I’m running a Consul cluster in EC2 with agents also in EC2 - all works great. This is federated with a few “regions” via WAN gossip over VPC Peering and that also works great.
I have some physical servers in each “region” that I’d like to run consul agents on - effectively as LAN members of the local region. I’m able to open up the AWS security group for this but since EC2 instances are NAT’d I’m not sure how to make this work.
NAT
┌────────┐ ┌─┐ ┌────────┐
│ │ │ │ │ |
│ EC2 o eth0 │ │ Public IP eth0 o Phys│
│ VM │ 192.0.2.1 │ │ 52.a.b.c 203.a.b.c │ │
└────────┘ └─┘ └────────┘
I need a consul agent running on Phys
to be able to LAN peer with a Consul server running on the EC2 instance.
It’s working today via a VPN so that all the hosts have IPs that are directly reachable but that’s messy and I’d much rather do it direct. Is it possible?