0

I have an EC2 registered to ECS cluster on which tasks can run. Originally I chose the awsvpc network mode so every task(container) had it's own ENI(IP). But I ran into limitation at https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html#AvailableIpPerENI

ENI Limit is 3 for m5.large instance type

So I changed the network mode to bridge Will using the bridge network limit the tasks to 10 because from the screenshot above the private IP per ENI is limit to 10. I do not know if using bridge assigns a private IP to the task or not. I checked output of ifconfig on the EC2 host but it returns a long list of entries(some with private IPs and some without)

Rohini
  • 45
  • 4

1 Answers1

1

TL/DR: the way bridge networking works is by assigning a port number to the task and expose it to the main ENI of the instance. So you would not hit any ENI/IP limit. If you are still eager to take advantage of the plus of AWS VPC networking mode you may be exploring the Trunk ENI solution that allows you to create virtual ENI to overcome the number of ENIs limit you are pointing out.

The full story: https://docs.aws.amazon.com/AmazonECS/latest/bestpracticesguide/networking-networkmode.html

Also, have you considered Fargate? It hides ALL of this and more.

mreferre
  • 426
  • 1
  • 5
  • Facing this limitation I realized there wasn't any need for every task to have an ENI. I just thought it would be easier to access the container with IP rather than via the docker host, which is why I went for awsvpc. Further the registration with target group had IP support so awsvpc seemed like a good choice. But bridge works just as well. We have a mix of tasks on Fargate SPOT and EC2. Tasks which require more storage(>30GB) will go on EC2 and use bind mounts to leverage the host EBS volume rather than using EFS if they were running on Fargate – Rohini Aug 12 '21 at 09:10
  • Cool. I am happy the networking model(s) resonate(s) for you. BTW not sure if you have missed it but now (recently announced) Fargate tasks supports [up to 200GB of EPHEMERAL](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/fargate-task-storage.html) storage. Keyword being ephemeral. If that works for you. If volumes need to persist somehow than using EC2 seems just about right. – mreferre Aug 12 '21 at 12:56
  • 200GB could come in handy. I couldn't find a way to specify storage while creating task definition from the portal. Would it be correct to assume the only way to specify would be to create a task definition json with the param and upload it to ECS? Also the link doesn't specify units. Is it supposed to be `"ephemeralStorage": "100"` or `"ephemeralStorage": "100GB"` – Rohini Aug 18 '21 at 12:23
  • Yes this is not available in the console yet. You can only configure it for now using AWS Copilot CLI, CloudFormation, AWS SDK, and AWS CLI. I haven't test it yet but according to [this](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-ephemeralstorage.html) it looks like it may be `100`. – mreferre Aug 18 '21 at 12:48