Subtitled: Configuring a second ethernet adapter on an Ubuntu EC2 VPC instance

If you're wanting to have multiple valid SSL certificates for many domains (say, for Drupal a multisite running on Aegir) on a single EC2 instance you'll, of course, need multiple IP addresses. While Amazon's VPC offerings seem like an easy win there are a few twists to get the server to respond to that second internal IP.

Here are my notes, hopefully they'll be of some use to you. You might not need to do all of these, but I've found things to work better this way. These steps were used on Ubuntu 12.04 in June 2012 — things can change.

Get set up:

- Have one unique internal IP address (10.0.0.70, 10.0.0.80, etc) per network adapter
- Map the Elastic IP addresses to your internal IP
- I'm running Aegir and needed to map the Apache server not to the public IP used for the domain name, but the private internal IP address

Once you do the the above, done you'll likely find the server working fine on the first IP address but not responding on the second.

Here's what to do next:

- In the Amazon VPC Route Table console ensure you have a route entry for 0.0.0.0/0 using your IGW (this will look like igw-xxxxxx)
- SSH into your server
- If not root: sudo su - root
- Initialize the secondary ethernet interface (don't do this for eth0 as that's already good to go)
ifconfig eth1 10.0.0.YOURIPHERE netmask 255.255.255.0
- Set up your interfaces vi /etc/network/interfaces
- For each adapter add (changing "1" for your adapter)
auto eth1
iface eth1 inet dhcp

- Start each adapter ifup eth1
- We should be able to ifconfig and see the ethernet adapters up
- Reboot init 6
- SSH into your server and become root
- For each ethernet adapter follow this pattern:
ip route add default via 10.0.0.1 dev eth0 tab 1
ip route add default via 10.0.0.1 dev eth1 tab 2

- Similarly:
ip rule add from 10.0.0.170/32 tab 1 priority 500
ip rule add from 10.0.0.190/32 tab 2 priority 600

Good news is it works at this point, bad news is the ip routes and rules won't survive a reboot.

Let's make it stick:

- Back into vi /etc/network/interfaces
- Your file should look like the below:
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
iface eth0 inet dhcp
auto eth1
iface eth1 inet dhcp

Now we'll modify it, adding in the ip route and ip rule commands from before, but prefixing them with "post-up", like so:

# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
iface eth0 inet dhcp
post-up ip route add default via 10.0.0.1 dev eth0 tab 1
post-up ip rule add from 10.0.0.170/32 tab 1 priority 500
auto eth1
iface eth1 inet dhcp
post-up ip route add default via 10.0.0.1 dev eth1 tab 2
post-up ip rule add from 10.0.0.190/32 tab 2 priority 600

- And to ensure they survive a restart /etc/init.d/networking restart

We should be working!

Related reading and things that helped me:
- AWS Forums: Unable to connect to EC2 instance in VPC
- Getting ip rules and routes to work on reboot: Ubuntu Linux Add Static Route
- Video on EC2 VPC multiple IP basics: How to add extra IP addresses on one EC2 Instance

Image credit: Flickr user "Andreas Beer"