AWS的169.254.169.254 IP地址有何特别之处? [英] What's special about 169.254.169.254 IP address for AWS?
问题描述
此IP似乎正在运行提供的服务我的实例有很多有用的元数据,但我想知道为什么 169.254.169.254 ?该IP地址有什么特别之处? 并且还想知道是否该IP被该服务占用的事实是否让我错过了通过Internet连接到具有该IP的服务器的机会吗?
169.254.169.254是保留的 RFC-1918 (10.0.0.0/8,172.16.0.0/12和192.168.0.0/16),因为该块也不能在Internet上使用,因此,将本地链接"进一步限制为无法通过任何路由器¹来访问. -根据设计,它们仅存在于直接连接的网络上.
AWS需要创建可从任何系统访问的服务端点,并且在此块中选择地址会导致它与不常用的IP地址空间发生冲突.明智的选择.
大概是因为其美观或易于记忆而选择了该块中的此特定地址.
有趣的事实!相邻地址169.254.169.25 3 是 VPC中的DNS解析器,以及您可能熟悉的距VPC超级网络底部2号偏移量的DNS解析器.这对于配置独立于操作系统进行自己的DNS查找的软件(例如HAProxy)非常方便,因此,当将软件部署在不同的VPC中时,无需修改软件中的DNS解析器配置.没有文件记载的理由相信此地址代表的地址解析器与地址块中的解析器不同",只是访问同一事物的一种不同方式.
但是,等等,还有更多! 169.254.169. 123 提供了第3层NTP时间源,允许实例从provides a lot of useful metadata for my instance, but I'm wondering why 169.254.169.254? What's special about that IP address? And also wondering if the fact of having that IP occupied by that service I'm missing the chance to connect to a server with that IP on the internet?
169.254.169.254 is an IP address from the reserved IPv4 Link Local Address space 169.254.0.0/16 (169.254.0.0 through 169.254.255.255). Similar to the private address ranges in RFC-1918 (10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16) in the sense that this block also can't be used on the Internet, Link Local is further restricted to being unreachable via any router¹ -- by design, they only exist on the directly-connected network.
AWS needed to create a service endpoint accessible from any system and the selection of an address in this block causes it to conflict with no commonly used IP address space. Clever choice.
Presumably this specific address within the block was chosen for its aesthetic appeal or being easy to remember.
Fun fact! The adjacent address 169.254.169.253 is a DNS resolver in VPC in addition to the one you're probably familiar with at offset 2 from the base of your VPC supernet. This comes in very handy for configuring software that does its own DNS lookups independent from the OS (like HAProxy), so that the DNS resolver configuration in the software doesn't need to be modified when deployed in different VPCs. There's no documented reason to believe this address represents a "different" resolver than the one within your address block, just a different way of accessing the same thing.
But wait, there's more! 169.254.169.123 provides a stratum-3 NTP time source, allowing instances to maintain their system clock time with ntpd or chrony without requiring Internet access, from the Amazon Time Sync Service. This service also uses Amazon's leap second logic to distribute any leap seconds throughout the day they occur, rather than the clock advancing from 23:59:59 to 23:59:60 to 00:00:00, which can be problematic.
¹unreachable via any router is not a hard constraint in most IP stacks, as link local addresses can be the subject of a static route, but these addresses are not generally considered routable.
这篇关于AWS的169.254.169.254 IP地址有何特别之处?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
