You can assign one or more secondary private IP addresses to a primary or secondary elastic network interface (ENI) to optimize the usage of Elastic Compute Service (ECS) instances within virtual private clouds (VPCs) and divert traffic during a failover.

Prerequisites

When you assign secondary private IP addresses to a primary ENI, the instance to which the primary ENI is attached is in the Running (Running) or Stopped (Stopped) state.

Background information

Secondary private IP addresses are suitable for the following scenarios:
  • Scenario where multiple applications are involved

    If your instance hosts multiple applications, you can assign multiple secondary private IP addresses to the corresponding ENIs so that each application can use a separate IP address for outbound connections. This optimizes the usage of the instance.

  • Failover

    If an instance fails, you can unbind ENIs from the instance and bind the ENIs to another instance to divert traffic to that instance. This can ensure service continuity.

When you assign secondary private IP addresses, take note of the following limits:
  • For the maximum number of private IP addresses that can be contained in a security group of the VPC type, see the "Security group limits" section of the Limits topic.
  • The maximum number of private IP addresses that can be assigned to an ENI varies based on the state of the ENI.
    • If an ENI is in the Available state, up to 10 private IP addresses can be assigned to the ENI.
    • If an ENI is in the Bound state, the maximum number of private IP addresses that can be assigned to the ENI is subject to the instance type of the corresponding instance. For more information, see Instance families.

Procedure

This section applies to both primary and secondary ENIs.

  1. In the ECS console, assign secondary private IP addresses to an ENI. For more information, see the Assign secondary private IP addresses on the Network Interfaces page or Assign secondary private IP addresses on the Instances page section of this topic.
  2. In the instance to which the ENI is attached, configure the assigned secondary private IP addresses.
    Note Before you assign and configure secondary private IP addresses for a secondary ENI, make sure that the ENI has been attached to an instance. For more information about how to bind an ENI to an instance, see Bind an ENI.

Assign secondary private IP addresses on the Network Interfaces page

  1. Log on to the ECS console.
  2. In the left-side navigation pane, choose Network & Security > ENIs.
  3. In the top navigation bar, select a region.
  4. On the Network Interfaces page, find the ENI to which you want to assign secondary private IP addresses and click Manage Secondary Private IP Address in the Actions column.
  5. In the Manage Secondary Private IP Address dialog box, click Assign New IP.
    • To have IP addresses automatically assigned, accept the default Auto-assign value. Then, the system randomly assigns IP addresses from the private CIDR blocks in the IPv4 Private CIDR Block and IPv6 Private CIDR Block values.
    • To manually assign IP addresses, enter specific IP addresses from the private CIDR blocks in the IPv4 Private CIDR Block and IPv6 Private CIDR Block values.
    Note After a private IP address is assigned, you can click Assign New IP again to assign another private IP address.
    enipage-moreprivateip
  6. Click OK.
    Note After you have secondary private IP addresses automatically assigned to an ENI, click Manage Secondary Private IP Address in the Actions column corresponding to the ENI to view the assigned secondary private IP addresses.

Assign secondary private IP addresses on the Instances page

When you assign secondary private IP addresses for an instance on the Instances page of the ECS console, the IP addresses are assigned to the primary ENI of the instance.

  1. Log on to the ECS console.
  2. In the left-side navigation pane, choose Instances & Images > Instances.
  3. In the top navigation bar, select a region.
  4. On the Instances page, choose More > Network and Security Group > Manage Secondary Private IP Address in the Actions column corresponding to an instance.
  5. In the Manage Secondary Private IP Address dialog box, click Assign New IP.
    • To have IP addresses automatically assigned, accept the default Auto-assign value. Then, the system randomly assigns IP addresses from the private CIDR blocks in the IPv4 Private CIDR Block and IPv6 Private CIDR Block values.
    • To manually assign IP addresses, enter specific IP addresses from the private CIDR blocks in the IPv4 Private CIDR Block and IPv6 Private CIDR Block values.
    Note After a private IP address is assigned, you can click Assign New IP again to assign another private IP address.
    private-ip
  6. Click OK.
    Note After you have secondary private IP addresses automatically assigned to an ENI, click Manage Secondary Private IP Address in the Actions column corresponding to the ENI to view the assigned secondary private IP addresses.

Configure secondary private IPv4 addresses in a Windows instance

  1. Connect to an ECS instance.
    For more information about connection methods, see Connection methods.
  2. Query the subnet mask and default gateway of the instance.
    1. Open Command Prompt or Windows PowerShell.
    2. Run the ipconfig command to query the subnet mask and default gateway of the instance.
      PS C:\Users\Administrator> ipconfig
      Windows IP Configuration
      Ethernet adapter Ethernet:
         Connection-specific DNS Suffix . . . . . . . :
         Link-local IPv6 Address . . . . . . . : fe80::6c64:1601:****:****
         IPv4 Address . . . . . . . . . . . . : 172.**.**.133
         Subnet Mask  . . . . . . . . . . . . : 255.255.**.**
         Default Gateway . . . . . . . . . . . . : 172.**.**.253
  3. Open Network and Sharing Center.
  4. Click Change adapter settings.
  5. Double-click the current network connection name and click Properties.
  6. Double-click Internet Protocol Version 4 (TCP/IPv4).
  7. Select Use the following IP address and click Advanced.
  8. In the Advanced TCP/IP Settings dialog box, set IP addresses.
    1. In the IP addresses section, click Add... and enter one of the assigned IP addresses in the IP address field and the obtained subnet mask in the Subnet mask field.

      You can add multiple IP addresses to the same adapter.

      Add IP addresses
    2. In the Default gateways section, click Add... and enter the obtained default gateway in the Default gateway field.
  9. Click OK.
Note

If a Windows instance cannot access the Internet after you configure secondary private IP addresses for the instance, troubleshoot the problem by following the instructions in After I configure a secondary private IP address for a Windows instance, the instance cannot connect to the Internet. Why?.

Configure secondary private IPv4 addresses in a Linux instance

In the following example, the eth0 primary ENI is used. If you are using a secondary ENI, modify the ENI ID.

  1. Connect to an ECS instance.
    For more information about connection methods, see Connection methods.
  2. Run the ipconfig command to query the subnet mask and default gateway of the instance.
    [root@ecs ~]# ifconfig
    eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
            inet 172.16.**.**  netmask 255.255.**.**  broadcast 172.16.**.**
            inet6 fe80::216:3eff:****:****  prefixlen 64  scopeid 0x20<link>
            ether 00:16:3e:0e:**:**  txqueuelen 1000  (Ethernet)
            RX packets 27146  bytes 39146111 (37.3 MiB)
            RX errors 0  dropped 0  overruns 0  frame 0
            TX packets 6038  bytes 509398 (497.4 KiB)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
    Note If the Linux distribution used by the instance does not support the ifconfig command, run the ip addr show command instead.
  3. Configure secondary private IP addresses based on the operating system of your instance.
    • Red Hat Enterprise Linux (RHEL) series: CentOS 6, CentOS 7, Red Hat 6, Red Hat 7, or Alibaba Cloud Linux 2
      1. Open the network configuration file.
        • To configure a single IP address, run the vi /etc/sysconfig/network-scripts/ifcfg-eth0:0 command to add the following configuration items:
          DEVICE=eth0:0
          TYPE=Ethernet
          BOOTPROTO=static
          ONBOOT=yes
          IPADDR=<IPv4 address 1>
          NETMASK=<IPv4 mask>
          GATEWAY=<IPv4 gateway>
        • To configure multiple IP addresses, run the vi /etc/sysconfig/network-scripts/ifcfg-eth0:1 command to add the following configuration items:
          DEVICE=eth0:1
          TYPE=Ethernet
          BOOTPROTO=static
          ONBOOT=yes
          IPADDR=<IPv4 address 2>
          NETMASK=<IPv4 mask>
          GATEWAY=<IPv4 gateway>
      2. Run the service network restart or systemctl restart network command to restart the network service.
    • Debian series: Ubuntu 14, Ubuntu 16, Debian 8, or Debian 9
      1. Run the vi /etc/network/interfaces command to open the network configuration file and add the following configuration items:
        auto eth0:0
        iface eth0:0 inet static
        address <IPv4 address 1>
        netmask <IPv4 mask>
        gateway <IPv4 gateway>
        
        auto eth0:1
        iface eth0:1 inet static
        address <IPv4 address 2>
        netmask <IPv4 mask>
        gateway <IPv4 gateway>
      2. Run the service networking restart or systemctl restart networking command to restart the network service.
    • SUSE Linux Enterprise Server (SLES) series: SUSE 11, SUSE 12, or openSUSE 42
      1. Run the vi /etc/sysconfig/network/ifcfg-eth0 command to open the network configuration file and add the following configuration items:
        IPADDR_0=<IPv4 address 1>
        NETMASK_0=<Subnet prefix length>
        LABEL_0='0'
        
        IPADDR_1 = <IPv4 address 2>
        NETMASK_1 = <Subnet prefix length>
        LABEL_1='1'
      2. Run the service network restart or systemctl restart network command to restart the network service.