Network Configuration for Compute Instances - AWS Snowcone User Guide

Network Configuration for Compute Instances

After you launch your compute instances on an AWS Snowcone device, you must provide it with an IP address by creating a network interface. Snowcone supports two kinds of network interfaces, a virtual network interface and a direct network interface.

Virtual network interface (VNI)

A virtual network interface is the standard network interface for connecting to an EC2 instance on your Snow device. You must create a VNI for each of your EC2 instances regardless of whether you also use a direct network interface or not. The traffic passing through a VNI is protected by the security groups that you set up. You can only be associated VNIs with the physical network port you use to control your Snow device.

Direct network interface (DNI)

A direct network interface (DNI) is an advanced network feature that enables use cases like multicast streams, routing, and load balancing. By providing instances with layer 2 network access without any intermediary translation or filtering, you can gain increased flexibility over the network configuration of your Snow device and improved network performance. DNIs can be associated with any physical network port, allowing you to use any or all of the physical network ports on your Snow device. Multiple DNIs can be associated with an EC2 instance. DNIs support VLAN tags and customizing the MAC address. Traffic on DNIs is not protected by security groups.

Prerequisites

Before you configure a VNI or a DNI, be sure that you've done the following prerequisites.

  1. Make sure there's power to your device and that one of your physical network interfaces, like the RJ45 port, is connected with an IP address.

  2. Get the IP address associated with the physical network interface that you're using on the Snowcone device.

  3. Configure your Snowball Edge client. For more information, see Configuring a Profile for the Snowball Edge Client.

  4. Unlock the device. We recommend using AWS OpsHub for Snow Family to unlock your device. For instructions, see Unlocking a Device.

    If you want to use the CLI command, run the following command, and provide the information that appears in the dialog box.

    snowballEdge configure

    Snowball Edge Manifest Path: manifest.bin

    Unlock Code: unlock code

    Default Endpoint: https://device ip

  5. Run the following command.

    snowballEdge unlock-device

    The device display update indicates that it is unlocked.

  6. Launch an EC2 instance on the device. You will associate the VNI with this instance.

  7. Run the snowballEdge describe-device command to get the list of physical network interface IDs.

  8. Identify the ID for the physical network interface that you want to use, and make a note of it.

Setting Up a Virtual Network Interface (VNI)

After you have identified the ID for your physical network interface, you can set up a virtual network interface (VNI). Use the following procedure set up a VNI. Make sure that you perform the prerequisite tasks before you create a VNI.

Create a VNI and associate IP address

  1. Run the snowballEdge create-virtual-network-interface command. The following examples show running this command with the two different IP address assignment methods, either DHCP or STATIC. The DHCP method uses Dynamic Host Configuration Protocol (DHCP).

    snowballEdge create-virtual-network-interface \ --physical-network-interface-id s.ni-abcd1234 \ --ip-address-assignment DHCP //OR// snowballEdge create-virtual-network-interface \ --physical-network-interface-id s.ni-abcd1234 \ --ip-address-assignment STATIC \ --static-ip-address-configuration IpAddress=192.0.2.0,Netmask=255.255.255.0

    The command returns a JSON structure that includes the IP address. Make a note of that IP address for the ec2 associate-address AWS CLI command later in the process.

    Anytime you need this IP address, you can use the snowballEdge describe-virtual-network-interfaces Snowball Edge client command, or the aws ec2 describe-addresses AWS CLI command to get it.

  2. To associate your newly created IP address with your instance, use the following command, replacing the red text with your values:

    aws ec2 associate-address --public-ip 192.0.2.0 --instance-id s.i-01234567890123456 --endpoint Snowcone physical IP address:8008

Setting Up a Direct Network Interface (DNI)

Note

The direct network interface feature is available on or after January 12, 2021 and is available in all AWS Regions where AWS Snowcone is available.

Prerequisites

Before you set up a direct network interface (DNI), you must perform the tasks in the prerequisites section.

  1. Perform the prerequisite tasks before setting up the DNI. For instructions, see Prerequisites.

  2. Additionally, you must launch an instance on your device, create a VNI, and associate it with the instance. For instructions, see Setting Up a Virtual Network Interface (VNI).

Create a DNI and associate IP address

  1. Create a direct network interface and attach it to the Amazon EC2 instance by running the following command. You will need the MAC address of the device for the next step.

    create-direct-network-interface [--endpoint endpoint] [--instance-id instanceId] [--mac macAddress] [--physical-network-interface-id physicalNetworkInterfaceId] [--unlock-code unlockCode] [--vlan vlanId]

    OPTIONS

    --endpoint <endpoint> The endpoint to send this request to. The endpoint for your devices will be a URL using the https scheme followed by an IP address. For example, if the IP address for your device is 123.0.1.2, the endpoint for your device would be https://123.0.1.2.

    --instance-id <instanceId> The EC2 instance ID to attach the interface to (optional).

    --mac <macAddress> Sets the MAC address of the network interface (optional).

    --physical-network-interface-id <physicalNetworkInterfaceId> The ID for the physical network interface on which to create a new virtual network interface. You can determine the physical network interfaces available on your Snowball Edge using the describe-device command.

    --vlan <vlanId> Set the assigned VLAN for the interface (optional). When specified, all traffic sent from the interface is tagged with the specified VLAN ID. Incoming traffic is filtered for the specified VLAN ID, and has all VLAN tags stripped before being passed to the instance.

  2. If you didn't associate your DNI with an instance in step 1, you can associate it by running the Updating a Direct Network Interface command.

  3. After you create a DNI and associate it with your EC2 instance, you must make two configuration changes inside your Amazon EC2 instance.

    • The first is to change ensure that packets meant for the VNI associated with the EC2 instance are sent through eth0.

    • The second change configures your direct network interface to use either DCHP or static IP when booting.

    To set these configurations, you must first SSH into your EC2 instance and run a script to route packets that are meant for the VNI to eth0 and set your DNI to either DHCP or static IP.

    The following is an example of a shell script for CentOS that makes these configuration changes.

    # Mac address of the direct network interface. You got this when you created the direct network interface. DNI_MAC=[MAC ADDRESS FROM CREATED DNI] # The name to use for the direct network interface. You can pick any name that isn't already in use. DNI=eth1 # Configure routing so that packets meant for the VNIC always are sent through eth0 PRIVATE_IP=$(curl -s http://ip address/latest/meta-data/local-ipv4) PRIVATE_GATEWAY=$(ip route show to match 0/0 dev eth0 | awk '{print $3}') ROUTE_TABLE=10001 echo from $PRIVATE_IP table $ROUTE_TABLE > /etc/sysconfig/network-scripts/rule-eth0 echo default via $PRIVATE_GATEWAY dev eth0 table $ROUTE_TABLE > /etc/sysconfig/network-scripts/route-eth0 # Configure your direct network interface to use DHCP on boot. cat << EOF > /etc/sysconfig/network-scripts/ifcfg-$DNI DEVICE="$DNI" NAME="$DNI" HWADDR="$DNI_MAC" ONBOOT=yes NOZEROCONF=yes BOOTPROTO=dhcp TYPE=Ethernet EOF # Rename DNI device if needed. CURRENT_DEVICE_NAME=$(LANG=C ip -o link | awk -F ': ' -vIGNORECASE=1 '!/link\/ieee802\.11/ && /'"$DNI_MAC"'/ { print $2 }') ip link set $CURRENT_DEVICE_NAME name $DNI # Make all changes live. systemctl restart network

Additional commands

For all available commands for AWS Snowcone devices, see Using the Snowball Edge Client.