Hi,
I have established a s2s VPN connection between aws and office.
The route table has entry to the Virtual private gateways
192.168.10.0/24 vgw-xxxx
I can ping to and receive ping from office pc, but for the second ENI, I can only receive ping:
I can ping the second ENI from office:
C:\Users\Robbert>ping 172.31.43.97
Pinging 172.31.43.97 with 32 bytes of data:
Reply from 172.31.43.97: bytes=32 time=25ms TTL=63
Reply from 172.31.43.97: bytes=32 time=24ms TTL=63
Reply from 172.31.43.97: bytes=32 time=24ms TTL=63
Ping statistics for 172.31.43.97:
Packets: Sent = 3, Received = 3, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 24ms, Maximum = 25ms, Average = 24ms
and I can ping to office using the first ENI:
ubuntu@ip-172-31-34-10:~$ ping -I ens5 192.168.10.50 -w 2
PING 192.168.10.50 (192.168.10.50) from 172.31.34.10 ens5: 56(84) bytes of data.
64 bytes from 192.168.10.50: icmp_seq=1 ttl=127 time=24.3 ms
64 bytes from 192.168.10.50: icmp_seq=2 ttl=127 time=23.9 ms
--- 192.168.10.50 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
However I can not ping it using the second ENI:
ubuntu@ip-172-31-34-10:~$ ping -I ens6 192.168.10.50
PING 192.168.10.50 (192.168.10.50) from 172.31.43.97 ens6: 56(84) bytes of data.
From 172.31.43.97 icmp_seq=1 Destination Host Unreachable
From 172.31.43.97 icmp_seq=2 Destination Host Unreachable
...
and here is the route table
ubuntu@ip-172-31-34-10:~$ ip r
default via 172.31.32.1 dev ens5 proto dhcp src 172.31.34.10 metric 100
172.31.32.0/20 dev ens6 proto kernel scope link src 172.31.43.97
172.31.32.0/20 dev ens5 proto kernel scope link src 172.31.34.10
172.31.32.1 dev ens5 proto dhcp scope link src 172.31.34.10 metric 100
172.31.43.97 dev ens6 proto static scope link
How do I resolve this one way communication issue?
Thank you!
Robbert
Thank you, both are in the same subnet, but when I tried your example with the real default gateway , It did work:
ip route add 192.168.10.0/24 via 172.31.32.1 dev ens6
ping -I ens6 192.168.10.50
PING 192.168.10.50 (192.168.10.50) from 172.31.43.97 ens6: 56(84) bytes of data
64 bytes from 192.168.10.50: icmp_seq=1 ttl=127 time=24.7 ms ...
not clear why it work as both ENI have same gateway, see below:
ip r
default via 172.31.32.1 dev ens5 proto dhcp src 172.31.34.10 metric 100
172.31.32.0/20 dev ens6 proto kernel scope link src 172.31.43.97
172.31.32.0/20 dev ens5 proto kernel scope link src 172.31.34.10
172.31.32.1 dev ens5 proto dhcp scope link src 172.31.34.10 metric 100
172.31.43.97 dev ens6 proto static scope link
192.168.10.0/24 via 172.31.32.1 dev ens6
and another related question, From the second ENI I canot ping 8.8.8.8
ping -I ens6 8.8.8.8
PING 8.8.8.8 (8.8.8.8) from 172.31.43.97 ens6: 56(84) bytes of data.
From 172.31.43.97 icmp_seq=1 Destination Host Unreachable
Do you know why? Thanks again for your help!
Robbert
I believe the following route is to be used when the sender is the primary ENI. In other words, I thought it was not used in the secondary ENI.