{"id":1553,"date":"2016-02-21T17:31:21","date_gmt":"2016-02-21T22:31:21","guid":{"rendered":"https:\/\/www.redline13.com\/blog\/?p=1553"},"modified":"2016-02-21T17:31:21","modified_gmt":"2016-02-21T22:31:21","slug":"load-testing-with-private-subnets-and-nat-gateways","status":"publish","type":"post","link":"https:\/\/www.redline13.com\/blog\/2016\/02\/load-testing-with-private-subnets-and-nat-gateways\/","title":{"rendered":"Load Testing with private subnets and NAT"},"content":{"rendered":"<p>AWS has made networking configuration many times\u00a0simpler over managing your hardware. Anyone now has the power to create a network, but with such power comes a lot of mistakes. \u00a0One of the challenges comes with load testing internal applications hosted on AWS. This article is a general guide which could help anyone testing internal applications. In the end, we demonstrate launching a RedLine13 load test within AWS private subnet communicating externally through an NAT gateway.<\/p>\n<blockquote><p>Note: If you are looking\u00a0to use security groups and no NAT Gateway take a look the easier approach documented in <a href=\"https:\/\/www.redline13.com\/blog\/2016\/02\/load-testing-internal-application-using-security-groups\/\">Load Testing an Internal Application using Security Groups<\/a>.<\/p><\/blockquote>\n<hr \/>\n<h2>Table Of Contents<\/h2>\n<ul>\n<li><strong>Key Terms<\/strong> &#8211; A quick glossary of the items covered<\/li>\n<li><strong>Goal<\/strong> &#8211; What are we trying to test<\/li>\n<li><strong>Gathering Information<\/strong> &#8211; We need to understand the existing AWS setup<\/li>\n<li><strong>Just Running Tests<\/strong> &#8211; Why we can&#8217;t just run a test<\/li>\n<li><strong>Setting Up Load Test Architecture<\/strong> &#8211; Setting up a network for the load tests<\/li>\n<li><strong>What does our Network look like?<\/strong> &#8211; Recap of Load Architecture + Application Architecture<\/li>\n<li><strong>How to test this setup<\/strong> &#8211; Before we run the load test we can confirm<\/li>\n<li><strong>Running Load Test from RedLine13<\/strong> &#8211; Executing a RedLine13 load test<\/li>\n<li><strong>Final Architecture and Final Word<\/strong><\/li>\n<\/ul>\n<hr \/>\n<h2>Key Terms<\/h2>\n<p>Terms that you might not use day to day.<\/p>\n<table>\n<tbody>\n<tr>\n<td>ELB<\/td>\n<td>Elastic Load Balancer is an Amazon Web Service that sits in front of multiple servers to balance workload<\/td>\n<\/tr>\n<tr>\n<td>Internal ELB<\/td>\n<td>Internal Elastic Load Balancer, same as ELB but only allows internal traffic<\/td>\n<\/tr>\n<tr>\n<td>NAT Gateway<\/td>\n<td>Network address translation gateway. Enables\u00a0internal EC2 instances to communicate with external resources<\/td>\n<\/tr>\n<tr>\n<td>Security Group<\/td>\n<td>Defines the security rules which can are applied to Load Balancers and EC2 Instances<\/td>\n<\/tr>\n<tr>\n<td>VPC<\/td>\n<td>Virtual Private Cloud which represents a network within AWS<\/td>\n<\/tr>\n<tr>\n<td>Subnet<\/td>\n<td>A VPC is comprised of\u00a01 or more subnets<\/td>\n<\/tr>\n<tr>\n<td>RouteTables<\/td>\n<td>Controls the traffic from a subnet to\u00a0other endpoints<\/td>\n<\/tr>\n<tr>\n<td>Network ACL<\/td>\n<td>Further traffic management<\/td>\n<\/tr>\n<tr>\n<td>\u00a0CIDR<\/td>\n<td>A format for specifying an IP range. \u00a0Classless Inter-Domain Routing.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<hr \/>\n<h2>Goal<\/h2>\n<p><em>Creating a load test that executes against services\u00a0only accessible\u00a0internally, but needing to report metrics to an external system or provider.<\/em><\/p>\n<p>Your application architecture looks perhaps something like the following with the desire to simulate thousands of users while maintaining your security goal of not permitting external traffic to your service.<\/p>\n<p><a href=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Goal-Architecture.png\"><img loading=\"lazy\" decoding=\"async\" class=\" wp-image-1569 aligncenter\" src=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Goal-Architecture.png\" alt=\"Goal Architecture\" width=\"600\" height=\"445\" srcset=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Goal-Architecture.png 1474w, https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Goal-Architecture-300x223.png 300w, https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Goal-Architecture-1024x760.png 1024w, https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Goal-Architecture-768x570.png 768w\" sizes=\"auto, (max-width: 600px) 100vw, 600px\" \/><\/a><\/p>\n<p>We will work on understanding the\u00a0details of the architecture and creating a step by step approach to solving it.<\/p>\n<hr \/>\n<h2>Gathering Information<\/h2>\n<p>URLs from the examples below will be for the us-east-1 region.<\/p>\n<h3>Step 1. \u00a0Know your Security Group.<\/h3>\n<p>What does your security group allow? \u00a0What traffic is allowed to access this ELB? Do you have custom Network ACL rules?<\/p>\n<p><a href=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Gathering-Step1-Arch-Take-2.png\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-1565 aligncenter\" src=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Gathering-Step1-Arch-Take-2.png\" alt=\"Gathering Step1 Arch Take 2\" width=\"430\" height=\"390\" srcset=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Gathering-Step1-Arch-Take-2.png 453w, https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Gathering-Step1-Arch-Take-2-300x272.png 300w\" sizes=\"auto, (max-width: 430px) 100vw, 430px\" \/><\/a><\/p>\n<p>We are looking at the details of the two security groups<\/p>\n<p>a) Security Group for internal servers<\/p>\n<ul>\n<li>Limits traffic to just the Internal ELB<\/li>\n<li>Find an <a href=\"https:\/\/console.aws.amazon.com\/ec2\/v2\/home?region=us-east-1#Instances:sort=instanceState\">internal server<\/a>, view the Description, Find Security Groups, Select Security Group, View Inbound Rules<\/li>\n<li>If the source is a security group, it only allows instances to connect with the same security group.<\/li>\n<li>This one\u00a0rule only allows our Internal ELB to connect to our servers<\/li>\n<li><a href=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Gathering-Step1a-Security-Group.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-1563\" src=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Gathering-Step1a-Security-Group.png\" alt=\"Gathering Step1a Security Group\" width=\"596\" height=\"73\" srcset=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Gathering-Step1a-Security-Group.png 1676w, https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Gathering-Step1a-Security-Group-300x37.png 300w, https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Gathering-Step1a-Security-Group-1024x126.png 1024w, https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Gathering-Step1a-Security-Group-768x94.png 768w, https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Gathering-Step1a-Security-Group-1536x189.png 1536w, https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Gathering-Step1a-Security-Group-1568x193.png 1568w\" sizes=\"auto, (max-width: 596px) 100vw, 596px\" \/><\/a><\/li>\n<\/ul>\n<p>b) Security Group for the internal load balancer.<\/p>\n<ul>\n<li>Find your <a href=\"https:\/\/console.aws.amazon.com\/ec2\/v2\/home?region=us-east-1#LoadBalancers:\">Internal LB<\/a>, look at the Security tab, Select Security Group, View Inbound Rules<\/li>\n<li>Limits traffic to HTTP from\u00a0the internal VPC\u00a0or even specific subnets within the VPC<\/li>\n<li>This example limits the Internal LB to traffic from\u00a0172.30.0.0\/24, which is the range\u00a0172.30.0.0 &#8211;\u00a0172.30.0.255<\/li>\n<li><a href=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Gathering-Step1b-Security-Group.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-1562\" src=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Gathering-Step1b-Security-Group.png\" alt=\"Gathering Step1b Security Group\" width=\"573\" height=\"47\" srcset=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Gathering-Step1b-Security-Group.png 1884w, https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Gathering-Step1b-Security-Group-300x25.png 300w, https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Gathering-Step1b-Security-Group-1024x84.png 1024w, https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Gathering-Step1b-Security-Group-768x63.png 768w, https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Gathering-Step1b-Security-Group-1536x126.png 1536w, https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Gathering-Step1b-Security-Group-1568x128.png 1568w\" sizes=\"auto, (max-width: 573px) 100vw, 573px\" \/><\/a><\/li>\n<\/ul>\n<p>We will be dealing with cases where your ELB limits traffic to specific IPs or only traffic coming from a defined subnet. \u00a0Other possibilities exist, but the key is knowing how they are configured and creating your wiring diagram.<\/p>\n<h3>Step 2. \u00a0Know your VPC and SubNets<\/h3>\n<p>Your VPC defines your managed network and represents an internal IP range: VPC-CIDR. Here is\u00a0a default VPC and its network configuration.<\/p>\n<ul>\n<li data-wpview-marker=\"https%3A%2F%2Fconsole.aws.amazon.com%2Fvpc%2Fhome%3Fregion%3Dus-east-1%23vpcs%3A\">Find the VPC for which your internal application resides in by looking in the\u00a0description tab<\/li>\n<li data-wpview-marker=\"https%3A%2F%2Fconsole.aws.amazon.com%2Fvpc%2Fhome%3Fregion%3Dus-east-1%23vpcs%3A\">You can\u00a0list all VPCs @ https:\/\/console.aws.amazon.com\/vpc\/home?region=us-east-1#vpcs:<\/li>\n<\/ul>\n<p>And you\u00a0can then view your Subnets which take ranges of IPs within your VPC. \u00a0Notice these are all internal IP addresses.<\/p>\n<ul>\n<li data-wpview-marker=\"https%3A%2F%2Fconsole.aws.amazon.com%2Fvpc%2Fhome%3Fregion%3Dus-east-1%23subnets%3A\">Find the Subnet for which your internal application resides in by looking in the description tab<\/li>\n<li data-wpview-marker=\"https%3A%2F%2Fconsole.aws.amazon.com%2Fvpc%2Fhome%3Fregion%3Dus-east-1%23subnets%3A\">To list all Subnets, go to https:\/\/console.aws.amazon.com\/vpc\/home?region=us-east-1#subnets:<\/li>\n<\/ul>\n<p><a href=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Gathering-step2-VPC-Subnet1.png\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-1566 aligncenter\" src=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Gathering-step2-VPC-Subnet1.png\" alt=\"Gathering step2 VPC-Subnet\" width=\"354\" height=\"389\" srcset=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Gathering-step2-VPC-Subnet1.png 862w, https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Gathering-step2-VPC-Subnet1-273x300.png 273w, https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Gathering-step2-VPC-Subnet1-768x843.png 768w\" sizes=\"auto, (max-width: 354px) 100vw, 354px\" \/><\/a><\/p>\n<h3>Step 3. Know your ELB and Application.<\/h3>\n<p>To\u00a0setup our load agents, we will need to know how your ELB and Applications will be configured. \u00a0For most, we just need to look into the ELB configuration.<\/p>\n<p>https:\/\/console.aws.amazon.com\/ec2\/v2\/home?region=us-east-1#LoadBalancers:<\/p>\n<ul>\n<li>Select your internal load balancer<\/li>\n<li>View the Description to find DNS<\/li>\n<li>Look at the Security Tab to find Security Group<\/li>\n<li>Use the Instances Tab for determining servers attached and their health<\/li>\n<li>You can also\u00a0confirm the VPC and Subnets involved.<\/li>\n<\/ul>\n<p><a href=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/LB-Description.png\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-1567 aligncenter\" src=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/LB-Description.png\" alt=\"LB Description\" width=\"619\" height=\"365\" srcset=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/LB-Description.png 863w, https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/LB-Description-300x177.png 300w, https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/LB-Description-768x453.png 768w\" sizes=\"auto, (max-width: 619px) 100vw, 619px\" \/><\/a><\/p>\n<h3>Step 4. Fill out the information<\/h3>\n<p>We need to gather some of that information from ELB, VPC, SubNets, and Security Groups.<\/p>\n<ul>\n<li>DNS Name of Internal ELB ________\n<ul>\n<li>Typically the request URL we will be using later<\/li>\n<li>Example: http:\/\/internal-InternalLB-808343934.us-east-1.elb.amazonaws.com<\/li>\n<\/ul>\n<\/li>\n<li>VPC ELB is launched in _____<\/li>\n<li>Subnet(s) For Application Instances \u00a0_____<\/li>\n<li>Security Group ELB ______\n<ul>\n<li>Rules ________<\/li>\n<\/ul>\n<\/li>\n<li>Security Group Instances _______\n<ul>\n<li>Rules ________<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h3>Step 5. Putting together what we know<\/h3>\n<p>So we now have a picture of our Application Architecture and\u00a0have\u00a0a sense of where the security and networking rules will apply.<\/p>\n<p><a href=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Internal-Architecture-with-details.png\"><img loading=\"lazy\" decoding=\"async\" class=\" wp-image-1568 aligncenter\" src=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Internal-Architecture-with-details.png\" alt=\"Internal Architecture with details\" width=\"602\" height=\"265\" srcset=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Internal-Architecture-with-details.png 786w, https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Internal-Architecture-with-details-300x132.png 300w, https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Internal-Architecture-with-details-768x338.png 768w\" sizes=\"auto, (max-width: 602px) 100vw, 602px\" \/><\/a><\/p>\n<table style=\"width: 100%;\">\n<tbody>\n<tr>\n<th style=\"width: 100%; color: white; text-align: center; background-color: #c40000;\">Need help to build a testing architecture, get in touch. info@redline13.com or <a href=\"https:\/\/redline13.com\/Service\">start a subscription<\/a><\/th>\n<\/tr>\n<\/tbody>\n<\/table>\n<hr \/>\n<h2>Just Running Tests<\/h2>\n<p>Q: At this point why not just run a load test?<\/p>\n<p>A: If you launch an instance into a VPC it could:<\/p>\n<p>a) Launch with a public IP. \u00a0In which cases calling\u00a0http:\/\/internal-InternalLB&#8230;.\/ \u00a0will look like a public IP Address and your Internal ELB rules will block the call. \u00a0Every time you run an agent, the public IP will change, making it impossible to keep updating the security group rules.<\/p>\n<p><a href=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Just-Running-Tests-Blocked-By-Security-Group.png\"><img loading=\"lazy\" decoding=\"async\" class=\" wp-image-1571 aligncenter\" src=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Just-Running-Tests-Blocked-By-Security-Group.png\" alt=\"Just Running Tests Blocked By Security Group\" width=\"606\" height=\"331\" srcset=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Just-Running-Tests-Blocked-By-Security-Group.png 805w, https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Just-Running-Tests-Blocked-By-Security-Group-300x164.png 300w, https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Just-Running-Tests-Blocked-By-Security-Group-768x420.png 768w\" sizes=\"auto, (max-width: 606px) 100vw, 606px\" \/><\/a><\/p>\n<p>b) Launch with a private instance and only internal IP. \u00a0These instances by default will not be able to reach https:\/\/www.redline13.com and, therefore, will never get a test to run or report metrics to the service.<\/p>\n<p><a href=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Just-Running-Tests-blocked-no-Public-connection.png\"><img loading=\"lazy\" decoding=\"async\" class=\" wp-image-1572 aligncenter\" src=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Just-Running-Tests-blocked-no-Public-connection.png\" alt=\"Just Running Tests blocked no Public connection\" width=\"606\" height=\"319\" srcset=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Just-Running-Tests-blocked-no-Public-connection.png 798w, https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Just-Running-Tests-blocked-no-Public-connection-300x158.png 300w, https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Just-Running-Tests-blocked-no-Public-connection-768x404.png 768w\" sizes=\"auto, (max-width: 606px) 100vw, 606px\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n<table style=\"width: 100%;\">\n<tbody>\n<tr>\n<th style=\"width: 100%; color: white; text-align: center; background-color: #c40000;\">Need help to build a testing architecture, get in touch. info@redline13.com or <a href=\"https:\/\/redline13.com\/Service\">start a subscription<\/a><\/th>\n<\/tr>\n<\/tbody>\n<\/table>\n<hr \/>\n<h2>Setting up Load Test Architecture<\/h2>\n<p>The solution is to run load testing agents within a\u00a0private subnet that defines a route table to send outgoing traffic through a NAT gateway. \u00a0The NAT gateway will allow the control of internal and external traffic as desired. \u00a0It is a recommended approach and will require some configuration. \u00a0The steps below should help get through the thick of it.<\/p>\n<p><a href=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Load-Testing-Architecture.png\"><img loading=\"lazy\" decoding=\"async\" class=\" wp-image-1574 aligncenter\" src=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Load-Testing-Architecture.png\" alt=\"Load Testing Architecture\" width=\"566\" height=\"553\" srcset=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Load-Testing-Architecture.png 562w, https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Load-Testing-Architecture-300x293.png 300w\" sizes=\"auto, (max-width: 566px) 100vw, 566px\" \/><\/a><\/p>\n<p>In our final architecture, we will end up with three subnets<\/p>\n<p style=\"padding-left: 30px;\">A) Our Internal Private Application Subnet. \u00a0The instances in this subnet are only reachable via HTTP through the internal LB.<\/p>\n<p style=\"padding-left: 30px;\">B) \u00a0NAT Gateway public subnet. \u00a0The NAT Gateway has a specific requirement to sit on a public subnet so it can reach the internet gateway and have a public IP.<\/p>\n<p style=\"padding-left: 30px;\">C) Agents private subnet. \u00a0A private subnet allows us to launch\u00a0load testing agents\u00a0inside our VPC that can not\u00a0be reached, but, as you will see, can communicate to Redline13 servers and your internal application.<\/p>\n<h3>Step 1. Create SubNet for NAT Gateway<\/h3>\n<ul>\n<li>Name your subnet<\/li>\n<li>Select the VPC<\/li>\n<li>Enter CIDR Block<\/li>\n<\/ul>\n<p>We created a SubNet within the same VPC as our internal application and selected the next available internal IP range.<\/p>\n<p>We use the default Route Table, default Network ACL, and the default setting for Auto-Assign Public IP.<\/p>\n<p><a href=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Create-Subnet-for-NAT1.png\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-1576 aligncenter\" src=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Create-Subnet-for-NAT1.png\" alt=\"Create Subnet for NAT\" width=\"469\" height=\"243\" srcset=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Create-Subnet-for-NAT1.png 593w, https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Create-Subnet-for-NAT1-300x155.png 300w\" sizes=\"auto, (max-width: 469px) 100vw, 469px\" \/><\/a><\/p>\n<h3>Step 2.\u00a0Create NAT Gateway<\/h3>\n<p>We now make the NAT gateway for the subnet we just created.<\/p>\n<ol>\n<li>Create the NAT Gateway from https:\/\/console.aws.amazon.com\/vpc\/home?region=us-east-1#NatGateways:sort=desc:natGatewayId<\/li>\n<li>Select the Subnet just created for NAT\n<ul>\n<li><a href=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/CreateNAT-with-subnet.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-1579\" src=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/CreateNAT-with-subnet.png\" alt=\"CreateNAT with subnet\" width=\"450\" height=\"198\" \/><\/a><\/li>\n<\/ul>\n<\/li>\n<li>NAT needs a public IP, and it requires an Elastic IP. \u00a0&#8220;Create New EIP&#8221; is the easiest way to do this unless you have one available.\n<ul>\n<li><a href=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/create-NAT.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-1580\" src=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/create-NAT.png\" alt=\"create NAT\" width=\"453\" height=\"167\" srcset=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/create-NAT.png 1794w, https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/create-NAT-300x110.png 300w, https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/create-NAT-1024x377.png 1024w, https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/create-NAT-768x283.png 768w, https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/create-NAT-1536x565.png 1536w, https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/create-NAT-1568x577.png 1568w\" sizes=\"auto, (max-width: 453px) 100vw, 453px\" \/><\/a><\/li>\n<\/ul>\n<\/li>\n<li>The NAT Gateway will have\u00a0an ID when created, and we will need this in a\u00a0few steps.<\/li>\n<\/ol>\n<p>Now the NAT gateway is created and should have an External IP address, which will be the IP address the outside world will see for requests routed through the NAT. \u00a0Using NAT+EIP is\u00a0an example of how many services flow all external traffic, enabling them to provide a whitelisted IP to third party companies.<\/p>\n<h3>Step 3. \u00a0Create Agent Subnet<\/h3>\n<p>This subnet will be where we send our load testing agents. \u00a0It is the same as other subnets except we will disable the Auto-Assign Public IP and create a special route table.<\/p>\n<p>A) Create Subnet<\/p>\n<ul>\n<li><a href=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Create-Agent-SubNet.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-1582\" src=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Create-Agent-SubNet.png\" alt=\"Create Agent SubNet\" width=\"367\" height=\"214\" \/><\/a><\/li>\n<\/ul>\n<p>B) \u00a0After it is created, we should also modify the subnet via Subnet Actions and turn off Auto-assign public IP address.<\/p>\n<ul>\n<li>Select Subnet Actions\u00a0<a href=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Subnet-Actions-AutoAssign-Public-IP.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-1583\" src=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Subnet-Actions-AutoAssign-Public-IP.png\" alt=\"Subnet Actions AutoAssign Public IP\" width=\"429\" height=\"127\" srcset=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Subnet-Actions-AutoAssign-Public-IP.png 1086w, https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Subnet-Actions-AutoAssign-Public-IP-300x89.png 300w, https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Subnet-Actions-AutoAssign-Public-IP-1024x304.png 1024w, https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Subnet-Actions-AutoAssign-Public-IP-768x228.png 768w\" sizes=\"auto, (max-width: 429px) 100vw, 429px\" \/><\/a><\/li>\n<li>Uncheck auto-assign IP\u00a0<a href=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Agent-Auto-Assign-Public-IP.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-1584\" src=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Agent-Auto-Assign-Public-IP.png\" alt=\"Agent Auto-Assign Public IP\" width=\"418\" height=\"181\" srcset=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Agent-Auto-Assign-Public-IP.png 1266w, https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Agent-Auto-Assign-Public-IP-300x130.png 300w, https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Agent-Auto-Assign-Public-IP-1024x443.png 1024w, https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Agent-Auto-Assign-Public-IP-768x332.png 768w\" sizes=\"auto, (max-width: 418px) 100vw, 418px\" \/><\/a><\/li>\n<\/ul>\n<h3>Step 4. \u00a0Creating RouteTable that can send traffic to NAT Gateway via RouteTable<\/h3>\n<p>The default RouteTable allows our NAT to communicate with an internet gateway for external traffic and defines a local route for internal traffic. \u00a0Let&#8217;s take a look at the Default Route Table.<\/p>\n<ul>\n<li>Go to subnets &#8211;\u00a0https:\/\/console.aws.amazon.com\/vpc\/home?region=us-east-1#subnets:<\/li>\n<li>Select the Subnet we just created<\/li>\n<li>Click the &#8220;Route Table&#8221; tab\n<ul>\n<li>172.30.0.0\/16 routes internal traffic<\/li>\n<li>0.0.0.0\/0 routes all other traffic to an internet gateway<\/li>\n<\/ul>\n<\/li>\n<li><a href=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Default-Route-Table.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-1585\" src=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Default-Route-Table.png\" alt=\"Default Route Table\" width=\"484\" height=\"186\" srcset=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Default-Route-Table.png 559w, https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Default-Route-Table-300x115.png 300w\" sizes=\"auto, (max-width: 484px) 100vw, 484px\" \/><\/a><\/li>\n<\/ul>\n<p>We need a RouteTable which will direct external traffic to our NAT Gateway<\/p>\n<p><a href=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Internal-Traffic-Flow.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-1586\" src=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Internal-Traffic-Flow.png\" alt=\"Internal Traffic Flow\" width=\"445\" height=\"247\" srcset=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Internal-Traffic-Flow.png 550w, https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Internal-Traffic-Flow-300x166.png 300w\" sizes=\"auto, (max-width: 445px) 100vw, 445px\" \/><\/a><\/p>\n<p><strong>Step a &#8211;<\/strong> Navigate to routes:\u00a0https:\/\/console.aws.amazon.com\/vpc\/home?region=us-east-1#routetables:<\/p>\n<p><strong>Step b &#8211;<\/strong> Create the Route and select your VPC<\/p>\n<ul>\n<li><a href=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Create-Routes-Load-Agent.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-1587\" src=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Create-Routes-Load-Agent.png\" alt=\"Create Routes Load Agent\" width=\"442\" height=\"177\" srcset=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Create-Routes-Load-Agent.png 1168w, https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Create-Routes-Load-Agent-300x120.png 300w, https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Create-Routes-Load-Agent-1024x410.png 1024w, https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Create-Routes-Load-Agent-768x308.png 768w\" sizes=\"auto, (max-width: 442px) 100vw, 442px\" \/><\/a><\/li>\n<\/ul>\n<p><strong>Step c &#8211;<\/strong> Modify the route table which\u00a0you will likely want two\u00a0routes<\/p>\n<ul>\n<li>Keep Local Traffic Local<\/li>\n<li>Everything else (or specific) sends to the NAT (to go external)\n<ul>\n<li>Specify 0.0.0.0\/0 and select your NAT as the target<\/li>\n<li>If you want just to configure for RedLine13.com, it would be:\n<ul>\n<li><span style=\"line-height: 1.5;\">52.21.10.74\/32 as the destination and NAT as the target<\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li><a href=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Screen-Shot-2016-02-21-at-3.37.15-PM.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-1589\" src=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Screen-Shot-2016-02-21-at-3.37.15-PM.png\" alt=\"Screen Shot 2016-02-21 at 3.37.15 PM\" width=\"467\" height=\"190\" srcset=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Screen-Shot-2016-02-21-at-3.37.15-PM.png 679w, https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Screen-Shot-2016-02-21-at-3.37.15-PM-300x122.png 300w\" sizes=\"auto, (max-width: 467px) 100vw, 467px\" \/><\/a><\/li>\n<\/ul>\n<h3>Step 5. \u00a0Modify Agent Subnet to use the RouteTable from above<\/h3>\n<p>With this step, we are establishing traffic patterns for the Agent Subnet.<\/p>\n<ul>\n<li>Go back to your Agent Subnet<\/li>\n<li>Select Route Table tab<\/li>\n<li>Click Edit<\/li>\n<li>Select the new route table we created<\/li>\n<li><a href=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Subnet-select-routetable.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-1590\" src=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Subnet-select-routetable.png\" alt=\"Subnet select routetable\" width=\"470\" height=\"225\" srcset=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Subnet-select-routetable.png 1338w, https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Subnet-select-routetable-300x143.png 300w, https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Subnet-select-routetable-1024x490.png 1024w, https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Subnet-select-routetable-768x367.png 768w\" sizes=\"auto, (max-width: 470px) 100vw, 470px\" \/><\/a><\/li>\n<\/ul>\n<h3>Step 6. Internal ELB\u00a0needs to allow traffic from our Agent Subnet<\/h3>\n<p>Many steps ago we needed to learn about our Application ELB and its security group. \u00a0We still need to make sure our Application ELB accepts traffic from our new subnet.<\/p>\n<ul>\n<li>Navigate to ELBs:\u00a0https:\/\/console.aws.amazon.com\/ec2\/v2\/home?region=us-east-1#LoadBalancers:<\/li>\n<li>Select your internal ELB<\/li>\n<li>Select the Security Tab<\/li>\n<li>Select the Security Group<\/li>\n<li>Select the Inbound Tab<\/li>\n<li>Click Edit<\/li>\n<li>Add a Route\n<ul>\n<li>Option 1: You can add everything in your subnet &#8211; i.e.,\u00a0172.30.0.0\/16<\/li>\n<li>Option 2: Just add the specific traffic from the specific subnet &#8211;\u00a0172.30.2.0\/24<\/li>\n<li>Option 3:\u00a0Not covered here, but you could also allow instances with another security group.<\/li>\n<\/ul>\n<\/li>\n<li>This example shows options 1 and 2, though 172.30.0\/16 encompasses\u00a0172.30.2.0\/24\n<ul>\n<li><a href=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Security-Group-Update-for-Internal-ELB.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-1591\" src=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Security-Group-Update-for-Internal-ELB.png\" alt=\"Security Group Update for Internal ELB\" width=\"600\" height=\"117\" srcset=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Security-Group-Update-for-Internal-ELB.png 1260w, https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Security-Group-Update-for-Internal-ELB-300x59.png 300w, https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Security-Group-Update-for-Internal-ELB-1024x200.png 1024w, https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Security-Group-Update-for-Internal-ELB-768x150.png 768w\" sizes=\"auto, (max-width: 600px) 100vw, 600px\" \/><\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>Step 7. Create Limited Agent\u00a0Security Group<\/p>\n<ul>\n<li>We can prepare for ourselves a\u00a0Security group with NO inbound privileges.<\/li>\n<li>Navigate to Security Groups :\u00a0https:\/\/console.aws.amazon.com\/ec2\/v2\/home?region=us-east-1#SecurityGroups:sort=vpcId<\/li>\n<li>Click Create<\/li>\n<li>Remove Any\u00a0InBound Rules if provided<\/li>\n<li>Select proper VPC<\/li>\n<li>Save.<\/li>\n<li><a href=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Security-Group-No-Inbound.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-1602\" src=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Security-Group-No-Inbound.png\" alt=\"Security Group No Inbound\" width=\"888\" height=\"332\" srcset=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Security-Group-No-Inbound.png 888w, https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Security-Group-No-Inbound-300x112.png 300w, https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Security-Group-No-Inbound-768x287.png 768w\" sizes=\"auto, (max-width: 888px) 100vw, 888px\" \/><\/a><\/li>\n<\/ul>\n<hr \/>\n<h2>What does our Network Look like?<\/h2>\n<p>At this point, we\u00a0are in our optimal setup which keeps us secure, with internal traffic safe from an external source, but allowing agents to talk internally or externally.<\/p>\n<ul>\n<li>Our Internal\u00a0ELB Security Group was updated to allow traffic from Agents<\/li>\n<li>Agents are created in a\u00a0Private Subnet with no public IP<\/li>\n<li>NAT can send external traffic out; internal traffic will keep internal IP<\/li>\n<li>External service has no internal access other than expected HTTP traffic<\/li>\n<\/ul>\n<p><a href=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Working-Arch.png\"><img loading=\"lazy\" decoding=\"async\" class=\" wp-image-1592 aligncenter\" src=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Working-Arch.png\" alt=\"Working Arch\" width=\"598\" height=\"418\" srcset=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Working-Arch.png 830w, https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Working-Arch-300x210.png 300w, https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Working-Arch-768x537.png 768w\" sizes=\"auto, (max-width: 598px) 100vw, 598px\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n<table style=\"width: 100%;\">\n<tbody>\n<tr>\n<th style=\"width: 100%; color: white; text-align: center; background-color: #c40000;\">Need help to build testing architecture, get in touch with us info@redline13.com or <a href=\"https:\/\/redline13.com\/Service\">start a subscription<\/a>.<\/th>\n<\/tr>\n<\/tbody>\n<\/table>\n<hr \/>\n<h2>How to test this environment?<\/h2>\n<p>We will need to spin up an instance in our &#8216;Subnet for Agents&#8217; and determine if it can talk externally and internally. \u00a0As well, we want to examine the internal route to make sure we are not going external. Here is a diagram of how we will diagnose our environment<\/p>\n<p><a href=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Testing-NAT-enviornment.png\"><img loading=\"lazy\" decoding=\"async\" class=\" wp-image-1598 aligncenter\" src=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Testing-NAT-enviornment.png\" alt=\"Testing NAT enviornment\" width=\"603\" height=\"393\" srcset=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Testing-NAT-enviornment.png 775w, https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Testing-NAT-enviornment-300x195.png 300w, https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Testing-NAT-enviornment-768x500.png 768w\" sizes=\"auto, (max-width: 603px) 100vw, 603px\" \/><\/a><\/p>\n<h3>1 &#8211; Spin up an instance (t2.micro is fine) in Agent Subnet<\/h3>\n<p>We walk through the EC2 Instance creation using standard Amazon Linux AMI with instance type t2.micro.<\/p>\n<ul>\n<li>In &#8220;Step 3 Configure Instance Details&#8221;, make sure to select the proper VPC\/subnet.<\/li>\n<li><span style=\"line-height: 1.5;\">In &#8220;Step 5 Tag Instance&#8221;, we called ours Agent Test<\/span><\/li>\n<li>In &#8220;Step 6 Security Group&#8221;, we created a new Security group for our test which allows SSH in from anywhere. \u00a0Though with the rules of this subnet only internal access is available.\n<ul>\n<li><a href=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Security-Group-for-SSH.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-1601\" src=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Security-Group-for-SSH.png\" alt=\"Security Group for SSH\" width=\"451\" height=\"121\" srcset=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Security-Group-for-SSH.png 600w, https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Security-Group-for-SSH-300x81.png 300w\" sizes=\"auto, (max-width: 451px) 100vw, 451px\" \/><\/a><\/li>\n<\/ul>\n<\/li>\n<li>Creating KeyPair &#8211; you will need to SSH to this instance to test it. \u00a0Pick the\u00a0key pair you will be able to access to SSH to the box.<\/li>\n<\/ul>\n<h3>2 &#8211;\u00a0You need a Jump Box<\/h3>\n<p>Our &#8216;Test Agent&#8217; is on a private subnet with no public IP address. \u00a0You can not access this box from the outside world, so you must &#8220;jump&#8221; from another machine &#8211; called a jump box. \u00a0 More than likely, you have one already; it would be a public AWS instance you normally SSH into. \u00a0Assuming this is in the same VPC, you will be good to go. \u00a0 If not, you will need to create another instance on your public subnet. You can use the same subnet\u00a0you used to create the NAT Gateway.<\/p>\n<p>Once again, create a t2.micro instance, but this time, put it in the NAT subnet and\u00a0make sure we get a public IP.<\/p>\n<ul>\n<li>In &#8220;Step 3 Configure Instance Details&#8221;, make sure to select the proper VPC\/subnet.\n<ul>\n<li><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-1600\" src=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/EC2-For-JumpBox-on-public.png\" alt=\"EC2 For JumpBox on public\" width=\"447\" height=\"204\" srcset=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/EC2-For-JumpBox-on-public.png 1563w, https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/EC2-For-JumpBox-on-public-300x137.png 300w, https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/EC2-For-JumpBox-on-public-1024x467.png 1024w, https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/EC2-For-JumpBox-on-public-768x350.png 768w, https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/EC2-For-JumpBox-on-public-1536x701.png 1536w\" sizes=\"auto, (max-width: 447px) 100vw, 447px\" \/><\/li>\n<\/ul>\n<\/li>\n<li>In &#8220;Step 5 Tag Instance&#8221;, we called ours Agent Test<\/li>\n<li>In &#8220;Step 6 Security Group&#8221;, we can choose the security group from before as it allows SSH access\n<ul>\n<li><a href=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Select-Security-Group-for-JumpBox1.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-1604\" src=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Select-Security-Group-for-JumpBox1.png\" alt=\"Select Security Group for JumpBox\" width=\"452\" height=\"159\" srcset=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Select-Security-Group-for-JumpBox1.png 600w, https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Select-Security-Group-for-JumpBox1-300x106.png 300w\" sizes=\"auto, (max-width: 452px) 100vw, 452px\" \/><\/a><\/li>\n<\/ul>\n<\/li>\n<li>Creating KeyPair &#8211; you will need to SSH into this instance to test it. \u00a0Pick the\u00a0key pair you will be able to access to SSH to the box.<\/li>\n<\/ul>\n<h3>3 &#8211;\u00a0Prep for running through steps<\/h3>\n<p>Get the following information ready<\/p>\n<p>NAT\u00a0Gateway Private IP: __________ \u00a0[172.30.1.151]<\/p>\n<p>Jump Box External IP : __________ \u00a0 [52.90.XX.XXX]<\/p>\n<p>TestAgent Internal IP : __________ \u00a0 [172.30.2.75]<\/p>\n<p>Internal ELB URL : ____________ \u00a0 \u00a0[http:\/\/internal-InternalLB-808343934.us-east-1.elb.amazonaws.com]<\/p>\n<p>External URL : _______________ \u00a0 \u00a0https:\/\/www.redline13.com\/Service<\/p>\n<h3>4 &#8211; Testing our setup<\/h3>\n<p>We need to enable port forwarding on our key (for linux, windows, mac directions see\u00a0http:\/\/docs.aws.amazon.com\/AmazonVPC\/latest\/UserGuide\/vpc-nat-gateway.html#ssh-forwarding-linux).<\/p>\n<p>Note: This test is from OSX<\/p>\n<h4>4a &#8211; Get to the test agent<\/h4>\n<p>ssh-add -K\u00a0[KEY_FILE]<\/p>\n<p>ssh -A [-iKEY_FILE] ec2-user@[JumpBoxIP]<\/p>\n<ul>\n<li>The -A parameter is used for key-forwarding<\/li>\n<li><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-1605\" src=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/SSH-into-JumpBox-with-Forwarding.png\" alt=\"SSH into JumpBox with Forwarding\" width=\"450\" height=\"106\" srcset=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/SSH-into-JumpBox-with-Forwarding.png 450w, https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/SSH-into-JumpBox-with-Forwarding-300x71.png 300w\" sizes=\"auto, (max-width: 450px) 100vw, 450px\" \/><\/li>\n<\/ul>\n<p>Now from our JumpBox, we should be able to SSH into our test agent, which only has an internal IP<\/p>\n<ul>\n<li>If you did not use key forwarding in initial SSH, you might need to copy\u00a0your SSH public key to\u00a0the jump box.<\/li>\n<\/ul>\n<p>ssh ec2-user@[TestAgentInternalIP]<\/p>\n<ul>\n<li><a href=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/SSH-Into-TestAgent.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-1606\" src=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/SSH-Into-TestAgent.png\" alt=\"SSH Into TestAgent\" width=\"450\" height=\"129\" srcset=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/SSH-Into-TestAgent.png 450w, https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/SSH-Into-TestAgent-300x86.png 300w\" sizes=\"auto, (max-width: 450px) 100vw, 450px\" \/><\/a><\/li>\n<\/ul>\n<p>You are now on your internal machine!<\/p>\n<h4>4b.\u00a0Confirm Test Agent can reach external endpoints<\/h4>\n<p>Can we access redline13.com (or another external URL) and is it\u00a0going through our NAT gateway?<\/p>\n<p>sudo traceroute -T www.redline13.com<\/p>\n<p><a href=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/testagent-traceroute-to-redline.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-1607\" src=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/testagent-traceroute-to-redline.png\" alt=\"testagent traceroute to redline\" width=\"600\" height=\"85\" srcset=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/testagent-traceroute-to-redline.png 600w, https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/testagent-traceroute-to-redline-300x43.png 300w\" sizes=\"auto, (max-width: 600px) 100vw, 600px\" \/><\/a><\/p>\n<ul>\n<li>Your first hop should be to your NAT Gateway IP<\/li>\n<li>And you should end up at\u00a052.21.10.74 (RedLine13 runs on Amazon)<\/li>\n<\/ul>\n<p>You can also confirm using CURL to get back a response<\/p>\n<p>curl -v https:\/\/www.redline13.com\/Service<\/p>\n<p><a href=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/testagent-curl-to-redline.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-1608\" src=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/testagent-curl-to-redline.png\" alt=\"testagent curl to redline\" width=\"600\" height=\"95\" srcset=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/testagent-curl-to-redline.png 600w, https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/testagent-curl-to-redline-300x48.png 300w\" sizes=\"auto, (max-width: 600px) 100vw, 600px\" \/><\/a><\/p>\n<h4>4c. Confirm\u00a0Test Agent can reach our internal application endpoints<\/h4>\n<p class=\"p1\"><span class=\"s1\">sudo traceroute -T internal-InternalLB-808343934.us-east-1.elb.amazonaws.com<\/span><\/p>\n<ul>\n<li class=\"p1\">Your only hop should be the internal load balancer IP\n<ul>\n<li class=\"p1\">The ELB is a dead stop of this TCP traffic<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><a href=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/testagent-traceroute-to-internallb.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-1609\" src=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/testagent-traceroute-to-internallb.png\" alt=\"testagent traceroute to internallb\" width=\"600\" height=\"69\" srcset=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/testagent-traceroute-to-internallb.png 600w, https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/testagent-traceroute-to-internallb-300x35.png 300w\" sizes=\"auto, (max-width: 600px) 100vw, 600px\" \/><\/a><\/p>\n<p class=\"p1\"><span class=\"s1\">curl \u00a0-v http:\/\/internal-InternalLB-808343934.us-east-1.elb.amazonaws.com\/index.html<\/span><\/p>\n<ul>\n<li class=\"p1\">The content output will be specific to your application; this is just serving a static page with name agent# so we can see different servers.<\/li>\n<\/ul>\n<p><a href=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/testagent-curl-to-internallb.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-1610\" src=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/testagent-curl-to-internallb.png\" alt=\"testagent curl to internallb\" width=\"600\" height=\"152\" srcset=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/testagent-curl-to-internallb.png 600w, https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/testagent-curl-to-internallb-300x76.png 300w\" sizes=\"auto, (max-width: 600px) 100vw, 600px\" \/><\/a><\/p>\n<table style=\"width: 100%;\">\n<tbody>\n<tr>\n<th style=\"width: 100%; color: white; text-align: center; background-color: #c40000;\">Need to help to build testing architecture, get in touch with us info@redline13.com or <a href=\"https:\/\/redline13.com\/Service\">start a subscription<\/a>.<\/th>\n<\/tr>\n<\/tbody>\n<\/table>\n<hr \/>\n<h2>Running Load Test from RedLine13<\/h2>\n<h3>1. CheckList<\/h3>\n<p>Internal ELB URL : ______________ \u00a0 \u00a0[http:\/\/internal-InternalLB-808343934.us-east-1.elb.amazonaws.com]<\/p>\n<p>Subnet for Agents : ______________ \u00a0 \u00a0[subnet-088f974e Subnet for Agents]<\/p>\n<p>Security Group for Agents : ________ \u00a0 \u00a0 [sg-1b37e263 Only for Agents]<\/p>\n<h3>2. Create Test<\/h3>\n<p>We can use the RedLine13 Simple Test to validate that all works, after which you can continue with Apache JMeter or Gatling<\/p>\n<p>a. Specify the URL for the internal ELB<\/p>\n<p>b. Expand the Advanced Cloud Options<\/p>\n<ul>\n<li>Enter Subnet<\/li>\n<li>Enter Security group<\/li>\n<li>Uncheck &#8211; &#8220;associate a public IP address.&#8221;<\/li>\n<\/ul>\n<p><a href=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/RL13-Load-Agent-Data.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-1613\" src=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/RL13-Test-URL.png\" alt=\"RL13 Test URL\" width=\"591\" height=\"138\" srcset=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/RL13-Test-URL.png 600w, https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/RL13-Test-URL-300x70.png 300w\" sizes=\"auto, (max-width: 591px) 100vw, 591px\" \/><\/a><\/p>\n<p><a href=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/RL13-Load-Agent-Data.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-1612\" src=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/RL13-Load-Agent-Data.png\" alt=\"RL13 Load Agent Data\" width=\"600\" height=\"402\" srcset=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/RL13-Load-Agent-Data.png 600w, https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/RL13-Load-Agent-Data-300x201.png 300w\" sizes=\"auto, (max-width: 600px) 100vw, 600px\" \/><\/a><\/p>\n<p>c. Start Test and See Results<\/p>\n<ul>\n<li>It looks like our t1.micro instance had an issue in the middle of the test.<\/li>\n<\/ul>\n<p><a href=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/RL-13-Results.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-1614\" src=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/RL-13-Results.png\" alt=\"RL 13 Results\" width=\"986\" height=\"815\" srcset=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/RL-13-Results.png 986w, https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/RL-13-Results-300x248.png 300w, https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/RL-13-Results-768x635.png 768w\" sizes=\"auto, (max-width: 986px) 100vw, 986px\" \/><\/a><\/p>\n<table style=\"width: 100%;\">\n<tbody>\n<tr>\n<th style=\"width: 100%; color: white; text-align: center; background-color: #c40000;\">Need help to build your testing architecture, get in touch. info@redline13.com or <a href=\"https:\/\/redline13.com\/Service\">start a subscription<\/a>.<\/th>\n<\/tr>\n<\/tbody>\n<\/table>\n<hr \/>\n<h2>Our Final Architecture and Final Word<\/h2>\n<p>The article encapsulates\u00a0a complete tutorial for running load testing agents that adhere to your security policies and allows testing of internal applications.<\/p>\n<ul>\n<li>If you made it this far and were not a network engineer, Congrats!<\/li>\n<li>If you made it this far and had easier ways to solve this, let us know.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>AWS has made networking configuration many times\u00a0simpler over managing your hardware. Anyone now has the power to create a network, but with such power comes a lot of mistakes. \u00a0One of the challenges comes with load testing internal applications hosted on AWS. This article is a general guide which could help anyone testing internal applications. In the end, we demonstrate launching a RedLine13 load test within AWS private subnet communicating externally through an NAT gateway. Note:<a class=\"more-link\" href=\"https:\/\/www.redline13.com\/blog\/2016\/02\/load-testing-with-private-subnets-and-nat-gateways\/\">Read More &rarr;<\/a><\/p>\n","protected":false},"author":1,"featured_media":1569,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6,2],"tags":[88,273,318,356],"class_list":{"0":"entry","1":"post","2":"publish","3":"author-user","4":"post-1553","6":"format-standard","7":"has-post-thumbnail","8":"category-aws-faq","9":"category-blog","10":"post_tag-aws","11":"post_tag-internal-elb","12":"post_tag-load-testing","13":"post_tag-nat-gateway"},"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.12 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Load Testing with private subnets and NAT - RedLine13<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.redline13.com\/blog\/2016\/02\/load-testing-with-private-subnets-and-nat-gateways\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Load Testing with private subnets and NAT - RedLine13\" \/>\n<meta property=\"og:description\" content=\"AWS has made networking configuration many times\u00a0simpler over managing your hardware. Anyone now has the power to create a network, but with such power comes a lot of mistakes. \u00a0One of the challenges comes with load testing internal applications hosted on AWS. This article is a general guide which could help anyone testing internal applications. In the end, we demonstrate launching a RedLine13 load test within AWS private subnet communicating externally through an NAT gateway. Note:Read More &rarr;\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.redline13.com\/blog\/2016\/02\/load-testing-with-private-subnets-and-nat-gateways\/\" \/>\n<meta property=\"og:site_name\" content=\"RedLine13\" \/>\n<meta property=\"article:published_time\" content=\"2016-02-21T22:31:21+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Goal-Architecture.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1474\" \/>\n\t<meta property=\"og:image:height\" content=\"1094\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"RedLine13\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"RedLine13\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"14 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.redline13.com\/blog\/2016\/02\/load-testing-with-private-subnets-and-nat-gateways\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.redline13.com\/blog\/2016\/02\/load-testing-with-private-subnets-and-nat-gateways\/\"},\"author\":{\"name\":\"RedLine13\",\"@id\":\"https:\/\/www.redline13.com\/blog\/#\/schema\/person\/4acbcdcb8a9c72ec5a274e69c0ebea28\"},\"headline\":\"Load Testing with private subnets and NAT\",\"datePublished\":\"2016-02-21T22:31:21+00:00\",\"dateModified\":\"2016-02-21T22:31:21+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.redline13.com\/blog\/2016\/02\/load-testing-with-private-subnets-and-nat-gateways\/\"},\"wordCount\":2810,\"publisher\":{\"@id\":\"https:\/\/www.redline13.com\/blog\/#organization\"},\"keywords\":[\"AWS\",\"Internal ELB\",\"Load Testing\",\"NAT Gateway\"],\"articleSection\":[\"AWS FAQ\",\"Blog\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.redline13.com\/blog\/2016\/02\/load-testing-with-private-subnets-and-nat-gateways\/\",\"url\":\"https:\/\/www.redline13.com\/blog\/2016\/02\/load-testing-with-private-subnets-and-nat-gateways\/\",\"name\":\"Load Testing with private subnets and NAT - RedLine13\",\"isPartOf\":{\"@id\":\"https:\/\/www.redline13.com\/blog\/#website\"},\"datePublished\":\"2016-02-21T22:31:21+00:00\",\"dateModified\":\"2016-02-21T22:31:21+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.redline13.com\/blog\/2016\/02\/load-testing-with-private-subnets-and-nat-gateways\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.redline13.com\/blog\/2016\/02\/load-testing-with-private-subnets-and-nat-gateways\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.redline13.com\/blog\/2016\/02\/load-testing-with-private-subnets-and-nat-gateways\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.redline13.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Load Testing with private subnets and NAT\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.redline13.com\/blog\/#website\",\"url\":\"https:\/\/www.redline13.com\/blog\/\",\"name\":\"RedLine13\",\"description\":\"(Almost) Free Load Testing in the Cloud\",\"publisher\":{\"@id\":\"https:\/\/www.redline13.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.redline13.com\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.redline13.com\/blog\/#organization\",\"name\":\"RedLine13\",\"url\":\"https:\/\/www.redline13.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.redline13.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2013\/06\/cropped-rl13-header-logo.jpg\",\"contentUrl\":\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2013\/06\/cropped-rl13-header-logo.jpg\",\"width\":300,\"height\":68,\"caption\":\"RedLine13\"},\"image\":{\"@id\":\"https:\/\/www.redline13.com\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.redline13.com\/blog\/#\/schema\/person\/4acbcdcb8a9c72ec5a274e69c0ebea28\",\"name\":\"RedLine13\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.redline13.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/b4c9a289323b21a01c3e940f150eb9b8c542587f1abfd8f0e1cc1ffc5e475514?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/b4c9a289323b21a01c3e940f150eb9b8c542587f1abfd8f0e1cc1ffc5e475514?s=96&d=mm&r=g\",\"caption\":\"RedLine13\"},\"sameAs\":[\"http:\/\/127.0.0.1\"],\"url\":\"https:\/\/www.redline13.com\/blog\/author\/user\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Load Testing with private subnets and NAT - RedLine13","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.redline13.com\/blog\/2016\/02\/load-testing-with-private-subnets-and-nat-gateways\/","og_locale":"en_US","og_type":"article","og_title":"Load Testing with private subnets and NAT - RedLine13","og_description":"AWS has made networking configuration many times\u00a0simpler over managing your hardware. Anyone now has the power to create a network, but with such power comes a lot of mistakes. \u00a0One of the challenges comes with load testing internal applications hosted on AWS. This article is a general guide which could help anyone testing internal applications. In the end, we demonstrate launching a RedLine13 load test within AWS private subnet communicating externally through an NAT gateway. Note:Read More &rarr;","og_url":"https:\/\/www.redline13.com\/blog\/2016\/02\/load-testing-with-private-subnets-and-nat-gateways\/","og_site_name":"RedLine13","article_published_time":"2016-02-21T22:31:21+00:00","og_image":[{"width":1474,"height":1094,"url":"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/02\/Goal-Architecture.png","type":"image\/png"}],"author":"RedLine13","twitter_card":"summary_large_image","twitter_misc":{"Written by":"RedLine13","Est. reading time":"14 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.redline13.com\/blog\/2016\/02\/load-testing-with-private-subnets-and-nat-gateways\/#article","isPartOf":{"@id":"https:\/\/www.redline13.com\/blog\/2016\/02\/load-testing-with-private-subnets-and-nat-gateways\/"},"author":{"name":"RedLine13","@id":"https:\/\/www.redline13.com\/blog\/#\/schema\/person\/4acbcdcb8a9c72ec5a274e69c0ebea28"},"headline":"Load Testing with private subnets and NAT","datePublished":"2016-02-21T22:31:21+00:00","dateModified":"2016-02-21T22:31:21+00:00","mainEntityOfPage":{"@id":"https:\/\/www.redline13.com\/blog\/2016\/02\/load-testing-with-private-subnets-and-nat-gateways\/"},"wordCount":2810,"publisher":{"@id":"https:\/\/www.redline13.com\/blog\/#organization"},"keywords":["AWS","Internal ELB","Load Testing","NAT Gateway"],"articleSection":["AWS FAQ","Blog"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.redline13.com\/blog\/2016\/02\/load-testing-with-private-subnets-and-nat-gateways\/","url":"https:\/\/www.redline13.com\/blog\/2016\/02\/load-testing-with-private-subnets-and-nat-gateways\/","name":"Load Testing with private subnets and NAT - RedLine13","isPartOf":{"@id":"https:\/\/www.redline13.com\/blog\/#website"},"datePublished":"2016-02-21T22:31:21+00:00","dateModified":"2016-02-21T22:31:21+00:00","breadcrumb":{"@id":"https:\/\/www.redline13.com\/blog\/2016\/02\/load-testing-with-private-subnets-and-nat-gateways\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.redline13.com\/blog\/2016\/02\/load-testing-with-private-subnets-and-nat-gateways\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.redline13.com\/blog\/2016\/02\/load-testing-with-private-subnets-and-nat-gateways\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.redline13.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Load Testing with private subnets and NAT"}]},{"@type":"WebSite","@id":"https:\/\/www.redline13.com\/blog\/#website","url":"https:\/\/www.redline13.com\/blog\/","name":"RedLine13","description":"(Almost) Free Load Testing in the Cloud","publisher":{"@id":"https:\/\/www.redline13.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.redline13.com\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.redline13.com\/blog\/#organization","name":"RedLine13","url":"https:\/\/www.redline13.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.redline13.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2013\/06\/cropped-rl13-header-logo.jpg","contentUrl":"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2013\/06\/cropped-rl13-header-logo.jpg","width":300,"height":68,"caption":"RedLine13"},"image":{"@id":"https:\/\/www.redline13.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.redline13.com\/blog\/#\/schema\/person\/4acbcdcb8a9c72ec5a274e69c0ebea28","name":"RedLine13","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.redline13.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/b4c9a289323b21a01c3e940f150eb9b8c542587f1abfd8f0e1cc1ffc5e475514?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/b4c9a289323b21a01c3e940f150eb9b8c542587f1abfd8f0e1cc1ffc5e475514?s=96&d=mm&r=g","caption":"RedLine13"},"sameAs":["http:\/\/127.0.0.1"],"url":"https:\/\/www.redline13.com\/blog\/author\/user\/"}]}},"_links":{"self":[{"href":"https:\/\/www.redline13.com\/blog\/wp-json\/wp\/v2\/posts\/1553","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.redline13.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.redline13.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.redline13.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.redline13.com\/blog\/wp-json\/wp\/v2\/comments?post=1553"}],"version-history":[{"count":0,"href":"https:\/\/www.redline13.com\/blog\/wp-json\/wp\/v2\/posts\/1553\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.redline13.com\/blog\/wp-json\/wp\/v2\/media\/1569"}],"wp:attachment":[{"href":"https:\/\/www.redline13.com\/blog\/wp-json\/wp\/v2\/media?parent=1553"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.redline13.com\/blog\/wp-json\/wp\/v2\/categories?post=1553"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.redline13.com\/blog\/wp-json\/wp\/v2\/tags?post=1553"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}