Shortly after publishing my notes on the EC2 architecture, I was looking into the networking setup of EC2 and in particular figuring out their address schemes. Since I am currently no longer interested in such information, I will publish my incomplete notes and the raw data gathered from about 80 instances in this post. My notes are based on information obtained from small instances in the us-east-1d zone.
I assumed the first hop in the traceroute from a VM is the actual dom0 IP address.
Consider the private IP addresses in the form
10.X.Y.Z. I have noticed that Y is partitioned into blocks containing a /24 for dom0 IP addresses, a /24 for VMs, and a /23 for another set of VMs. For example:
10.208.176/24 is the dom0 range;
10.208.177/24 the first VM range;
10.208.178/23 the second VM range.
Based on my data, the dom0 IP addresses always end in
.3, but there seems to be no pattern between a VM’s IP address and the ending of the corresponding dom0.
I do not have many information on this one. MAC addresses are typically in the form of
12:31:39:X:Y:Z, where X can be derived from the second octet of the private IP address. The following list gives the value of X for the second IP address octet. As an example: IP
10.210.X.Y leads to
12:31:39:09:X':Y', because 09 is listed for octet 210.
00 254 01 255 02 248 03 249 04 240 05 241 06 208 07 209 09 210 0A 211 0B 214 0C 215
The raw data can be found here. It contains network configuration information (ifconfig, traceroute, and routes) of about 80 instances from the us-east-1d zone. Let me know if you make any interesting discoveries based on that data.