How does AWS configure the 169.254.169.254 address on an instance

amazon-amiamazon-web-serviceslinux-networking

AWS uses 169.254.169.254 as a link local address, which you can use to pull meta data about the instance, ie:

curl http://169.254.169.254/latest/meta-data/

How/where is this IP configured on the instance? I can see a route for it if I do an "ip route". And if I "netcat -Cvz 169.254.169.254 80", I can get a connection. However, I don't actually see the instance listening anywhere if I do a "netstat -ntlp". If I attempt to connect to another port, "netcat -Cvz 169.254.169.254 22", it fails. In fact, I have what would seem to be a conflicting Apache service running on 0.0.0.0:80. So it seems like this address is referring to an outside host. Would it be pointing to the hypervisor?

Best Answer

Most linux distributions will already create a Zeroconf route, which is probably why Amazon figured they would "borrow" that particular IP address. For example, if you install CentOS 7 then "out of the box" your primary Ethernet will get a route added:

/etc/sysconfig/network-scripts/ifup-eth

# Add Zeroconf route.
if [ -z "${NOZEROCONF}" -a "${ISALIAS}" = "no" -a "${REALDEVICE}" != "lo" ]; then
    ip route add 169.254.0.0/16 dev ${REALDEVICE} metric $((1000 + $(cat /sys/class/net/${REALDEVICE}/ifindex))) scope link
fi

No doubt similar stuff exists in debian, ubuntu, etc...

You may wonder how it works when none of your local interface addresses are even in the correct subnet, but actually Linux doesn't care too much about that. Some servers generate a local Zeroconf address just using random numbers as per RFC3927, in which case they will use the generated address. Either way shouldn't make much difference, provided the thing at 169.254.169.254 is happy to answer.

Related Topic