Network configurations for compute instances on Snow Family devices
After you launch your compute instances on a Snow Family device, you must provide it with an IP address by creating a network interface. Snow Family devices support two kinds of network interfaces, a virtual network interface and a direct network interface.
Virtual network interface (VNI)
A virtual network interface is the standard network interface for connecting to an EC2-compatible instance on your Snow Family device. You must create a VNI for each of your EC2-compatible instances regardless of whether you also use a direct network interface or not. The traffic passing through a VNI is protected by the security groups that you set up. You can only associate VNIs with the physical network port you use to control your Snow Family device.
Note
VNI will use the same physical interface (RJ45, SFP+, or QSFP) that is used to managed the Snow Family device. Creating a VNI on a different physical interface than the one being used for device management could lead to unexpected results.
Direct network interface (DNI)
A direct network interface (DNI) is an advanced network feature that enables use cases like multicast streams, transitive routing, and load balancing. By providing instances with layer 2 network access without any intermediary translation or filtering, you can gain increased flexibility over the network configuration of your Snow Family device and improved network performance. DNIs support VLAN tags and customizing the MAC address. Traffic on DNIs is not protected by security groups.
Snowcone devices support eight DNIs per EC2-compatible instance, with a maximum of 8 per device.
Topics
Prerequisites for DNIs or VNIs on Snow Family devices
Before you configure a VNI or a DNI, be sure that you've done the following prerequisites.
-
Make sure there's power to your device and that one of your physical network interfaces, like the RJ45 port, is connected with an IP address.
-
Get the IP address associated with the physical network interface that you're using on the Snow Family device.
-
Configure your Snowball Edge client. For more information, see Configuring a Profile for the Snowcone Client.
-
Unlock the device. We recommend using AWS OpsHub for Snow Family to unlock your device. For instructions, see Unlocking a Device.
If you want to use the CLI command, run the following command, and provide the information that appears in the dialog box.
snowballEdge configure
Snowball Edge Manifest Path: manifest.bin
Unlock Code:
unlock code
Default Endpoint: https://
device ip
-
Run the following command.
snowballEdge unlock-device
The device display update indicates that it is unlocked.
-
Launch an EC2-compatible instance on the device. You will associate the VNI with this instance.
-
Run the
snowballEdge describe-device
command to get the list of physical network interface IDs. -
Identify the ID for the physical network interface that you want to use, and make a note of it.
Setting Up a Virtual Network Interface (VNI) on a Snow Family device
After you have identified the ID for your physical network interface, you can set up a virtual network interface (VNI). Use the following procedure set up a VNI. Make sure that you perform the prerequisite tasks before you create a VNI.
Create a VNI and associate IP address
-
Run the
snowballEdge create-virtual-network-interface
command. The following examples show running this command with the two different IP address assignment methods, eitherDHCP
orSTATIC
. TheDHCP
method uses Dynamic Host Configuration Protocol (DHCP).snowballEdge create-virtual-network-interface \ --physical-network-interface-id s.ni-
abcd1234
\ --ip-address-assignment DHCP //OR// snowballEdge create-virtual-network-interface \ --physical-network-interface-id s.ni-abcd1234
\ --ip-address-assignment STATIC \ --static-ip-address-configuration IpAddress=192.0.2.0
,Netmask=255.255.255.0
The command returns a JSON structure that includes the IP address. Make a note of that IP address for the
ec2 associate-address
AWS CLI command later in the process.Anytime you need this IP address, you can use the
snowballEdge describe-virtual-network-interfaces
Snowball Edge client command, or theaws ec2 describe-addresses
AWS CLI command to get it. -
To associate your newly created IP address with your instance, use the following command, replacing the red text with your values:
aws ec2 associate-address --public-ip
192.0.2.0
--instance-ids.i-01234567890123456
--endpoint http://Snow Family device physical IP address
:8008
Setting Up a Direct Network Interface (DNI) on a Snow Family device
Note
The direct network interface feature is available on or after January 12, 2021 and is available in all AWS Regions where Snow Family devices are available.
Prerequisites for a DNI on a Snow Family device
Before you set up a direct network interface (DNI), you must perform the tasks in the prerequisites section.
-
Perform the prerequisite tasks before setting up the DNI. For instructions, see Prerequisites for DNIs or VNIs on Snow Family devices.
-
Additionally, you must launch an instance on your device, create a VNI, and associate it with the instance. For instructions, see Setting Up a Virtual Network Interface (VNI) on a Snow Family device.
Note
If you added direct networking to your existing device by performing an in-the-field software update, you must restart the device twice to fully enable the feature.
Create a DNI and associate IP address
-
Create a direct network interface and attach it to the Amazon EC2-compatible instance by running the following command. You will need the MAC address of the device for the next step.
create-direct-network-interface [--endpoint
endpoint
] [--instance-idinstanceId
] [--macmacAddress
] [--physical-network-interface-idphysicalNetworkInterfaceId
] [--unlock-codeunlockCode
] [--vlanvlanId
]OPTIONS
--endpoint <endpoint>
The endpoint to send this request to. The endpoint for your devices will be a URL using thehttps
scheme followed by an IP address. For example, if the IP address for your device is 123.0.1.2, the endpoint for your device would be https://123.0.1.2.--instance-id <instanceId>
The EC2-compatible instance ID to attach the interface to (optional).--mac <macAddress>
Sets the MAC address of the network interface (optional).--physical-network-interface-id <physicalNetworkInterfaceId>
The ID for the physical network interface on which to create a new virtual network interface. You can determine the physical network interfaces available on your Snowball Edge using thedescribe-device
command.--vlan <vlanId>
Set the assigned VLAN for the interface (optional). When specified, all traffic sent from the interface is tagged with the specified VLAN ID. Incoming traffic is filtered for the specified VLAN ID, and has all VLAN tags stripped before being passed to the instance. -
After you create a DNI and associate it with your EC2-compatible instance, you must make two configuration changes inside your Amazon EC2-compatible instance.
-
The first is to change ensure that packets meant for the VNI associated with the EC2-compatible instance are sent through eth0.
-
The second change configures your direct network interface to use either DCHP or static IP when booting.
The following are examples of shell scripts for Amazon Linux 2 and CentOS Linux that make these configuration changes.
-