After you bind secondary elastic network interfaces (ENIs) to Elastic Compute Service (ECS) instances, you may need to manually configure the ENIs for them to be recognized by the instance images. This topic describes how to configure IP addresses and routes for the secondary ENIs on an ECS instance.

Background information

If your instance runs an image of one of the following versions, you do not need to configure its secondary ENIs:
  • Alibaba Cloud Linux 3.2104 64-bit
  • CentOS 8.0 64-bit, CentOS 8.1 64-bit, and CentOS 8.2 64-bit
  • CentOS 7.3 64-bit, CentOS 7.4 64-bit, and CentOS 7.5 64-bit
  • CentOS 6.8 64-bit and CentOS 6.9 64-bit
  • Debian 10.5 64-bit and Debian 10.6 64-bit
  • Windows Server 2008 R2 and later
You can run the ip address show command to check whether the image used by an ECS instance can recognize its secondary ENIs. A command output similar to the following one indicates the image used by the instance cannot recognize its secondary ENIs. If this occurs, perform the procedure described in this topic to configure IP addresses and routes for the secondary ENIs. Query ENIs
  • ① eth0: indicates the primary ENI, which is recognized by the image.
  • ② eth1: indicates a secondary ENI, which cannot be recognized by the image.

Procedure

  1. View and record the information of the secondary ENIs on an instance. For more information, see Preparations.
  2. Use one of the following methods to configure the secondary ENIs based on the operating system of your instance:
  3. Check the route information of ENIs. If no routes are configured for the ENIs, configure routes for them. For more information, see Configure routes for ENIs.

Preparations

Before you can configure secondary ENIs for an instance, you must obtain the information of the secondary ENIs such as their primary private IP addresses and MAC addresses. The following table describes the information used in the examples in this topic. You can configure the information based on your actual environment.
Secondary ENI information Example
ENI name eth1
MAC address 00:16:3e:19:**:**
Primary private IP address 192.168.**.*9
Subnet mask 255.255.252.0
Gateway address 192.168.**.253

Use one of the following methods to obtain the information of the secondary ENIs of an instance:

  • Method 1: Run the curl command to obtain secondary ENI information from instance metadata. For more information, see Overview of ECS instance metadata.
    1. Connect to the instance. For more information, see Connection methods.
    2. To obtain the MAC addresses of the ENIs on the instance, run the following command:
      curl http://100.100.100.200/latest/meta-data/network/interfaces/macs/
      Sample command output: Obtain MAC addresses
      • 00:16:3e:08:**:**: indicates the primary ENI.
      • 00:16:3e:19:**:**: indicates a secondary ENI.
    3. To obtain the primary private IP address of the secondary ENI, run the following command:
      curl http://100.100.100.200/latest/meta-data/network/interfaces/macs/00:16:3e:19:**:**/primary-ip-address
    4. To obtain the subnet mask of the secondary ENI, run the following command:
      curl http://100.100.100.200/latest/meta-data/network/interfaces/macs/00:16:3e:19:**:**/netmask
    5. To obtain the gateway of the secondary ENI, run the following command:
      curl http://100.100.100.200/latest/meta-data/network/interfaces/macs/00:16:3e:19:**:**/gateway
      Sample outputs of the preceding commands: Command outputs
  • Method 2: Query secondary ENI information in the ECS console.
    1. Log on to the ECS console.
    2. In the left-side navigation pane, choose Network & Security > ENIs.
    3. On the Network Interfaces page, find the ENIs whose information you want to query and view their primary private IP addresses and MAC addresses in the Private IP Address and Type/MAC Address(All) columns.
  • Method 3: Call the DescribeNetworkInterfaces operation to query secondary ENI information.
    You can run a command in Alibaba Cloud CLI to call the DescribeNetworkInterfaces operation. Sample command:
    aliyun ecs DescribeNetworkInterfaces \
    --output cols=MacAddress,PrivateIpAddress rows=NetworkInterfaceSets.NetworkInterfaceSet[] \
    --RegionId 'cn-hangzhou' \
    --InstanceId 'i-bp1bsa8bz184kqrz****'
    Sample command output: Sample response

Configure a secondary ENI for an instance that runs an Alibaba Cloud Linux 2, CentOS, or RedHat operating system

In the following examples, the secondary ENI named eth1 is used. If you want to configure another ENI, modify the ENI ID.
Note If your instance runs an Alibaba Cloud Linux 2 operating system, note that the following methods are applicable to the network-scripts service.

Method 1: Use the multi-nic-util tool

You can download and install the multi-nic-util tool on some CentOS instances to automatically configure secondary ENIs. multi-nic-util supports only image versions later than CentOS 6.8 or CentOS 7.3.

  1. Connect to the instance. For more information, see Connection methods.
  2. To download the multi-nic-util tool installation package, run the following command:
    wget https://image-offline.oss-cn-hangzhou.aliyuncs.com/multi-nic-util/multi-nic-util-0.6.tgz
  3. Decompress the installation package and install the multi-nic-util tool.
    1. To decompress the installation package, run the following command:
      tar -zxvf multi-nic-util-0.6.tgz
    2. To go to the multi-nic-util tool folder, run the following command:
      cd multi-nic-util-0.6
    3. To install the multi-nic-util tool, run the following command:
      bash install.sh
  4. To restart the ENI service, run the following command:
    systemctl restart eni.service

Method 2: Manually configure secondary ENIs

  1. Connect to the instance. For more information, see Connection methods.
  2. To open the configuration file of a secondary ENI, run the following command:
    vi /etc/sysconfig/network-scripts/ifcfg-eth1
  3. Press the I key to enter the edit mode and add information to the configuration file.
    Example:
    DEVICE=eth1  # Specify the ENI to be configured. 
    BOOTPROTO=dhcp
    ONBOOT=yes
    TYPE=Ethernet
    USERCTL=yes
    PEERDNS=no
    IPV6INIT=no
    PERSISTENT_DHCLIENT=yes
    HWADDR=00:16:3e:17:**:**  # Specify the MAC address of the ENI that you obtained. 
    DEFROUTE=no  # Specify that the ENI is not the default route. To prevent the active default route of the ECS instance from being changed when you run the ifup command to start the secondary ENI, do not set eth1 as the default route. 
    Press the Esc key, enter :wq, and then press the Enter key to save and close the file.
  4. To view the configuration file of the secondary ENI and verify the modifications made to the file, run the following command:
    cat /etc/sysconfig/network-scripts/ifcfg-eth1
  5. To restart the network service, run one of the following commands based on CentOS operating system versions.
    • Versions earlier than CentOS 7, such as CentOS 6:
      service network restart
    • CentOS 7 and later:
      systemctl restart network
Note If you want to create a custom image from the instance after you configure its ENIs, you must first run the /etc/eni_utils/eni-cleanup command to remove network configurations from /etc/udev/rules.d/70-persistent-net.rules and /etc/sysconfig/network-scripts/.

Configure a secondary ENI for an instance that runs an Alibaba Cloud Linux 2 operating system

In the following examples, the secondary ENI named eth1 is used. If you want to configure another ENI, modify the ENI ID.
Note If your instance runs an Alibaba Cloud Linux 2 operating system, note that the following method is applicable to the systemd-networkd service.
  1. Connect to the instance. For more information, see Connection methods.
  2. To open the configuration file of a secondary ENI, run the following command:
    vi /etc/systemd/network/60-eth1.network
  3. Press the I key to enter the edit mode and add information to the configuration file.
    Use one of the following configuration information sets based on your business requirements.
    • Scenario 1: Assign a dynamic IP address to the secondary ENI over the Dynamic Host Configuration Protocol (DHCP).
      Example:
      [Match]
      Name=eth1 # Specify the ENI to be configured. 
      
      [Network]
      DHCP=yes
      
      [DHCP]
      UseDNS=yes
    • Scenario 2: Assign a static IP address to the secondary ENI.
      Example:
      [Match]
      Name=eth1 # Specify the ENI to be configured. 
      
      [Network]
      Address=192.168.**.**/22 # Specify the static IP address and subnet mask to be assigned. 
      Note In the preceding example, the /22 subnet mask indicates 255.255.252.0. For information about how to query the primary private IP addresses and subnet masks of secondary ENIs, see Preparations.
    Press the Esc key, enter :wq, and then press the Enter key to save and close the file.
  4. To view the configuration file of the secondary ENI and verify the modifications made to the file, run the following command:
    cat /etc/systemd/network/60-eth1.network
  5. To restart the network service, run the following command:
    systemctl restart systemd-networkd

Configure a secondary ENI for an instance that runs a Ubuntu or Debian operating system

You can perform the following operations on an instance that runs a Ubuntu 14.04, Ubuntu 16.04, or Debian operating system.

  1. To open the configuration file of a secondary ENI, run the following command:
    vi /etc/network/interfaces
  2. Press the I key to enter the edit mode and add information to the configuration file.
    The secondary ENI named eth1 is used in the following example:
    auto eth0
    iface eth0 inet dhcp
    
    auto eth1  # Specify the ENI to be configured. 
    iface eth1 inet dhcp
    Press the Esc key, enter :wq, and then press the Enter key to save and close the file.
  3. To view the configuration file of the secondary ENI and verify the modifications made to the file, run the following command:
    cat /etc/network/interfaces
  4. To restart the network service, run one of the following commands based on Ubuntu operating system versions.
    • Versions earlier than Ubuntu 16.04, such as Ubuntu 14.04:
      service networking restart
    • Ubuntu 16.04:
      systemctl restart networking

You can perform the following operations on an instance that runs an Ubuntu 18.04 operating system.

  1. Create and edit a configuration file for a secondary ENI.
    In this example, the secondary ENI named eth1 is used. To create and edit a configuration file for eth1, run the following command:
    vi /etc/netplan/eth1-netcfg.yaml
  2. Press the I key to enter the edit mode and add information to the configuration file.
    Note When you edit the configuration file, take note of the following items:
    • The configuration file is in the YAML format. You must follow the YAML syntax rules when you configure the file.
    • Tabs cannot be used for indentation in YAML files. Use spaces instead.
    • We recommend that you copy information from the default /etc/netplan/99-netcfg.yaml configuration file to avoid format issues.
    The secondary ENI named eth1 is used in the following example:
    network:
      version: 2
      renderer: networkd
      ethernets:
        eth1:
          dhcp4: yes
          dhcp6: no
    Press the Esc key, enter :wq, and then press the Enter key to save and close the file.
  3. To view the configuration file of the secondary ENI and verify the modifications made to the file, run the following command:
    cat /etc/netplan/eth1-netcfg.yaml
  4. To apply the modifications, run the following command:
    netplan apply

Configure a secondary ENI for an instance that runs a SUSE or openSUSE operating system

In the following examples, the secondary ENI named eth1 is used. If you want to configure another ENI, modify the ENI ID.

  1. To open the configuration file of a secondary ENI, run the following command:
    vi /etc/sysconfig/network/ifcfg-eth1
  2. Press the I key to enter the edit mode and add information to the configuration file.
    BOOTPROTO='dhcp4'
    STARTMODE='auto'
    USERCONTROL='no'
    Press the Esc key, enter :wq, and then press the Enter key to save and close the file.
  3. To view the configuration file of the secondary ENI and verify the modifications made to the file, run the following command:
    cat /etc/sysconfig/network/ifcfg-eth1
  4. To restart the network service, run one of the following commands based on SUSE operating system versions.
    • Versions earlier than SUSE Linux Enterprise Server 12:
      service network restart
    • SUSE Linux Enterprise Server 12 and later:
      systemctl restart network

Configure routes for ENIs

After you configure secondary ENIs for an instance, you can run the route -n command to view route information on the instance. If no routes are configured on the instance, perform the following operations to configure routes for the ENIs. The section describes how to configure the route for a secondary ENI. In these examples, the secondary ENI named eth1 is used.
Note The routes that are automatically configured for ENIs may not meet your business requirements. We recommend that you modify route configurations based on your network environment.
  1. Start a secondary ENI.
    1. To start the dhclient process and initiate a DHCP request, run the following commands.
      To stop eth1, run the following command:
      ifdown eth1
      To start eth1, run the following command:
      ifup eth1
    2. To view the IP addresses assigned to the ENIs of your instance, run the following command. The IP addresses displayed in the command output must be the same as those that were obtained in the "Preparations" section.
      ip address show
      Sample command output: ipaddr
  2. Set the metric parameter for the default route of the ENI in the route table.
    1. Set the metric parameter.
      Parameter Example
      ENI name eth1
      Gateway 192.168.**.253
      metric 1001
      Run the following command:
      ip -4 route add default via 192.168.**.253 dev eth1 metric 1001
    2. Check whether the default route is configured for the ENI. Check whether information in the Gateway and Metric columns is as configured.
      route -n
      Sample command output:route
  3. Create a route table.
    1. To create a route table, run the following command:
      ip -4 route add default via 192.168.**.253 dev eth1 table 1001
      Note We recommend that you keep the name of the route table the same as the metric value in the default route of the ENI. In this example, 1001 is used.
    2. To check whether the route table is created, run the following command:
      ip route list table 1001
      Sample command output:table
  4. Configure a policy-based route.
    1. To create a policy-based route, run the following command:
      ip -4 rule add from 192.168.**.*9 lookup 1001
      Note In the preceding example command, 192.168.**.*9 is the private IP address of the secondary ENI. You can replace it with the actual private IP address of your ENI.
    2. To view routing rules, run the following command:
      ip rule list
      Sample command output:rulelist

What to do next

After the secondary ENIs are configured, you can perform the following operations: