DEV Community

Jesus Blazquez
Jesus Blazquez

Posted on

SBC ORACLE ACME PACKET HA IN AWS

To configure the HA utility of the Acme Packet SBCs in AWS, we must make use of the script pre-installed in the OS of our SBC, we do not need to make any changes to this script, but if we want to consult it we can access it by entering the SHELL of the SBC, writing our password, which we previously had to define for shell access:

Image description

Once inside we can consult the script:
Image description

Analyzing the script, we can see that it uses a variable to check the status of the SBC and assign which interfaces are active at that moment, so that AWS will assign the IPs to that machine, we can see in the AWS console that the IPs assigned change from one machine to another in the cluster, depending on whether one or the other is the active node.

The prerequisites for this to work are to have DHCP activated in the SBC (we will assign a static IP from the AWS console), for this we must not configure IPs in Bootparam:
Image description

and we must confirm that we have the AWS DNS server IP in the SBC /etc/resolv.conf file (accessed from the shell):
Image description

Once these points have been confirmed, for this change to be possible we need to assign a specific IAM role and a specific IAM Policy to the 2 EC2 of the node, where we need to define the variables that AWS will use to know which of the 2 cluster machines it should assign to. the IP's.
Once the IAM Role is created, we must paste this JSON code in the IAM Policy, so that AWS can work with the script developed by Oracle for HA in AWS.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "ec2:DescribeAddresses",
                "ec2:DescribeNetworkInterfaces",
                "ec2:DescribeNetworkInterfaceAttribute",
                "ec2:DescribeInstanceAttribute",
                "ec2:DescribeSubnets",
                "ec2:AssignPrivateIpAddresses",
                "ec2:AssociateAddress",
                "ec2:DescribeSecurityGroups",
                "ec2:DescribeInstanceStatus"
            ],
            "Resource": "*",
            "Effect": "Allow"
        }
    ]
}
Enter fullscreen mode Exit fullscreen mode

We save this information and we can now test if by changing the active/passive node, all our additional IPs as well as the elastic IPs must balance between the different nodes, always being assigned to the active node at that moment.
Also comment that at the time of assigning the additional IP's as well as the elastic IP's we must make sure that the node in which we are assigning the IP's is active.

Enjoy

Top comments (0)