Network Configuration for Compute Instances
After you launch your compute instances on a Snow Family device, you must provide it with an IP address by creating a network interface. Snow Family devices support two kinds of network interfaces, a virtual network interface and a direct network interface.
Virtual network interface (VNI)
A virtual network interface is the standard network interface for connecting to an EC2-compatible instance on your Snow Family device. You must create a VNI for each of your EC2-compatible instances regardless of whether you also use a direct network interface or not. The traffic passing through a VNI is protected by the security groups that you set up. You can only associate VNIs with the physical network port you use to control your Snow Family device.
Note
VNI will use the same physical interface (RJ45, SFP+, or QSFP) that is used to managed the Snow Family device. Creating a VNI on a different physical interface than the one being used for device management could lead to unexpected results.
Direct network interface (DNI)
A direct network interface (DNI) is an advanced network feature that enables use cases like multicast streams, transitive routing, and load balancing. By providing instances with layer 2 network access without any intermediary translation or filtering, you can gain increased flexibility over the network configuration of your Snow Family device and improved network performance. DNIs support VLAN tags and customizing the MAC address. Traffic on DNIs is not protected by security groups.
On Snowball Edge devices, DNIs can be associated with the RJ45, SFP, or QSFP ports. Each physical port supports a maximum of 63 DNIs. DNIs do not have to be associated to the same physical network port that you use to manage the Snow Family device.
Note
Snowball Edge storage optimized (with EC2 compute functionality) devices don't support DNIs.
Topics
Prerequisites
Before you configure a VNI or a DNI, be sure that you've done the following prerequisites.
-
Make sure there's power to your device and that one of your physical network interfaces, like the RJ45 port, is connected with an IP address.
-
Get the IP address associated with the physical network interface that you're using on the Snow Family device.
-
Configure your Snowball Edge client. For more information, see Configuring a Profile for the Snowball Edge Client.
-
Unlock the device. We recommend using Amazon OpsHub for Snow Family to unlock your device. For instructions, see Unlocking a Device.
If you want to use the CLI command, run the following command, and provide the information that appears in the dialog box.
snowballEdge configureSnowball Edge Manifest Path: manifest.binUnlock Code:unlock codeDefault Endpoint: https://device ip -
Run the following command.
snowballEdge unlock-deviceThe device display update indicates that it is unlocked.
-
Launch an EC2-compatible instance on the device. You will associate the VNI with this instance.
-
Run the
snowballEdge describe-devicecommand to get the list of physical network interface IDs. -
Identify the ID for the physical network interface that you want to use, and make a note of it.
Setting Up a Virtual Network Interface (VNI)
After you have identified the ID for your physical network interface, you can set up a virtual network interface (VNI). Use the following procedure set up a VNI. Make sure that you perform the prerequisite tasks before you create a VNI.
Create a VNI and associate IP address
-
Run the
snowballEdge create-virtual-network-interfacecommand. The following examples show running this command with the two different IP address assignment methods, eitherDHCPorSTATIC. TheDHCPmethod uses Dynamic Host Configuration Protocol (DHCP).snowballEdge create-virtual-network-interface \ --physical-network-interface-id s.ni-abcd1234\ --ip-address-assignment DHCP //OR// snowballEdge create-virtual-network-interface \ --physical-network-interface-id s.ni-abcd1234\ --ip-address-assignment STATIC \ --static-ip-address-configuration IpAddress=192.0.2.0,Netmask=255.255.255.0The command returns a JSON structure that includes the IP address. Make a note of that IP address for the
ec2 associate-addressAmazon CLI command later in the process.Anytime you need this IP address, you can use the
snowballEdge describe-virtual-network-interfacesSnowball Edge client command, or theaws ec2 describe-addressesAmazon CLI command to get it. -
To associate your newly created IP address with your instance, use the following command, replacing the red text with your values:
aws ec2 associate-address --public-ip192.0.2.0--instance-ids.i-01234567890123456--endpoint http://Snow Family device physical IP address:8008
Setting Up a Direct Network Interface (DNI)
Note
The direct network interface feature is available on or after January 12, 2021 and is available in all Amazon Web Services Regions where Snow Family devices are available.
Prerequisites
Before you set up a direct network interface (DNI), you must perform the tasks in the prerequisites section.
-
Perform the prerequisite tasks before setting up the DNI. For instructions, see Prerequisites.
-
Additionally, you must launch an instance on your device, create a VNI, and associate it with the instance. For instructions, see Setting Up a Virtual Network Interface (VNI).
Note
If you added direct networking to your existing device by performing an in-the-field software update, you must restart the device twice to fully enable the feature.
Create a DNI and associate IP address
-
Create a direct network interface and attach it to the Amazon EC2-compatible instance by running the following command. You will need the MAC address of the device for the next step.
create-direct-network-interface [--endpointendpoint] [--instance-idinstanceId] [--macmacAddress] [--physical-network-interface-idphysicalNetworkInterfaceId] [--unlock-codeunlockCode] [--vlanvlanId]OPTIONS
--endpoint <endpoint>The endpoint to send this request to. The endpoint for your devices will be a URL using thehttpsscheme followed by an IP address. For example, if the IP address for your device is 123.0.1.2, the endpoint for your device would be https://123.0.1.2.--instance-id <instanceId>The EC2-compatible instance ID to attach the interface to (optional).--mac <macAddress>Sets the MAC address of the network interface (optional).--physical-network-interface-id <physicalNetworkInterfaceId>The ID for the physical network interface on which to create a new virtual network interface. You can determine the physical network interfaces available on your Snowball Edge using thedescribe-devicecommand.--vlan <vlanId>Set the assigned VLAN for the interface (optional). When specified, all traffic sent from the interface is tagged with the specified VLAN ID. Incoming traffic is filtered for the specified VLAN ID, and has all VLAN tags stripped before being passed to the instance. -
If you didn't associate your DNI with an instance in step 1, you can associate it by running the Updating a Direct Network Interface command.
-
After you create a DNI and associate it with your EC2-compatible instance, you must make two configuration changes inside your Amazon EC2-compatible instance.
-
The first is to change ensure that packets meant for the VNI associated with the EC2-compatible instance are sent through eth0.
-
The second change configures your direct network interface to use either DCHP or static IP when booting.
The following are examples of shell scripts for Amazon Linux 2 and CentOS Linux that make these configuration changes.
-