AWS Elastic Network Interface

I was a bit confused with the term of “ENI”, after some research and testing, I finally make myself clear with it.

Two Scenarios:

EC2 instance with multiple network adapters ( for example, eth0 and eth1)

The use cases for this setting:

  • Dual-homed instance
  • Create additional management network

EC2 instance with one network adapter but have two or more private IP address

The use cases according to AWS documentation are:

  • Host multiple websites on a single server by using multiple SSL certificates on a single server and associating each certificate with a specific IP address.
  • Operate network appliances, such as firewalls or load balancers, that have multiple private IP addresses for each network interface.
  • Redirect internal traffic to a standby instance in case your instance fails, by reassigning the secondary private IP address to the standby instance.

Best Practices for Configuring Network Interfaces (copied from AWS)

  • You can attach a network interface to an instance when it’s running (hot attach), when it’s stopped (warm attach), or when the instance is being launched (cold attach).
  • You can detach secondary (ethN) network interfaces when the instance is running or stopped. However, you can’t detach the primary (eth0) interface.
  • You can attach a network interface in one subnet to an instance in another subnet in the same VPC; however, both the network interface and the instance must reside in the same Availability Zone.
  • When launching an instance from the CLI or API, you can specify the network interfaces to attach to the instance for both the primary (eth0) and additional network interfaces.
  • Launching an Amazon Linux or Windows Server instance with multiple network interfaces automatically configures interfaces, private IPv4 addresses, and route tables on the operating system of the instance.
  • A warm or hot attach of an additional network interface may require you to manually bring up the second interface, configure the private IPv4 address, and modify the route table accordingly. Instances running Amazon Linux or Windows Server automatically recognize the warm or hot attach and configure themselves.
  • Attaching another network interface to an instance (for example, a NIC teaming configuration) cannot be used as a method to increase or double the network bandwidth to or from the dual-homed instance.
  • If you attach two or more network interfaces from the same subnet to an instance, you may encounter networking issues such as asymmetric routing. If possible, use a secondary private IPv4 address on the primary network interface instead. For more information, see Assigning a Secondary Private IPv4 Address. If you need to use multiple network interfaces, you must configure the network interfaces to use static routing. For more information, see Configure a Secondary Elastic Network Interface.
Advertisements

Docker Monitoring

It is been a while since I got my first docker application (Zenoss) running. Since I am a big fan of monitoring, this blog will talk about bit more about docker monitoring. All the stuff here are from docker documentation, other’s blogs or online training videos. So I would not claim any copyright of this blog. ( It is open source anyway :))

When comes to monitoring, the business requirements and deployment scenarios are the key things to understand. According to my understanding, I will split into 3 use cases.

  1. Public cloud deployment
  2. Private Cloud deployment ( in house )
  3. Hybrid cloud deployment

Before diving into these 3 scenarios, let’s look at some basics about docker statistics and best practise, my best practise.

Docker Statistics

 

My Best Practises

Label your container

Allocate resource to docker containers

 

Public Cloud deployment

 

 

 

Simple AWS CLIs

Before starting to use AWS CLIs, you have to install aws cli packages and configure the credentials. Details, install package can be found here and credential configuration can be found here.

  1. Provision ec2 instance

    aws ec2 run-instances  –subnet-id=”subnet-be426cc8″ –image-id=”ami-9a3322f9″ –instance-type “t2.micro”

  2. Terminate ec2 instance

    aws ec2 terminate-instances –instance-id=”i-04d1633a4097dccc0″

Test the network using iperf

  1. Install iperf and iperf3
  2. on server side, issue below command to listen on specific port, for example, port 80

    iperf3 -c 54.252.131.163 -p 80 -i 1 t 10

  3. on client side, issue below command to start testing

    iperf3 -c 54.252.131.163 -p 80 -i 1 t 10 ( i = interval, t=how long, all in seconds )

    You might need to run for long time then visualize the data to analyse the network bottleneck

Simple but quite powerful command

Standard error (stderr)

[root@ip-192-168-1-57 ec2-user]# fdafda > error.txt

bash: fdafda: command not found

[root@ip-192-168-1-57 ec2-user]# cat error.txt

[root@ip-192-168-1-57 ec2-user]#

[root@ip-192-168-1-57 ec2-user]# fdafda 2> error.txt

[root@ip-192-168-1-57 ec2-user]# cat error.txt

bash: fdafda: command not found

Redirect Stderr to Stdout

[root@ip-192-168-1-57 log]# ls -ly > lstest.txt 2>&1   (2> means stderr, &1 means stdout )

[root@ip-192-168-1-57 log]#

[root@ip-192-168-1-57 log]#

[root@ip-192-168-1-57 log]# more lstest.txt

ls: invalid option — ‘y’

Try ‘ls –help’ for more information.

 

 

 

Windows Best Practise

Security

  1. Manage local administrator

Local Administrator Password Solution (LAPS),The “Local Administrator Password Solution” (LAPS) provides management of local account passwords of domain joined computers. Passwords are stored in Active Directory (AD) and protected by ACL, so only eligible users can read it or request its reset. More details can be found here

The old solution which is to create a common localadmin in GPO then disable the built-in administrator account has been deprecated due to potential security risk.