Alternat vs NATGW

harlanK · June 6, 2023, 1:14pm

Hey:wave: Anyone is running https://github.com/1debit/alternat instead of NATGW? It has a certain flaw, which is instance restart and connection termination once every 14 days… Thinking about improving it with keepalived and conntrackd, where each instance ( active and passive ) would have two NICs, and secondary NIC would be bound to EIP. Then with keepalived it would be possible to deallocate and allocate this secondary as a fail mechanism.
For example like this https://docs.nginx.com/nginx/deployment-guides/amazon-web-services/high-availability-keepalived/

Is this even doable in AWS?

rBell · June 6, 2023, 2:32pm

As far as I know, any IP addressing changes need to happen at the AWS layer, via their API calls. This is due to how bits arrive at any specific VM through their network layer and Nitro hypervisor. Both of those layers have various systems that need to know about any addressing changes otherwise your bits will never arrive where you need them to go.

harlanK · June 6, 2023, 3:16pm

See https://www.peternijssen.nl/high-availability-haproxy-keepalived-aws/

> #!/bin/bash
>
> EIP=52.212.151.17
> INSTANCE_ID=i-0bdd8a68eb573fd1a
>
> /usr/bin/aws ec2 disassociate-address --public-ip $EIP
> /usr/bin/aws ec2 associate-address --public-ip $EIP --instance-id $INSTANCE_ID
Its a valid way how to change IP of VM

rBell · June 6, 2023, 4:35pm

Ahh yes, that ought to work. One thing I’d recommend: be very granular in the permissions given to your hosts’ instance profiles. You only want them to be able to modify this one EIP etc.