-1

I tried to traceroute from one ec2 to another ec2 and found that the first hop is 

[centos@ip- ~]$ sudo traceroute -T 13.114.151.20 traceroute to
13.114.151.20 (13.114.151.20), 30 hops max, 60 byte packets  
1  * * *  
2  ec2-13-114-151-20.ap-northeast-1.compute.amazonaws.com (13.114.151.20)  0.340 ms  0.337 ms  0.346 ms

may i know why is that so?

Also it seems always two hops away from two ec2 in the same region?

tesla1060
  • 2,621
  • 6
  • 31
  • 43

1 Answers1

4

When two EC2 machines in the same region communicate using their public IP addresses, the traffic goes through the Internet Gateway, which doesn't respond to your traceroute.

The number of hops is always 2 but this isn't meaningful information. The network isn't an Ethernet network built of switches and routers like you'd find in your local data center. There are switches and routers, of course, but not in the sense you would assume... the entire network you see is a "software-defined" network, emulated on top of another, invisible network. In overly simplified terms, everything is a series of tunnels, and nature of tunnels prevents visibility of the networks actually transporting the tunnels.

See Another Day, Another Billion Flows for some insight into the actual implementation details.

Michael - sqlbot
  • 169,571
  • 25
  • 353
  • 427
  • hi, thanks for the resources and answer, just a follow up question, is there any way to optimize the communication with another ec2 instance on a separate vpc, but same region? or what is the standard way to benchmark network performance between two ec2 instance in difference vpc but same region? – tesla1060 Oct 24 '18 at 05:52
  • You have a round trip time of ~340 *microseconds* (< 1 ms) here. How much more optimal are you looking for? Are these VPCs in the same AWS account, or different? Why are you using public IPs, which is necessarily a less-direct path than using VPC peering? – Michael - sqlbot Oct 24 '18 at 11:26
  • hi Michael, that is actually also my question, they are on two aws account. I have no control of the other account. I only know it is an ec2 instance, is there a more direct way other than using public ip in this case? – tesla1060 Oct 25 '18 at 02:24