkalinin(a)pivotal.io>] Sent: Friday, May 01, 2015 3:39 PM To: Sumanth Yamala Cc: cf-bosh(a)lists.cloudfoundry.org<mailto:cf-bosh(a)lists.cloudfoundry.org> Subject: Re: [cf-bosh] AWS DNS resolution + micro bosh You should be able to use dns.recursor exactly the same way on AWS as you did on OpenStack. Btw AWS provides 10.0.0.2 address in your subnet as a full DNS. On Fri, May 1, 2015 at 11:43 AM, Sumanth Yamala <Sumanth.Yamala(a)sas.com<mailto:Sumanth.Yamala(a)sas.com>> wrote: Hi , I am using the features of BOSH DNS resolution. Deployed a microbosh. In my deployment manifest I specify for a default network to use 10.0.0.6 as my DNS. The behavior is: in AWS It is able to resolve BOSH deployed VM DNS like "0.docker.default.docker-sample.microbosh" but it is unable to resolve yahoo.com<http://yahoo.com>. How can I fix this behavior so that this resolves both. In OpenStack I had a similar issue - I had to put properties:dns:recursor with the name server that resolves the company network and the "www" to get around this. How do I solve this for AWS? Thanks, Sumanth _______________________________________________ cf-bosh mailing list cf-bosh(a)lists.cloudfoundry.org<mailto:cf-bosh(a)lists.cloudfoundry.org> https://lists.cloudfoundry.org/mailman/listinfo/cf-bosh _______________________________________________ cf-bosh mailing list cf-bosh(a)lists.cloudfoundry.org<mailto:cf-bosh(a)lists.cloudfoundry.org> https://lists.cloudfoundry.org/mailman/listinfo/cf-bosh
|
|
|