By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Connectivity from an EC2 instance with two ENIs to another VPC

0

Hi,

I have a connectivity question for the following escenario:

I Have two EC2 linux instances in VPC A (one acting as client and the other as a router), another EC2 linux instance in VPC B. The router instance in VPC A has ENIs attached to two different private subnets, only one subnet has a route to the transit gateway. the Machine in VPC B has only the built-in ENI. The two VPCs connect through Transit Gateway attachments. I want traffic coming from the not TGW attached subnet goes through the local ENI and then gets routed to the other ENI which will sent out the packet to the TGW for routing to the VPC B Instance. When I ping Instance A to instance B it works, but if I try to ping from another machine or using as source the ENI in the not TGW-attached subnet the ping does not gets any response. The Instance A has already been configured as a linux router and src/dst check has been disabled to allow packets to go through. In all, the traffic flow would be as follows:

SUBNET A EC2 INSTANCE -> INSTANCE A SUBNET A ENI -> INSTANCE A SUBNET B ENI -> TRANSIT GATEWAY -> INSTANCE B

Anyone knows how to get it to work?

Topics
Networking & Content DeliveryCompute
Tags
Amazon VPCAmazon EC2Networking & Content DeliveryAWS Transit Gateway
Language
English
John Marteen
asked 4 months ago524 views
1 Answer
0

Hello.

Does this mean that access from SUBNET A is NATed on INSTANCE A and then sent to Transit Gateway?
Also, as part of troubleshooting, please use something like Network Access Analyzer to check if you can communicate with Transit Gateway.
https://aws.amazon.com/jp/blogs/aws/new-amazon-vpc-network-access-analyzer/

profile picture
EXPERT
Riku_Kobayashi
answered 4 months ago
  • John Marteen
    4 months ago

    The idea is not NATing traffic on instance, but leave it as it is coming with its original IPs. Only that it requires allowing it to go through this intermidiate router.

  • Riku_Kobayashi EXPERT
    4 months ago

    For example, have you confirmed that communication is possible from SUBNET A to SUBNET B ENI? Also, if you are not using NAT, I feel like you probably need to add a route back to SUBNET A in the route table to SUBNET B's route table and TRANSIT GATEWAY and INSTANCE B's route tables.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content