I’m a beginner. In the VPC flow log, I found traffics where the src address is the public ip of my ec2 instance (let’s call it B) and the dst address is the private ip of that same instance B. And vice versa, sometimes the src address is the private ip of the ec2 instance and the dst address is the public ip of that same instance.
For example, instance B; public ip = 1.1.1.1; private ip = 2.2.2.2
Then in VPC flow log,
srcaddr = 1.1.1.1
dstaddr = 2.2.2.2
srcaddr = 2.2.2.2
dstaddr = 1.1.1.1
This is my first question. Could someone please explain to me how this is even possible? Surprisingly, these kinds of traffics are the ones using up the highest bytes.
ec2 instance talks to other backend instances B via internet-facing LB as shown in the figure.
My infrastructure
My understanding is that if instance A connects to instance B, the src address should be the ip of instance A and dst address should be ip of insance B. OR if instance A is connecting to LB, the src address should be instance A’s ip and dst address should be LB’s ip adddress.
Second question is public IP is used when ec2 connects to internet-facing LB. Is that the reason why our regional data transfer costs is high?
Thank you so much for your help.
Soe Moe Kyaw is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.