Shortly after publishing my notes on the EC2 architecture, I was looking into the networking setup of EC2 and in particular figuring out their address schemes. Since I am currently no longer interested in such information, I will publish my incomplete notes and the raw data gathered from about 80 instances in this post. My notes are based on information obtained from small instances in the us-east-1d zone.
I assumed the first hop in the traceroute from a VM is the actual dom0 IP address.
Consider the private IP addresses in the form 10.X.Y.Z. I have noticed that Y is partitioned into blocks containing a /24 for dom0 IP addresses, a /24 for VMs, and a /23 for another set of VMs. For example: 10.208.176/24 is the dom0 range; 10.208.177/24 the first VM range; 10.208.178/23 the second VM range.
Based on my data, the dom0 IP addresses always end in .2 or .3, but there seems to be no pattern between a VM’s IP address and the ending of the corresponding dom0.
I do not have many information on this one. MAC addresses are typically in the form of 12:31:39:X:Y:Z, where X can be derived from the second octet of the private IP address. The following list gives the value of X for the second IP address octet. As an example: IP 10.210.X.Y leads to 12:31:39:09:X':Y', because 09 is listed for octet 210.
00 254
01 255
02 248
03 249
04 240
05 241
06 208
07 209
09 210
0A 211
0B 214
0C 215The raw data can be found here. It contains network configuration information (ifconfig, traceroute, and routes) of about 80 instances from the us-east-1d zone. Let me know if you make any interesting discoveries based on that data.