VyOS routing within a VPC can it be done?

aws

#1

I have successfully deployed VyOS in the AWs VPC. I also spun up two Ubuntu 16 boxes to try and do some routing using VyOS between. I am not sure if I am approaching the right as I am new to AWS.

Please see the attached topology

I am trying to ping from server1 (172.16.1.100) to server2 (172.16.2.200). Using VyOS to route within the VPC.

From server1 I can ping the vyos (172.16.1.10)
From server2 I can ping the vyos (172.16.2.10)

But I am unable to ping from server1 to server2 and vice versa

I added static routes to server1 and server2

ubuntu@Server1:~$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 172.16.0.1 0.0.0.0 UG 0 0 0 eth0
172.16.0.0 * 255.255.255.0 U 0 0 0 eth0
172.16.1.0 * 255.255.255.0 U 0 0 0 eth1
172.16.2.0 172.16.1.10 255.255.255.0 UG 0 0 0 eth1

ubuntu@Server2:~$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 172.16.0.1 0.0.0.0 UG 0 0 0 eth0
172.16.0.0 * 255.255.255.0 U 0 0 0 eth0
172.16.1.0 172.16.2.10 255.255.255.0 UG 0 0 0 eth1
172.16.2.0 * 255.255.255.0 U 0 0 0 eth1

I think I am missing something small. Or AWS just does not allow you to do this. Is there a way I can do this?

vyos@VyOS-NetropyVE# show
 interfaces {
     ethernet eth0 {
         address dhcp
         duplex auto
         hw-id 02:bc:c3:0e:11:ae
         smp_affinity auto
         speed auto
     }
     ethernet eth1 {
         address 172.16.1.10/24
         duplex auto
         hw-id 02:c3:1e:2c:44:0c
         smp_affinity auto
         speed auto
     }
     ethernet eth2 {
         address 172.16.2.10/24
         duplex auto
         hw-id 02:0c:b2:3c:a0:8c
         smp_affinity auto
         speed auto
     }
     loopback lo {
     }
 }
 protocols {
     static {
     }
 }
 service {
     ssh {
         disable-host-validation
         disable-password-authentication
         port 22
     }
 }
 system {
     config-management {
         commit-revisions 20
     }
     host-name VyOS-NetropyVE
     login {
         user appo {
             authentication {
                 encrypted-password $6$eoeO4hK.vtT2Ms5$T.J.lo10zffxf5ul6P9flRG/V4LM2gHJglrXW/gYq3F5S3OqoSPZ7W4pori33VSNDkRCZcSGqZvY5.uUxQIct0
                 plaintext-password ""
             }
             level admin
         }
         user vyos {
             authentication {
                 encrypted-password $1$zIkvKfN.$7zFxxhWDgF1QYP6K1t44G1
                 plaintext-password ""
                 public-keys Server1_Key {
                     key XXXXXXXX
                     type ssh-rsa
                 }
             }
             level admin
         }
     }
     ntp {
         server 0.pool.ntp.org {
         }
         server 1.pool.ntp.org {
         }
         server 2.pool.ntp.org {
         }
     }
     package {
         auto-sync 1
         repository community {
             components main
             distribution helium
             password ""
             url http://packages.vyos.net/vyos
             username ""
         }
     }
     syslog {
         global {
             facility all {
                 level notice
             }
             facility protocols {
                 level debug
             }
         }
     }
     time-zone America/Los_Angeles
 }
[edit]

#3

Hi All,

I was able to figure it out with some help over on the reddit AWS forum. The answer is yes you can do routing like this. I had done everything correctly but missed one hidden away thing “Change source/destination check” to disable.

Took me a little while to find it but I did it by going

Instances -> My VyOS instance -> then I clicked on eth1 -> Interface ID: (starts with eni) click

I then highlighted the Network interface then from the drop down “Actions” menu -> “Change source/dest check” -> disable

I hope this helps anyone else who may have run into the issue.


#4

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.