The client uses clearlinux project from Intel as operating system. The OS itself is highly optimized, so the default tools configured are mostly basic stuff. They already have production system running and would like to implement this requirement to production. So the message is pretty clear: “resolution must be stable, and no reboot required”.

It is assigned as per below description from the client.

They have python apps running and need to be able to choose which interface to use.

Solution’s Summary

Basically, here’s summary of my resolutions:

  • Create new subnet
  • Allocate new Elastic IP address
  • Associate new Elastic IP to new subnet
  • Create New interface
  • Add new subnet to new interface
  • Attach the new interface to running instance
  • Reconfigure default route entries
  • Create a custom routing table
  • Add new rule to custom routing table
  • Add new route through custom routing table for the new interface

Here are the full step including snapshot.

Create New Subnet

Add new subnet according to available CIDRs from VPC. Use subnet calculator in case you need tools to calculate the new subnet. In this sample, I use class C CIDR block with 253 available IP for the subnet (note: the first IP would be allocated by AWS as router’s IP. in this case: 172.31.101.1/24).

Available IP to use in this subnet would be 172.31.101.2–254. Later on during interface creation, I will assign 172.31.101.12/24 as eth1 IP address of the instance. The assignment would be configured by AWS automatically to the router as DHCP entries for the interface.

Add descriptive name to the new domain since it will make it easier for us to use later.

Allocate New Elastic IP

The process is very straight forward. No further explanation required. Just point-and-click mechanism.

Add descriptive name to allocated elastic IP.

This elastic ip will be added to vm02-eth1.

Create New interface

Add descriptive name, set the subnet to cf-rasyid-subnet101, and add custom IPv4 address. As written above, this configuration will notify subnet (router as DHCP server) to assign the IP automatically to the interface once it is associated to subnet and attached to instance.

Important: Do Not Enable “Elastic Fabric Adapter”, otherwise the instance need to be shutdown first to add the new interface.

Set security group. For this project, I renamed one of pre-configured security group to be used by all interface i.e only allow SSH connection and reject all other.

Again, set descriptive name to the interface. That name used means “the interface will be attached to vm02 and integrated to subnet101”.

Add new subnet to new interface

Make sure to enable “Allow reassociation” to ensure the allocated Elastic IP always associated to this interface.

Attach the new interface to running instance

Initially, the instance doesn’t have Elastic IP.

This is default ipv4 route configuration as assigned by default AWS interface.

As soon as we attach the new interface, it will be automatically added as eth1 within few second and configured the interface IP address as 172.31.101.12/24

Reconfigure default route entries

The problem with above mechanism is the new IP will be added through DHCP methods. That means, the default Gateway (router) for the interface will be set automatically so the machine will have two default Gateway configured.

As per requirement above, route to internet i.e ifconfig.me server can go through two different interface but it is mandatory to let default gateway configuration to default interface. So application can choose which interface to use, but by default, default route is preferred (including for task such as software update).

This is the output of interface and its route after new interface added to clearlinux.

Let’s remove the default gw configuration via eth1.

Create a custom routing table

Add custom routing table entries to /usr/share/defaults/iproute2/rt_tables. I configure the ID as “100”, and the name as “cf”.

Add new rule to custom routing table

Add new rule to let kernel knows when source IP coming from 172.31.101.12/24, which routing table it should lookup to.

In this case, it is configured to lookup to table “cf”.

Add new route through custom routing table for the new interface

Add the default route configuration for new interface into custom routing table.

This is the expected route configuration. Default route should go to preserved “main” table, and custom route should go to “cf” table.

Test the new route configuration

Use curl as application to choose each interface to use.

Voilla 😊

The result proved that ifconfig.me server received IP from default IPv4 provided by AWS (eth0) and from elastic IP (eth1).