AWS + Kumo + IPs

get-help
1

Hello KumoMTA team and Discord users.
This question is more about AWS I guess, but maybe you can help me here.
I have EC2 on AWS with KumoMTA with IP address with one network interface available eth0.
I have my BYOIP pool on AWS as well, around 200 addresses.
This is what I’m doing to onboard new IP:

  • I need to allocate new IP from my pool to AWS
  • I need to reserve private IP address on eth0
  • I need to map allocated IP from my pool to that private allocated IP
  • I need to setup network on my OS (for each IP)
    DEVICE=eth0:11 # Change this to match the file name (eth0:3, eth0:4, etc.)
    BOOTPROTO=static
    ONBOOT=yes
    IPADDR=172.XX.XX.XXX # private IP
    NETMASK=255.255.255.255

This config works, I’m able to send emails with KumoMTA and my IPs.
But I recently realized that I have limits on my eth0 with private addresses, so basically I can’t add more that 15 or so.

In that case how can I onboard all my IPs on AWS with Kumo?

Thanks for any feedback.

4

Is it possible to add more interfaces?

5

And, can you add static routes?

6

I can add more interfaces, but it’s also limited and depends on instance size, and it will not help me tbh, even if I’ll add 1-2 interfaces, looks like it will be limited with 15 private IPs.
Can you pls elaborate on static routes if you dont mind? Thanks!

7

Have you asigned your pool to an ENI?

8

Sry, I don’t know much about AWS

9

Just got some ideas

10

If you can assign your IPs to an ENI and then create an EC2 VM that has access to this ENI, then you should be able to configure IPs from that interface

11

/etc/netplan/50-cloud-init.yaml

network:
  version: 2
  ethernets:
    eth0:
      addresses:
        - <YOUR_BOYIP>/32
12

Sth like that

13

idk if it’s possible with AWS tho

14

We have a similar setup, but with Bird (BGP).

15

You can create instances with multiple interfaces and use KumoProxy on the instances so your MTAs can get to their IPs, or you can use this: Prefix delegation for Amazon EC2 network interfaces - Amazon Elastic Compute Cloud

16

Thank you Mike! Will check today!

17

Thank you!

18

@yearning-hyena sorry for bothering, did you have experience with prefix-eni? (the link you shared), I tried different approaches and still having issues with that. Just for the context - I can assign IPs from my pool using ElasticIP, so how it works now:

Now I have private addresses on eth0 :
private 172.31.9.17 => mapped to public 198.102.15.6
I have A record in DNS for 198.102.15.6 => mail6.mydomain.org

I have IPXO DNS record for my IP also:
198.102.15.6 mail6.mydomain.org 3600

on my KumoMTA instance (I need these IPs to send emails) I have this:
[source.“ip6”]
source_address = “172.31.9.17”
ehlo_domain = ‘mail6.mydomain.org

With this approach it works, I can use my public IPs for KumoMTA.

But obviously it has limits, I can’t assign more than N addresses per network interface, and if I need to onboard like 200 IPs even adding new NI is not an option (you can’t add too many anyways).

Maybe I don’t understand fundamentals of this how it should work? I feel like configuring multiple IPs per EC2 is not a rocket science.

Thanks.

19

A common approach is to use proxies to hold IPs, while scaling the MTAs separately.

20

Prefixes for network interfaces are limited to IPv6 addresses and private IPv4 addresses

21

Private IPs only unfortunately

22

The other thing you’ll need to keep track of when using the private to public mapping. When kumo sends to a proxy instance you need to use the private IP that corresponds to the desired public IP on the ENI.