Amazon Web Services and Cloud admin on 10 Feb 2009 09:31 am
Using Amazon EC2 public IP address inside EC2 network
Each AMI instance on EC2 is assigned two IP addresses and corresponding DNS names. A public IP address that is accessable over the internet and an internal IP address only accessable inside internal EC2 regional network. You don’t have any control over the internal IP address and it is assigned randomly when you start the instance. For a public IP address you can assign an Elastic IP address to a running instance, elastic IP address is reserved and associated with your account and you pay for it when not in use. If you communicate between instances using public or elastic IP address even in the same region you pay regional data transfer rates(0.01$ per GB in/out).
There might be some scenarios where you might be tempted to use elastic IP address to communicate inside the same region e.g when your distributed system needs fixed ip addresses but you should carefully weigh the cons/pros. Not only are you paying for the traffic that would be free if you use internal IP address but also the performance will be lower. I ran some simple tests to find out more about this.
For the test I started two large instances in the same region using the same security group. And the results were quite interesting:
1) public or private dns name resolve to internal IP address inside EC2
2) There is a big hit in network latency between using internal and public IP address
3) Using traceroute shows that with public IP address network traffic goes through a lot more routers/hops
Here at Jana, we hope that Amazon will soon provide:
1) Internal static IP address so we don’t go through configuration hell and enjoy fast network communication
2) Machines without public IP/DNS address e.g for machines that will be used behind firewalls and will never be accessed outside EC2 network directly e.g Database or Application Servers
Test Details
- Machine A used to run ping and traceroute internal IP address: 10.250.79.223
- Machine B Machine associated to an elastic IP address:
- Internal dns name: ip-10-250-78-208.ec2.internal
- Public dns name: ec2-174-129-227-190.compute-1.amazonaws.com
- Internal ip: 10.250.78.208
- Elastic ip: 174.129.227.190
DNS Ping Tests
ip-10-250-79-223:~# ping ip-10-250-78-208.ec2.internal
PING ip-10-250-78-208.ec2.internal (10.250.78.208) 56(84) bytes of data.
64 bytes from ip-10-250-78-208.ec2.internal (10.250.78.208): icmp_seq=1 ttl=62 time=0.346 ms
64 bytes from ip-10-250-78-208.ec2.internal (10.250.78.208): icmp_seq=2 ttl=62 time=0.226 ms
64 bytes from ip-10-250-78-208.ec2.internal (10.250.78.208): icmp_seq=3 ttl=62 time=0.384 ms
64 bytes from ip-10-250-78-208.ec2.internal (10.250.78.208): icmp_seq=4 ttl=62 time=0.257 ms
64 bytes from ip-10-250-78-208.ec2.internal (10.250.78.208): icmp_seq=5 ttl=62 time=0.252 ms
— ip-10-250-78-208.ec2.internal ping statistics —
5 packets transmitted, 5 received, 0% packet loss, time 3999ms
rtt min/avg/max/mdev = 0.226/0.293/0.384/0.060 ms
ip-10-250-79-223:~# ping ec2-174-129-227-190.compute-1.amazonaws.com
PING ec2-174-129-227-190.compute-1.amazonaws.com (10.250.78.208) 56(84) bytes of data.
64 bytes from ip-10-250-78-208.ec2.internal (10.250.78.208): icmp_seq=1 ttl=62 time=6.52 ms
64 bytes from ip-10-250-78-208.ec2.internal (10.250.78.208): icmp_seq=2 ttl=62 time=0.262 ms
64 bytes from ip-10-250-78-208.ec2.internal (10.250.78.208): icmp_seq=3 ttl=62 time=0.329 ms
64 bytes from ip-10-250-78-208.ec2.internal (10.250.78.208): icmp_seq=4 ttl=62 time=0.359 ms
64 bytes from ip-10-250-78-208.ec2.internal (10.250.78.208): icmp_seq=5 ttl=62 time=0.327 ms
64 bytes from ip-10-250-78-208.ec2.internal (10.250.78.208): icmp_seq=6 ttl=62 time=0.367 ms
64 bytes from ip-10-250-78-208.ec2.internal (10.250.78.208): icmp_seq=7 ttl=62 time=1.63 ms
— ec2-174-129-227-190.compute-1.amazonaws.com ping statistics —
7 packets transmitted, 7 received, 0% packet loss, time 5999ms
rtt min/avg/max/mdev = 0.262/1.400/6.520/2.138 ms
The above two commands show the public and private dns resolve to internal ip address when pinging from another EC2 machine
Public/Private network Ping tests
ip-10-250-79-223:~# ping 10.250.78.208
PING 10.250.78.208 (10.250.78.208) 56(84) bytes of data.
64 bytes from 10.250.78.208: icmp_seq=1 ttl=62 time=7.93 ms
64 bytes from 10.250.78.208: icmp_seq=2 ttl=62 time=0.250 ms
64 bytes from 10.250.78.208: icmp_seq=3 ttl=62 time=0.244 ms
64 bytes from 10.250.78.208: icmp_seq=4 ttl=62 time=0.360 ms
64 bytes from 10.250.78.208: icmp_seq=5 ttl=62 time=0.311 ms
— 10.250.78.208 ping statistics —
5 packets transmitted, 5 received, 0% packet loss, time 4000ms
rtt min/avg/max/mdev = 0.244/1.820/7.938/3.059 ms
ip-10-250-79-223:~# ping 174.129.227.190
PING 174.129.227.190 (174.129.227.190) 56(84) bytes of data.
64 bytes from 174.129.227.190: icmp_seq=1 ttl=52 time=1.62 ms
64 bytes from 174.129.227.190: icmp_seq=2 ttl=52 time=1.50 ms
64 bytes from 174.129.227.190: icmp_seq=3 ttl=52 time=1.46 ms
64 bytes from 174.129.227.190: icmp_seq=4 ttl=52 time=1.52 ms
64 bytes from 174.129.227.190: icmp_seq=5 ttl=52 time=1.49 ms
64 bytes from 174.129.227.190: icmp_seq=6 ttl=52 time=1.37 ms
64 bytes from 174.129.227.190: icmp_seq=7 ttl=52 time=1.38 ms
— 174.129.227.190 ping statistics —
7 packets transmitted, 7 received, 0% packet loss, time 5997ms
rtt min/avg/max/mdev = 1.375/1.482/1.621/0.092 ms
The above two ping commands show the difference in ping performance to the same machine using public and private ip address.
TraceRoute Tests
ip-10-250-79-223:~# traceroute 10.250.78.208
traceroute to 10.250.78.208 (10.250.78.208), 30 hops max, 52 byte packets
1 ip-10-250-76-177 (10.250.76.177) 0.155 ms 0.070 ms 0.046 ms
2 ip-10-250-76-160 (10.250.76.160) 11.776 ms 0.092 ms 0.087 ms
3 ip-10-250-78-208 (10.250.78.208) 0.267 ms 0.160 ms 0.127 ms
ip-10-250-79-223:~# traceroute -m 100 174.129.227.190
traceroute to 174.129.227.190 (174.129.227.190), 100 hops max, 52 byte packets
1 ip-10-250-76-177 (10.250.76.177) 0.121 ms 0.208 ms 0.047 ms
2 ip-10-250-76-3 (10.250.76.3) 0.295 ms 0.208 ms 0.209 ms
3 ec2-75-101-160-114.compute-1.amazonaws.com (75.101.160.114) 0.243 ms 0.226 ms 0.221 ms
4 othr-216-182-224-19.usma1.compute.amazonaws.com (216.182.224.19) 0.677 ms 20.055 ms 0.631 ms
5 72.21.197.200 (72.21.197.200) 0.797 ms 0.673 ms 0.593 ms
6 othr-216-182-232-72.usma2.compute.amazonaws.com (216.182.232.72) 0.897 ms 0.860 ms 0.808 ms
7 72.21.197.201 (72.21.197.201) 0.679 ms 0.865 ms 0.850 ms
8 othr-216-182-232-102.usma2.compute.amazonaws.com (216.182.232.102) 1.084 ms 1.129 ms 0.988 ms
9 othr-216-182-224-18.usma1.compute.amazonaws.com (216.182.224.18) 1.353 ms 1.308 ms 1.472 ms
10 ec2-75-101-160-115.compute-1.amazonaws.com (75.101.160.115) 1.823 ms 1.455 ms 1.608 ms
11 198.19.63.211 (198.19.63.211) 1.299 ms 1.305 ms 1.241 ms
12 ec2-174-129-227-190.compute-1.amazonaws.com (174.129.227.190) 1.363 ms 1.519 ms 1.254 ms
ip-10-250-79-223:~#
Traceroute shows the traffic has to go through multiple hops when using public ip address, this also requires opening more ports.
on 13 Feb 2009 at 7:49 am # Cloud Droplets #59 - Cloudveland | IT Management and Cloud Blog
[...] EC2 and IP addresses [...]
on 13 Feb 2009 at 11:50 am # Dmitriy
Thanks for doing this research and thanks for publishing the results. I apparently had some misconceptions about how certain traffic was billed due to lack of RTFM, and your post helped me straighten it out.
Re 2 wishes from Jana that you expressed in the post, please note that my employer (CohesiveFT) offers a solution called VPN-Cubed that can give you static internal IPs and can allow you to essentially block absolutely all ports in a security group. In other words, it allows your EC2 instances to run with absolutely no ingress connectivity (egress is always allowed). You can read more about VPN-Cubed at http://cohesiveft.com/vpncubed/.
Cheers,
Dmitriy
on 12 Jun 2009 at 4:15 pm # eli
Take a look at this: http://alestic.com/2009/06/ec2-elastic-ip-internal
on 29 Oct 2009 at 3:29 pm # Dan Moore! » Tips: Deploying a web application to the cloud
[...] files around, or a database connection), prefer the internal DNS. It looks like there are some performance benefits, but there are definitely pricing benefits. “Always use the internal address when you are [...]
on 25 Feb 2012 at 4:54 pm # Alexey
Look at http://www.exapark.com/product.html. This utility updates local hosts file with current instance names and their internal IP’s.
on 23 May 2012 at 10:57 am # AWS EC2 Elastic IPs bandwidth usage and charges | PHP Developer Resource
[...] From http://www.cloudiquity.com/2009/02/using-amazon-ec2-public-ip-address-inside-ec2-network/ [...]