You can assign one or more secondary private IP addresses to a primary or secondary Elastic Network Interface (ENI). This allows you to optimize the usage of ECS instances in VPCs and divert traffic during a failover.

Prerequisites

  • Your instance type must support assigning multiple secondary private IP addresses. For more information, see the Private IP address of a single ENI column corresponding to your instance type in Instance families.
  • If you assign a secondary private IP address to a primary ENI, the instance to which the primary ENI is attached must be in Running or Stopped state.

Background information

Secondary private IP addresses are suitable for the following scenarios:
  • Optimization of application usage

    If your ECS instance hosts multiple applications, you can assign multiple secondary private IP addresses to the corresponding ENI. This way, each application uses a separate IP address for services, which optimizes the usage of the ECS instance.

  • Optimization of failover

    If an instance fails, you can detach ENIs from the instance and attach the ENIs to another instance to divert traffic to that instance, enabling service continuity.

Take note of the following limits when you assign secondary private IP addresses:
  • Each security group of the VPC type can contain a maximum of 2,000 private IP addresses. This quota is shared among all primary and secondary ENIs in the security group.
  • You can assign a maximum of 20 private IP addresses to an ENI.
    • If the target ENI is in the Available state, you can assign up to 10 private IP addresses to the ENI.
    • If the target ENI is in the Bound state, the number of private IP addresses that can be assigned to the ENI is subject to the instance type.

Description

This section applies to both primary and secondary ENIs.

  1. In the ECS console, assign a secondary private IP address to an ENI. For more information, see Assign a secondary private IP address.
  2. Optional: If the ENI is a secondary ENI that is not attached to an ECS instance, attach the ENI to an instance and go to step 3. For more information, see Attach an ENI.
  3. In the instance, configure the assigned secondary private IP addresses.

Assign a secondary private IP address

  1. Log on to the ECS console.
  2. In the left-side navigation pane, choose Network & Security > ENI.
  3. In the top navigation bar, select a region.
  4. On the Network Interfaces page, find the target ENI, and then click Manage Secondary Private IP Address in the Actions column.
  5. In the Manage Secondary Private IP Address dialog box:
    • Method 1: Click Assign New IP. The system randomly assigns IPv4 addresses from the value of IPv4 Private CIDR Block. You can click Assign New IP multiple times if multiple secondary private IP addresses are needed.
    • Method 2: Manually enter secondary private IP addresses within the value of IPv4 Private CIDR Block.
    Enter secondary private IP addresses
  6. Click Modify.
  7. Optional: If you configured automatic assignment of secondary private IP addresses, click Manage Secondary Private IP Address in the Actions column corresponding to the ENI to view the assigned secondary private IP addresses. Then, you can configure the IP addresses for an ECS instance.
  8. Optional: If the ENI is a secondary ENI that is not attached to an ECS instance, attach the ENI to an instance and then configure secondary private IP addresses in the instance. For more information, see Attach an ENI.

Assign a secondary private IP address for a Windows instance

  1. Remotely connect to an ECS instance. For more information, see Overview.
  2. Open the Network and Sharing Center.
  3. Click Change adapter settings.
  4. Double-click the current network connection name, and then click Properties.
  5. Double-click Internet Protocol Version 4 (TCP/IPv4).
  6. Select Use the following IP address and then click Advanced.
  7. Click Add in the IP addresses section, set IP addresses to the assigned IP address, and configure Subnet Mask.

    You can add multiple IP addresses to the same adapter.

    Add an IP address
  8. Click OK.

Assign a secondary private IP address to a Linux instance

In the following example, the primary ENI eth0 is used. If you are using a secondary ENI, modify the ID of the ENI as needed.

  1. Remotely connect to an ECS instance. For more information, see Overview.
  2. Configure a secondary private IP address based on your operating system of the instance.
    • RHEL series: CentOS 6, CentOS 7, Red Hat 6, Red Hat 7, or Aliyun Linux 2
      1. Open the network configuration file.
        • Run the vi /etc/sysconfig/network-scripts/ifcfg-eth0:0 command to add the following configuration items:
          DEVICE=eth0:0
          TYPE=Ethernet
          BOOTPROTO=static
          ONBOOT=yes
          IPADDR = <IPv4 address 1>
          NETMASK = <IPv4 mask>
          GATEWAY = <IPv4 gateway>
        • If you assign multiple IP addresses, run the vi /etc/sysconfig/network-scripts/ifcfg-eth0:1 command to add the following configuration items:
          DEVICE=eth0:1
          TYPE=Ethernet
          BOOTPROTO=static
          ONBOOT=yes
          IPADDR = <IPv4 address 2>
          NETMASK = <IPv4 mask>
          GATEWAY = <IPv4 gateway>
      2. Run the service network restart or systemctl restart network command to restart the network service.
    • Debian series: Ubuntu 14, Ubuntu 16, Debian 8, or Debian 9
      1. Run the vi /etc/network/interfaces command to open the network configuration file and add the following configuration items:
        auto eth0:0
        iface eth0:0 inet static
        address <IPv4 address 1>
        netmask <IPv4 mask>
        gateway <IPv4 gateway>
        
        auto eth0:1
        iface eth0:1 inet static
        address <IPv4 address 2>
        netmask <IPv4 mask>
        gateway <IPv4 gateway>
      2. Run the service networking restart or systemctl restart networking command to restart the network service.
    • SLES series: SUSE 11, SUSE 12, or OpenSUSE 42
      1. Run the vi /etc/sysconfig/network/ifcfg-eth0 command to open the network configuration file and add the following configuration items:
        IPADDR_0 = <IPv4 address 1>
        NETMASK_0 = <Subnet prefix length>
        LABEL_0='0'
        
        IPADDR_1 = <IPv4 address 2>
        NETMASK_1 = <Subnet prefix length>
        LABEL_1='1'
      2. Run the service network restart or systemctl restart network command to restart the network service.