Muliple IPs on an Ubuntu EC2 VPC? Yes, please!

Subtitled: Configuring a second ethernet adapter on an Ubuntu EC2 VPC instance

If you're wanting to have multiple valid SSL certificates for many domains (say, for Drupal a multisite running on Aegir) on a single EC2 instance you'll, of course, need multiple IP addresses. While Amazon's VPC offerings seem like an easy win there are a few twists to get the server to respond to that second internal IP.

Here are my notes, hopefully they'll be of some use to you. You might not need to do all of these, but I've found things to work better this way. These steps were used on Ubuntu 12.04 in June 2012 — things can change.

Get set up:

  • Have one unique internal IP address (10.0.0.70, 10.0.0.80, etc) per network adapter
  • Map the Elastic IP addresses to your internal IP
  • I'm running Aegir and needed to map the Apache server not to the public IP used for the domain name, but the private internal IP address

Once you've done the the above, you'll likely find the server working fine on the first IP address but not responding on the second.

Here's what to do next:

  1. In the Amazon VPC Route Table console ensure you have a route entry for 0.0.0.0/0 using your IGW (this will look like igw-xxxxxx)
  2. SSH into your server
  3. If not root: sudo su - root
  4. Initialize your secondary ethernet interface (don't do this for eth0)
    • ifconfig eth1 10.0.0.YOURIPHERE netmask 255.255.255.0
  5. Set up your interfaces
    • vi /etc/network/interfaces
  6. For each adapter add (changing "1" for your adapter)
    • auto eth1
    • iface eth1 inet dhcp
  7. Start each adapter ifup eth1
  8. We should be able to ifconfig and see the ethernet adapters up
  9. Reboot
    • init 6
  10. SSH into your server, become root
  11. For each ethernet adapter follow this pattern:
    • ip route add default via 10.0.0.1 dev eth0 tab 1
    • ip route add default via 10.0.0.1 dev eth1 tab 2
    • Similarly:
      • ip rule add from 10.0.0.170/32 tab 1 priority 500
      • ip rule add from 10.0.0.190/32 tab 2 priority 600

Almost done

Good news is it works at this point, bad news is the ip routes and rules won't survive a reboot.

Let's make changes survive a reboot:

  • Return to vi /etc/network/interfaces; our file should look like:

    # The loopback network interface
              auto lo
              iface lo inet loopback
              # The primary network interface
              auto eth0
              iface eth0 inet dhcp
              auto eth1
              iface eth1 inet dhcp
              
  • We modify the above, adding in the ip route and ip rule commands from before, but prefixing them with "post-up", like so:

    # The loopback network interface
              auto lo
              iface lo inet loopback
              # The primary network interface
              auto eth0
              iface eth0 inet dhcp
              post-up ip route add default via 10.0.0.1 dev eth0 tab 1
              post-up ip rule add from 10.0.0.170/32 tab 1 priority 500
              auto eth1
              iface eth1 inet dhcp
              post-up ip route add default via 10.0.0.1 dev eth1 tab 2
              post-up ip rule add from 10.0.0.190/32 tab 2 priority 600
              

Now reboot /etc/init.d/networking restart

All set!

Image credit: Flickr user "Andreas Beer"


I'm Ken Hawkins

I do web architecture, holistic design, and a bit of UX and development. If you want to lean more about me and what I do, head to the front page, or:

This site is a playgound 🙈

What you're seeing was made with a combination of the Foundation Framework, Travis CI, CSS/Sass, resposnisve design, Gulp, Panini static site generator, Markdown and some other stuff and then hosted through Github pages.

In years past I would have likely made this site with Drupal, but for smaller sites with savvy editors, I've been using these static site combination as it simplifies maintance.