Global Site
Displaying present location in the site.
July 28th, 2022
Machine translation is used partially for this article. See the Japanese version for the original article.
Introduction
Using AWS Transit Gateway (hereinafter called “Transit Gateway”), we tried connecting to an HA cluster based on VIP control, which was built on Amazon Web Services (hereinafter called “AWS”).
In the previous blog, we introduced the procedure for accessing to AWS Virtual IP Resource (hereinafter called "VIP") of an HA cluster in the VPC on AWS from on-premises (pseudo-environment).
Similarly, it is also possible to connect between client machines and an HA cluster located in different VPCs on AWS with VIP.
This time, assuming the following cases, we will introduce the procedure for connecting to the VIP of an HA cluster from client machines located in a VPC different from an HA cluster.
- - Placing client machines and an HA cluster in different VPCs on AWS and exchanging data.
- - Accessing an HA cluster directly using VIP from client machines.
Contents
1. HA Cluster Configuration
We will build an "HA Cluster Based on VIP Control" in the VPC environment in the N. Virginia region.
Also, build client machines accessing an HA cluster in a separate VPC and use Transit Gateway to connect the VPCs to each other.
Note: There is an Amazon VPC Peering Connection (hereinafter called "VPC Peering Connection") as a method of connecting between VPCs, but in an environment connected by VPC Peering, you can not connect to VIP.
By connecting between VPCs using Transit Gateway, you can connect to VIP.
- Building an HA Cluster Using AWS Transit Gateway: Accessing AWS Virtual IP Resources from Outside the VPC
- We Tried to Build an HA Cluster Using Inter-Region VPC Peering Connection (Windows)
The configuration is as follows.
2. HA Cluster Building Procedure
2.1 Building HA Cluster Based on VIP Control
2.1.1 Preparation for HA Cluster Building
Create VPCs in advance. The configuration of the VPCs is as follows.
HA cluster side:- VPC-10(VPC ID : vpc-1234abcd)
- ■ CIDR : 10.0.0.0/16
- ■ Subnets
- Subnet-A1 (Subnet ID : sub-1111aaaa) : 10.0.10.0/24
- Subnet-A2 (Subnet ID : sub-2222aaaa) : 10.0.110.0/24
- Subnet-B1 (Subnet ID : sub-1111bbbb) : 10.0.20.0/24
- Subnet-B2 (Subnet ID : sub-2222bbbb) : 10.0.120.0/24
- VPC-11(VPC ID : vpc-5678cdef)
- ■ CIDR : 11.0.0.0/16
- ■ Subnets
- Subnet-A1 (Subnet ID : sub-1111abcd) : 11.0.10.0/24
2.1.2 Building HA Cluster Based on VIP Control
Build an "HA cluster based on VIP control".
About the EXPRESSCLUSTER configuration, refer to "4.1.2 Building HA Cluster Based on VIP Control" in the previous blog.
2.2 Creating Transit Gateway
Create a Transit Gateway and connect the VPC on the client machines side with the VPC on the HA cluster side.
The flow of the settings, refer to "4.2 Creating Transit Gateway" in the previous blog.
The Transit Gateway Attachments must be created by selecting "VPC" as Attachment Type for connecting to the client machines side VPC and the HA cluster side VPC.
After creating Transit Gateway, configure the security groups to allow connections from different VPCs.
For outbound, no need to add or remove rules from default.
- Security group
- Inboud rules
- ■ Type : All traffic
- ■ Protocol : All
- ■ Port range : All
- ■ Source : 11.0.0.0/16
- Security group
- Inboud rules
- ■ Type : All traffic
- ■ Protocol : All
- ■ Port range : All
- ■ Source : 10.0.0.0/16
Also, create routes for communication to reach Transit Gateway from each VPC.
HA cluster side:- Route table
- - Route-A2 (Route table ID : rtb-0000000a)
> 11.0.0.0/16 -> tgw-1234abcd (Transit Gateway ID) - - Route-B2 (Route table ID : rtb-0000000b)
> 11.0.0.0/16 -> tgw-1234abcd (Transit Gateway ID)
- Route table
- - Route-A1 (Route table ID : rtb-0000001a)
> 172.16.0.1/32 (VIP address) -> tgw-1234abcd (Transit Gateway ID)
3. Checking the Operation
Verify that the client machine can access the active EC2 instance using VIP (172.16.0.1).
- 1.Start the failover group on the active EC2 instance.
- 2.Verify that you can access the VIP (172.16.0.1) from a client machine and connect to the active EC2 instance.
- 3.By using Cluster WebUI, manually move the failover group from the active EC2 instance to the standby EC2 instance.
- 4.Verify that you can access the VIP (172.16.0.1) from the client machine and connect to the standby EC2 instance.
Conclusion
This time, we tried connecting to an HA cluster based on VIP control built on AWS from a client machine in the different VPC using Transit Gateway.
If you have a request to directly access VIP of an HA cluster from a client machine located in a VPC different from the HA cluster, try this configuration.
If you consider introducing the configuration described in this article, you can perform a validation with the trial module of EXPRESSCLUSTER. Please do not hesitate to contact us if you have any questions.