This topic provides answers to some frequently asked questions about associating an elastic IP address (EIP) with and disassociating an EIP from a cloud resource.
- What are the cloud resources with which I can associate EIPs?
- Can I associate an EIP with multiple cloud resources?
- Can I associate an EIP with a cloud resource that is deployed in another region?
- Can I associate an EIP with a cloud resource that is deployed in another zone?
- How many EIPs can I associate with one cloud resource?
- Can I associate an EIP with an SLB instance?
- Why am I unable to see the associated SLB instance in the EIP console?
- Why am I unable to associate an EIP with a NAT gateway?
- If an ECS instance is associated with an EIP, can I use the DNAT feature of NAT Gateway to provide services to the Internet?
- Why am I unable to associate an EIP with an ECS instance?
- Why am I unable to view the EIP on the ENI of an ECS instance after I associate the EIP with the ECS instance?
- How can I associate multiple EIPs with one ECS instance?
- Why am I unable to access services over the Internet after I associate an ECS instance or an ENI with an EIP?
- Can I use an EIP as the origin IP address for Web Application Firewall (WAF)?
What are the cloud resources with which I can associate EIPs?
You can associate EIPs with Elastic Compute Service (ECS) instances, internal-facing Server Load Balancer (SLB) instances, secondary elastic network interfaces (ENIs), NAT gateways, and high-availability virtual IP addresses (HAVIPs). The ECS instances, internal-facing SLB instances, and secondary ENIs must be deployed in VPCs.
Can I associate an EIP with multiple cloud resources?
No. You can associate an EIP with only one cloud resource.
Can I associate an EIP with a cloud resource that is deployed in another region?
No.
The EIP and the cloud resource with which you want to associate must be deployed in the same region. For example, an EIP deployed in the China (Beijing) region cannot be associated with a cloud resource deployed in the China (Hangzhou) region.
Can I associate an EIP with a cloud resource that is deployed in another zone?
Yes.
Zones do not apply to EIPs. If a cloud resource and an EIP are deployed in the same region, you can associate the EIP with the cloud resource.
How many EIPs can I associate with one cloud resource?
- NAT gateways
You can associate a NAT gateway with at most 20 EIPs, among which at most 10 pay-by-data-transfer EIPs can be associated.
You can go to the Quota Management page to increase the quota. For more information, see Quota management.
- HAVIPs
Each HAVIP can be associated with only one EIP.
- SLB instances
Each internal-facing SLB instance can be associated with only one EIP.
Can I associate an EIP with an SLB instance?
You can associate an EIP with only an internal-facing SLB instance instead of an Internet-facing SLB instance. Each internal-facing SLB instance can be associated with only one EIP. You must associate an EIP with an internal-facing SLB instance in the EIP console instead of the SLB console.
Why am I unable to see the associated SLB instance in the EIP console?
- The resource group ID of the EIP is different from that of the SLB instance.
- If you log on to the EIP console as a RAM user, switch to your Alibaba Cloud account.
Why am I unable to associate an EIP with a NAT gateway?
If you purchased a NAT bandwidth plan before January 26, 2018, you must use the NAT bandwidth plan to provide public IP addresses to the NAT gateway. To associate an EIP with a NAT gateway, submit a ticket.
If an ECS instance is associated with an EIP, can I use the DNAT feature of NAT Gateway to provide services to the Internet?
No.
- If an ECS instance is associated with an EIP, you cannot use the Destination Network
Address Translation (DNAT) feature of NAT Gateway to provide services over the Internet.
Before you can use the DNAT feature, you must disassociate the EIP from the ECS instance. After you disassociate the EIP, you can add DNAT entries to the ECS instance. For more information, see Disassociate an EIP from a NAT gateway and Create a DNAT entry to provide Internet-facing services.
- If you have already added DNAT entries to an ECS instance, you cannot associate an
EIP with the ECS instance.
Before you can associate an EIP with the ECS instance, you must delete the DNAT entries. After you delete the DNAT entries, you can associate an EIP with the ECS instance. For more information, see Delete a NAT gateway and Associate an EIP with a NAT gateway.
Why am I unable to associate an EIP with an ECS instance?
Possible reasons are:
- You can associate an EIP with only an ECS instance that is deployed in a VPC. If the ECS instance is not deployed in a VPC, you cannot associate an EIP with the ECS instance.
- The EIP and ECS instance are deployed in different regions.
- The state of the ECS instance does not support the association action. You can associate an EIP with only an ECS instance that is in the Running or Stopped state.
- The ECS instance is already assigned a public IP address or associated with another EIP.
Why am I unable to view the EIP on the ENI of an ECS instance after I associate the EIP with the ECS instance?
An EIP is configured on the Internet-facing gateway and mapped to the private ENI of the ECS instance through NAT. Therefore, you cannot view the EIP on the private ENI of the ECS instance.
- Cut-through mode
In this mode, the EIP replaces the private IP address of the secondary ENI. The secondary ENI becomes a pure Internet network interface controller (NIC) and its private network feature is no longer available. You can view the EIP on the ENI of the operating system and run the ifconfig or ipconfig command to obtain the public IP address of the ENI. For more information, see Associate an EIP with a secondary ENI in cut-through mode.
- Multi-EIP to ENI mode
In this mode, the private network feature of the secondary ENI is available. You can view the EIP on the ENI. After the operating system is configured with a static IP address, you can run the ifconfig or ipconfig command to obtain the public IP address of the ENI. For more information, see Associate EIPs with secondary ENIs in multi-EIP-to-ENI mode.
How can I associate multiple EIPs with one ECS instance?
- Associate an EIP with a secondary ENI, repeat the step, and then associate the secondary ENIs with an ECS instance. The number of secondary ENIs that can be associated with an ECS instance varies based on the specification of the ECS instance. For more information, see Instance families.
- If you associate an EIP with a secondary ENI in NAT Mode, you can associate multiple EIPs with the secondary private IP address of the secondary ENI. Then, you can associate the secondary ENI with an ECS instance. For more information, see Associate multiple EIPs with a secondary ENI in NAT mode.
- If you associate an EIP with a secondary ENI in Multi-EIP to ENI Mode, you can associate multiple EIPs with the secondary ENI. Then, you can associate the secondary ENI with an ECS instance. For more information, see Associate EIPs with secondary ENIs in multi-EIP-to-ENI mode.
Why am I unable to access services over the Internet after I associate an ECS instance or an ENI with an EIP?
If an application that requires access to the Internet is deployed in the ECS instance, you must modify the default route of the ECS instance or configure specific routes. By default, packets are transmitted from the primary ENI. You can adjust route priorities to allow packets to access the Internet through the secondary ENI. You can also configure specific routes to forward packets to the Internet through multiple ENIs or a random ENI to implement load balancing.
Can I use an EIP as the origin IP address for Web Application Firewall (WAF)?
Yes.