In the NAT mode, you can associate multiple Elastic IP addresses with the same secondary elastic network interface (ENI). In this way, network traffic is routed to different Elastic IP addresses, maximizing the utilization of Elastic Compute Service (ECS) instances.

Prerequisites

Before you start, make sure that you have met the following requirements:

Step 1: Assign multiple secondary private IP addresses

Take the following steps to assign multiple secondary private IP addresses to a secondary ENI.

  1. Log on to the ECS console.
  2. In the left-side navigation pane, choose Network & Security > ENIs.
  3. In the upper-left corner, select the region where the secondary ENI is deployed.
  4. On the Network Interfaces page, find the target ENI, and click Manage secondary Private IP Address in the Actions column.
  5. In the Manage Secondary Private IP Address dialog box that appears, click Assign New IP to assign a secondary IP address. Click Assign New IP again to assign more secondary private IP addresses.
    Note You can manually enter a secondary private IP address. Valid secondary private IP addresses are included in the IPv4 Private CIDR Block. If you do not manually enter a secondary private IP address, the system assigns a random IP address from the IPv4 Private CIDR Block.
  6. Click OK.

Step 2: Associate Elastic IP addresses with secondary private IP addresses

Take the following steps to associate multiple Elastic IP addresses with the secondary private IP addresses of a secondary ENI.

  1. Log on to the Virtual Private Cloud console.
  2. In the left-side navigation pane, choose Elastic IP Addresses > Elastic IP Addresses.
  3. In the upper-left corner, select the region where the Elastic IP addresses are deployed.
  4. On the Elastic IP Addresses page, find the target Elastic IP address and click Bind in the Actions column.
  5. On the Bind Elastic IP Address page, set the following parameters and click OK.
    • Instance Type: Select Secondary ENI.
    • Resource Group: Select the resource group to which the Elastic IP address belongs.
    • Mode: Select NAT Mode.
    • Secondary ENI: Select the target secondary private IP address you want to associate.
  6. Repeat the preceding steps to associate multiple Elastic IP addresses with different secondary private IP addresses of the secondary ENI. Make sure that each Elastic IP address is associated with a different secondary private IP address.

Step 3: Associate the secondary ENI with an ECS instance

After you associate the Elastic IP addresses with the secondary private IP addresses of the secondary ENI, you must associate the secondary ENI with an ECS instance. For more information, see Attach an ENI to an existing ECS instance.

Step 4: Configure the secondary private IP addresses

After you associate the secondary ENI with the ECS instance, you must configure the secondary private IP addresses for the ECS instance. For more information, see Assign a secondary private IP address for a Windows instance and Assign a secondary private IP address to a Linux instance.
Notice To configure the secondary private IP addresses for the ECS instance, you must obtain the gateways and subnet masks of the second private IP addresses. For more information, see Retrieve instance metadata.
After you configure the secondary private IP addresses, you can use the ip address command to view the configured secondary private IP addresses.

Step 5: Test network connections

This example uses an instance that runs a Linux operating system. Configure a static route for the source IP address and then test the connection between the ECS instance and the target network.

  1. Log on to the ECS instance.
  2. Run /sbin/ip route add <target network>/<subnet prefix length> via <the gateway of the secondary private IP address> src <the secondary private IP address> to set the static route of the secondary private IP address as the source IP address.
  3. Execute ping <target network> -I <the secondary private IP address> to test the connection between the secondary private IP address and the target network.
    If the secondary private IP address is associated with the target network, it indicates that the Elastic IP address is successfully associated with the secondary private IP address.