All Products
Search
Document Center

Elastic IP Address:FAQ about associating and disassociating EIPs

Last Updated:Jan 23, 2024

This topic provides answers to some frequently asked questions about associating an elastic IP address (EIP) with and disassociating an EIP from a cloud resource.

What are the cloud resources with which I can associate EIPs?

You can associate EIPs with ECS instances in virtual private clouds (VPCs), secondary ENIs, Server Load Balancer (SLB) instances, NAT gateways, and high-availability virtual IP addresses (HAVIPs).

Note

You can associate EIPs with SLB instances, including internal-facing CLB instances in VPCs, Application Load Balancer (ALB) instances, and Network Load Balancer (NLB) instances. You can associate EIPs with ALB instances and NLB instances only in the SLB console.

Can I associate an EIP with multiple cloud resources?

No. You can associate an EIP with only one cloud resource.

Can I associate an EIP with a cloud resource that is deployed in a different region?

No, you cannot associate an EIP with a cloud resource that is deployed in a different region.

The EIP and the cloud resource with which you want to associate the EIP must be deployed in the same region. For example, an EIP deployed in the China (Beijing) region cannot be associated with a cloud resource deployed in the China (Hangzhou) region.

Can I associate an EIP with a cloud resource that is deployed in a different zone?

Yes, you can deploy an EIP with a cloud resource that is deployed in a different zone.

Zones do not apply to EIPs. If a cloud resource and an EIP are deployed in the same region, you can associate the EIP with the cloud resource.

How many EIPs can I associate with a cloud resource?

  • Elastic Compute Service

    Each ECS instance can be associated only with one EIP. However, you can associate a secondary elastic network interface (ENI) with an ECS instance to associate at most five EIPs with an ECS instance.

    • Associate an EIP with each secondary ENI. Then, associate the secondary ENIs with the ECS instance. The number of ENIs that can be associated varies with the ECS instance family. For more information, see Overview of instance families.

    • Associate multiple EIPs with a secondary ENI in NAT mode. In this mode, each EIP is associated with a secondary private IP address of the secondary ENI. Then, associate the secondary ENI with the ECS instance. For more information, see Associate multiple EIPs with an ECS instance in NAT mode.

  • Secondary ENI

    When EIPs are associated with a secondary ENI in NAT mode, the number of EIPs that can be associated is determined by the number of private IP addresses of the secondary ENI.

    The number of private IP addresses of the secondary ENI is determined by the status of the secondary ENI and the specification of the ECS instance associated with the secondary ENI. For more information, see Assign secondary private IP addresses.

  • NAT Gateway

    By default, each Internet NAT gateway can be associated with at most 20 EIPs.

    Note

    Starting September 19, 2022, if you associate an EIP with a newly created Internet NAT gateway, a private IP address of the vSwitch where the NAT gateway resides is used. Make sure that the vSwitch has sufficient private IP addresses available for use. Otherwise, you cannot associate an EIP with the NAT gateway. Existing NAT gateways are not affected.

  • HAVIP

    Each HAVIP can be associated with only one EIP.

  • CLB

    • An internal-facing CLB instance in a VPC can be associated with only one EIP.

    • Each ALB instance can be associated with multiple EIPs. Each zone of an ALB instance supports one EIP.

    • Each NLB instance can be associated with multiple EIPs. Each zone of an NLB instance supports one EIP.

Can I associate an EIP with a CLB instance?

You can associate an EIP with an internal-facing CLB instance that is deployed in a VPC. However, you cannot associate an EIP with an Internet-facing CLB instance. Each CLB instance in a VPC can be associated with only one EIP.

Why am I unable to view the CLB instance that is associated with an EIP in the EIP console?

Possible causes:

  • The EIP and the CLB instance belong to different resource groups.

  • If you log on to the EIP console as a RAM user, switch to your Alibaba Cloud account.

If an EIP is associated with an ECS instance, can I use the DNAT feature of a NAT gateway to enable the ECS instance to provide Internet-facing services?

No.

Take note of the following limits.

  • If an EIP is associated with an ECS instance, you cannot use the Destination Network Address Translation (DNAT) feature of a NAT gateway to enable the ECS instance to provide Internet-facing services.

    Before you can use the DNAT feature of the NAT gateway, you must disassociate the EIP from the ECS instance. Then, you can create DNAT entries for the ECS instance. For more information, see Disassociate an EIP from an Internet NAT gateway and Create and manage DNAT entries.

  • After you create DNAT entries for an ECS instance, you cannot associate an EIP with the ECS instance.

    Before you can associate an EIP with the ECS instance, you must delete the DNAT entries that you created for the ECS instance. After you delete the DNAT entries, you can associate an EIP with the ECS instance. For more information, see Delete an Internet NAT gateway and Associate an EIP.

Note

If an ECS instance is associated with an EIP and DNAT is configured for the ECS instance, the ECS instance preferentially uses the associated EIP to communicate with the Internet.

Why am I unable to associate an EIP with an ECS instance?

Possible causes:

  • The EIP and ECS instance do not belong to the same region.

  • The ECS instance is assigned a public IP address or is associated with another EIP.

  • The ECS instance is deployed in a classic network instead of a VPC. You can associate an EIP with only an ECS instance that is deployed in a VPC.

  • The ECS instance is in a state that does not allow you to associate an EIP. You can associate an EIP with an ECS instance that is only in the Running or Stopped state.

To troubleshoot the issue, perform the following operations:

  1. Check the regions in which the EIP and the ECS instance are deployed. Make sure that they are deployed in the same region, for example, in the China (Hangzhou) region.

  2. Log on to the ECS console and check the status of the ECS instance. Make sure that the following requirements are met:ECS排查

    Number

    Description

    1

    The ECS instance is assigned only a private IP address.

    As shown in the following figure, if your ECS instance is assigned a public IP address or is associated with another EIP, you cannot associate the EIP with your ECS instance.

    ECS的IPIf you have other requirements, see the following topics:

    2

    The ECS instance is deployed in a VPC.

    If the ECS instance is deployed in a classic network, you can migrate the ECS instance to a VPC. For more information, see Migrate ECS instances from a classic network to a VPC.

    3

    The ECS instance is in the Running or Stopped state.

    For more information about how to manage the status of your ECS instance, see Instance lifecycle.

Why am I unable to view the EIP in the operating system of the ECS instance after I associate the EIP with the ECS instance?

EIPs are deployed on the Internet gateway of Alibaba Cloud and are mapped to the private network interface controllers (NICs) of the associated ECS instances through NAT. Therefore, you cannot view the EIP on the private NIC of the ECS instance.

You can expose an EIP by adding a secondary CIDR block to a VPC. For more information, see Expose an EIP on an NIC by adding a secondary CIDR block to a VPC.

How can I associate multiple EIPs with one ECS instance?

You can associate multiple EIPs with one ECS instance by using the following methods:

  • Associate an EIP with each secondary ENI. Then, attach the secondary ENIs to the ECS instance. The number of secondary ENIs that can be attached to an ECS instance varies with the specification of the ECS instance. For more information, see Overview of instance families.

  • Associate multiple EIPs with a secondary ENI in NAT mode. In this mode, each EIP is associated with a secondary private IP address of the secondary ENI. Then, associate the secondary ENI with the ECS instance. For more information, see Associate multiple EIPs with an ECS instance in NAT mode.

Why am I unable to access services over the Internet after I associate an EIP with an ECS instance or ENI?

If you want the ECS instance to access the Internet, you must configure the default route of the ECS instance or create specific routes for the ECS instance. By default, packets are transmitted from the primary ENI. You can modify route priorities to allow packets to access the Internet through the secondary ENI. You can also configure specific routes to forward packets to the Internet through multiple ENIs or a random ENI to implement load balancing.

For more information, see (Optional) Step 4: Configure routes.

Can I associate an ECS instance with an IPv6 address?

Can I use an EIP as the origin IP address for WAF?

Yes.