amazon-web-services – Adding a Second Network Interface on Amazon EC2

amazon ec2amazon-web-servicesroutingubuntu-18.04

I'm trying to add a second network interface to Ubuntu 18.04 instance on Amazon EC2. I followed this guide from Amazon on how to do it, and added a /etc/netplan/51-eth1.yaml file with the following content:

network:
  version: 2
  renderer: networkd
  ethernets:
    eth1:
      addresses:
       - 172.31.10.13/20
      dhcp4: no
      routes:
       - to: 0.0.0.0
         via: 172.31.0.1
         scope: link
         table: 1001
      routing-policy:
        - from: 172.31.10.13
          table: 1001

So my routing table now looks like this:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         172.31.0.1      0.0.0.0         UG    100    0        0 eth0
172.31.0.0      0.0.0.0         255.255.240.0   U     0      0        0 eth1
172.31.0.0      0.0.0.0         255.255.240.0   U     0      0        0 eth0
172.31.0.1      0.0.0.0         255.255.255.255 UH    100    0        0 eth0

However, pinging an address on the same subnet using ping -I works only from the eth1 interface. I do see the replies arriving correctly on eth0, but it looks like the OS ignores them for some reason.
Running a ping on eth0 together with tcpdump on the same interface I get the following output:

PING 172.31.5.193 (172.31.5.193) from 172.31.10.197 eth0: 56(84) bytes of data.
06:00:15.186249 02:bb:3e:8f:3f:1c > 02:29:0b:80:74:b4, ethertype IPv4 (0x0800), length 98: 172.31.10.197 > 172.31.5.193: ICMP echo request, id 3538, seq 1, length 64
06:00:15.186635 02:29:0b:80:74:b4 > 02:bb:3e:8f:3f:1c, ethertype IPv4 (0x0800), length 98: 172.31.5.193 > 172.31.10.197: ICMP echo reply, id 3538, seq 1, length 64
06:00:16.201069 02:bb:3e:8f:3f:1c > 02:29:0b:80:74:b4, ethertype IPv4 (0x0800), length 98: 172.31.10.197 > 172.31.5.193: ICMP echo request, id 3538, seq 2, length 64
06:00:16.201513 02:29:0b:80:74:b4 > 02:bb:3e:8f:3f:1c, ethertype IPv4 (0x0800), length 98: 172.31.5.193 > 172.31.10.197: ICMP echo reply, id 3538, seq 2, length 64
^C
--- 172.31.5.193 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1030ms

So all addresses are correct, but the packets are still regarded as lost. The same thing happens with TCP connections on the interface – the SYN-ACK arrives but ignored. I have verified that iptables rules are accept by default, and no other rules exist. Any idea what's wrong here?

Best Answer

May I ask why do you need 2 NICs on the same subnet? That’s hardly ever needed.

If you simply need 2 Private IPs or 2 Elastic IPs you can assign the secondary one on the existing interface: Secondary Private IP Address

Hope that helps :)

Related Topic