Key Differences Between Traffic IP Groups on an EC2 and Traffic IP Groups on Other Platforms

Pulse Secure Virtual Traffic Manager 21.4: Cloud Services Installation and Getting Started Guide

Key Differences Between Traffic IP Groups on an EC2 and Traffic IP Groups on Other Platforms

Traffic IP groups on EC2 variants are implemented using either AWS Elastic IP addresses or private IP addresses (VPCs only).

To use Traffic IP addresses on EC2 you must launch an instance with an assigned IAM role.

Using Elastic IP Addresses in Traffic IP Groups

An Elastic IP Address is a public IP address that can be reserved and assigned manually to a virtual machine instance, replacing the randomly-assigned public IP address that the instance was allocated when it was created (or, in the case of VPCs, to map to the private IP addresses raised when the instance is created). The instance's private IP address and private DNS name do not change when the Elastic IP Address is assigned. Amazon places some restrictions on Elastic IP Addresses that are reflected in the behavior and capabilities of Traffic IP groups on EC2. These restrictions vary depending on whether you are using EC2-Classic or VPC for your deployment.

For EC2-Classic:

•A Traffic IP group can only contain one public Traffic IP Address (default or Elastic) at any one time;

•A Traffic Manager instance can only be a member of one Traffic IP group;

•When a Traffic Manager raises a Traffic IP address its Admin UI is only available outside the EC2-Classic network on that address;

•All traffic sent to the Elastic IP address is delivered to the same Traffic Manager instance.

•Instances created inside a VPC differ in that they can have two or more Elastic IP Addresses assigned to them at once; one to map to the primary private IP for management traffic, and the rest to map to free secondary private IP addresses for use in Traffic IP groups.

Traffic IP address failover might be slower on EC2 than on other platforms.

When a Traffic Manager running on EC2 lowers a Traffic IP address, the Traffic Manager receives a new public IP address. Amazon does not charge for Elastic IP addresses that are in use; that is, the Elastic IP addresses that are assigned to running instances. However, Amazon does charge for unused Elastic IP addresses. There is also a charge for moving an Elastic IP address from one instance to another, but the first 100 such moves in each billing period are currently free of charge. Therefore, create only as many Elastic IP addresses as you need to avoid unnecessary charges and failovers.

For up to date information on EC2 pricing policies, see Amazon's EC2 documentation.

Using Private IP Addresses in Traffic IP Groups

Private IP addresses differ from Elastic IP addresses in that they are not chargeable on an individual basis by Amazon, and are limited in quantity by your subnet size and the type of instance you have. Private IP addresses are also, in contrast to Elastic IP addresses, not assigned to a specific AWS account.

Traffic IP groups based on private IP addresses are single-hosted in nature. To use private IP addresses in a Traffic IP group, your Traffic Manager instances must be inside a VPC, in the same "availability zone" (within a region), and must have Elastic Network Interfaces (ENIs) in the same subnet. Additionally, you must be able to raise a free secondary IP address on the ENI for this purpose - the primary IP address on the ENI remains as-is.

While using private Traffic IP addresses, the Traffic Manager operates with the following functionality:

•You can use multiple ENIs configured on different subnets. The Traffic Manager selects the correct ENI to use for the Traffic IP group.

•A Traffic Manager can be in a private IP address Traffic IP group and an elastic IP address Traffic IP group simultaneously.

•Multihosted and Route Health Injection (RHI) based fault tolerance is not supported as private IP addresses cannot be assigned to multiple Traffic Manager instances.