AWS 的 169.254.169.254 IP 地址有什么特别之处? [英] What's special about 169.254.169.254 IP address for AWS?
问题描述
此 IP 似乎正在运行 提供的服务我的实例有很多有用的元数据,但我想知道为什么 169.254.169.254?该 IP 地址有什么特别之处?还想知道该服务占用该 IP 的事实是否让我错过了连接到 Internet 上具有该 IP 的服务器的机会?
169.254.169.254 是来自保留的 IPv4 链接本地地址 空格 169.254.0.0/16(169.254.0.0 到 169.254.255.255).类似于 RFC-1918 (10.0.0.0/8, 172.16.0.0/12 和 192.168.0.0/16),因为该块也不能在 Internet 上使用,Link Local 进一步限制为无法通过任何路由器¹访问--根据设计,它们仅存在于直接-连接的网络.
AWS 需要创建一个可从任何系统访问的服务端点,并且在此块中选择地址可以避免与常用 IP 地址空间发生冲突.明智的选择.
大概选择这个街区内的特定地址是因为它的美感或易于记忆.
有趣的事实!相邻地址 169.254.169.253 是一个 VPC 中的 DNS 解析器 以及您可能熟悉的离 VPC 超网基础偏移 2 处的解析器.这对于配置独立于操作系统(如 HAProxy)进行自己的 DNS 查找的软件非常方便,因此当部署在不同的 VPC 中时,不需要修改软件中的 DNS 解析器配置.没有文件证明的理由相信这个地址代表一个不同"的地址.解析器不同于地址块中的解析器,只是访问同一事物的不同方式.
但是等等,还有更多!169.254.169.123 提供第 3 层 NTP 时间源,允许实例使用 ntpd 或 chrony 维护其系统时钟时间,而无需访问 Internet.amazon.com/blogs/aws/keeping-time-with-amazon-time-sync-service/" rel="noreferrer">亚马逊时间同步服务.该服务还使用亚马逊的闰秒逻辑来分配发生在一天中的任何闰秒,而不是将时钟从 23:59:59 提前到 23:59:60 到 00:00:00,这可能会产生问题.
¹无法通过任何路由器访问在大多数 IP 堆栈中并不是硬约束,因为链路本地地址可以是静态路由的主题,但这些地址通常不被认为是可路由的.
This IP seems to be running a service that provides a lot of useful metadata for my instance, but I'm wondering why 169.254.169.254? What's special about that IP address? And also wondering if the fact of having that IP occupied by that service I'm missing the chance to connect to a server with that IP on the internet?
169.254.169.254 is an IP address from the reserved IPv4 Link Local Address space 169.254.0.0/16 (169.254.0.0 through 169.254.255.255). Similar to the private address ranges in RFC-1918 (10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16) in the sense that this block also can't be used on the Internet, Link Local is further restricted to being unreachable via any router¹ -- by design, they only exist on the directly-connected network.
AWS needed to create a service endpoint accessible from any system and the selection of an address in this block allows it to avoid conflict with the commonly used IP address space. Clever choice.
Presumably this specific address within the block was chosen for its aesthetic appeal or being easy to remember.
Fun fact! The adjacent address 169.254.169.253 is a DNS resolver in VPC in addition to the one you're probably familiar with at offset 2 from the base of your VPC supernet. This comes in very handy for configuring software that does its own DNS lookups independent from the OS (like HAProxy), so that the DNS resolver configuration in the software doesn't need to be modified when deployed in different VPCs. There's no documented reason to believe this address represents a "different" resolver than the one within your address block, just a different way of accessing the same thing.
But wait, there's more! 169.254.169.123 provides a stratum-3 NTP time source, allowing instances to maintain their system clock time with ntpd or chrony without requiring Internet access, from the Amazon Time Sync Service. This service also uses Amazon's leap second logic to distribute any leap seconds throughout the day they occur, rather than the clock advancing from 23:59:59 to 23:59:60 to 00:00:00, which can be problematic.
¹unreachable via any router is not a hard constraint in most IP stacks, as link local addresses can be the subject of a static route, but these addresses are not generally considered routable.
这篇关于AWS 的 169.254.169.254 IP 地址有什么特别之处?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
