All Products
Search
Document Center

Elastic Compute Service:Configure a secondary ENI

Last Updated:Mar 14, 2024

After secondary elastic network interfaces (ENIs) are bound to Elastic Compute Service (ECS) instances, some images used by these instances may not recognize the secondary ENIs and configure routes for the secondary ENIs. If this occurs, the secondary ENIs cannot be used on the instances. This topic describes how to configure secondary ENIs from within instances to have their IP addresses recognized and how to configure routes for the secondary ENIs.

Prerequisites

  • A secondary ENI is bound to an ECS instance.

  • You are connected to the ECS instance. For more information, see Connection method overview.

Background information

If automatic configuration tools are pre-installed in images that instances use, secondary ENIs that are bound to the instances can be automatically configured by the tools. You can use the secondary ENIs without the need to manually configure them. Examples of images in which automatic configuration tools are pre-installed:

  • Alibaba Cloud Linux 3.2104 64-bit

  • CentOS 8.0 64-bit, CentOS 8.1 64-bit, CentOS 8.2 64-bit, and later

  • CentOS 7.3 64-bit, CentOS 7.4 64-bit, and CentOS 7.5 64-bit

  • CentOS 6.8 64-bit and CentOS 6.9 64-bit

  • Debian 11.3 64-bit, Debian 11.4 64-bit, and later

  • Windows Server 2008 R2 and later

Procedure

  1. Check whether the IP address of a secondary ENI bound to an instance can be recognized.

    For more information, see the Check whether the IP addresses of ENIs can be recognized section of this topic. If the IP address of the secondary ENI is recognized, skip the following steps. If the IP address of the secondary ENI is not recognized, proceed with the following steps to configure the secondary ENI.

  2. Obtain the information of the secondary ENI.

    When you configure a secondary ENI, the primary private IP address and media access control (MAC) address may be required. Prepare the information for subsequent configurations. For more information, see the Obtain the information of an ENI section of this topic.

    In the examples provided in this topic, the sample values listed in the following table are used. In actual scenarios, replace them with the attribute values of your secondary ENI.

    Secondary ENI attribute

    Sample value

    ENI name

    eth1

    MAC address

    00:16:3e:0f:**:**

    Primary private IP address

    192.168.**.*2

    Subnet mask

    255.255.255.0

    Gateway address

    192.168.**.253

  3. Configure the secondary ENI to have its IP address recognized.

    The operations required to configure secondary ENIs vary based on the operating systems of instances to which the secondary ENIs are bound.

    Operating system

    References

    • Alibaba Cloud Linux 2 (Instances that run this operating system use the network-scripts network service)

    • CentOS

    • RedHat

    Configure a secondary ENI for an instance that runs an Alibaba Cloud Linux 2, CentOS 6, CentOS 7, or Red Hat operating system and that uses the network-scripts network service

    Alibaba Cloud Linux 2 (Instances that run this operating system use the systemd-networkd network service)

    Configure a secondary ENI for an instance that runs an Alibaba Cloud Linux 2 operating system and that uses the systemd-networkd network service

    • Ubuntu

    • Debian

    Configure a secondary ENI for an instance that runs a Ubuntu or Debian operating system

    • SUSE

    • OpenSUSE

    Configure a secondary ENI for an instance that runs a SUSE or openSUSE operating system

  4. Check whether routes are configured for the secondary ENI.

    You can run the route -n command to check the route information. If no routes are configured for the secondary ENI or if the existing routes do not meet your requirements, manually configure routes for the secondary ENI. The following sections provide examples on configuring routes for a secondary ENI that is bound to an instance that runs one of the following operating systems:

Check whether the IP addresses of ENIs can be recognized

Run the following command to check whether the IP addresses of ENIs can be recognized:

ip address show

Sample command outputs:

  • The following command output shows that the IP address of the eth0 primary ENI is recognized but the IP address of the eth1 secondary ENI is not recognized. You can perform operations described in this topic to configure the secondary ENI. ip-detected

  • The following command output shows that the IP addresses of both the eth0 primary ENI and the eth1 secondary ENI are recognized. You do not need to configure the secondary ENI. eth1-detected

Note

In the preceding command outputs, 00:16:3e:16:**:** is the MAC address of the primary ENI and 00:16:3e:0f:**:** is the MAC address of the secondary ENI.

Obtain the information of an ENI

You can obtain the information of an ENI from instance metadata, by using the ECS console, or by calling an API operation. You can use one of the following methods to obtain the information of an ENI:

  • Obtain the information of an ENI from instance metadata.

    • Obtain the MAC addresses of ENIs that are bound to an instance.

      curl http://100.100.100.200/latest/meta-data/network/interfaces/macs/
      Note

      The MAC addresses of ENIs are required to obtain the primary private IP addresses, subnet masks, and gateway addresses of the ENIs.

    • Obtain the primary private IP address of the specified ENI.

      curl http://100.100.100.200/latest/meta-data/network/interfaces/macs/00:16:3e:19:**:**/primary-ip-address
    • Obtain the subnet mask of the specified ENI.

      curl http://100.100.100.200/latest/meta-data/network/interfaces/macs/00:16:3e:19:**:**/netmask
    • Obtain the gateway address of the specified ENI.

      curl http://100.100.100.200/latest/meta-data/network/interfaces/macs/00:16:3e:19:**:**/gateway

    The following figure shows the sample command output. In the command output, 00:16:3e:16:**:** is the MAC address of the primary ENI and 00:16:3e:0f:**:** is the MAC address of the secondary ENI.

    Note

    After you run the ip address show command, you can determine which is the primary ENI and which is the secondary ENI based on the order in which the MAC addresses are displayed in the command output.

    eni-status

  • Obtain the information of an ENI by using the ECS console.

    1. Log on to the ECS console.

    2. In the left-side navigation pane, choose Network & Security > Elastic Network Interfaces.

    3. On the Network Interfaces page, find the ENIs whose information you want to query and view their primary private IP addresses and MAC addresses in the Private IP Address and Type/MAC Address(All) columns.

  • Obtain the information of an ENI by running commands in Alibaba Cloud CLI to call the DescribeNetworkInterfaces operation.

    aliyun ecs DescribeNetworkInterfaces \
    --output cols=MacAddress,PrivateIpAddress rows=NetworkInterfaceSets.NetworkInterfaceSet[] \
    --RegionId 'cn-hangzhou' \
    --InstanceId 'i-bp1a5gj0bzhwz7q****'

    The following figure shows the sample command output. In the command output, 00:16:3e:16:**:** is the MAC address of the primary ENI and 00:16:3e:0f:**:** is the MAC address of the secondary ENI.

    Note

    After you run the ip address show command, you can determine which is the primary ENI and which is the secondary ENI based on the order in which the MAC addresses are displayed in the command output.

    cloudshell-view

Configure a secondary ENI for an instance that runs an Alibaba Cloud Linux 2, CentOS 6, CentOS 7, or Red Hat operating system and that uses the network-scripts network service

If your instance runs an Alibaba Cloud Linux 2, CentOS 6, CentOS 7, or Red Hat operating system and uses the network-scripts network service, you can use the multi-nic-util tool to have ENIs bound to the instance automatically configured. You can also manually modify the ENI configuration files to configure the ENIs.

  • Use the multi-nic-util tool to have a secondary ENI automatically configured.

    Note

    If you want to use the multi-nic-util tool to have secondary ENIs automatically configured for CentOS instances, note that the multi-nic-util tool is supported only on some versions of CentOS images. If your instance uses a CentOS 6 image, make sure that the instance uses CentOS 6.8 or later. If your instance uses a CentOS 7 image, make sure that the instance uses CentOS 7.3 or later. If the multi-nic-util tool is not supported on the image version that your instance uses, you must manually modify the configuration files of secondary ENIs to configure the secondary ENIs.

    1. Download and install the multi-nic-util tool.

      wget https://image-offline.oss-cn-hangzhou.aliyuncs.com/multi-nic-util/multi-nic-util-0.6.tgz && \
      tar -zxvf multi-nic-util-0.6.tgz && \
      cd multi-nic-util-0.6 && \
      bash install.sh
    2. Restart the ENI service.

      systemctl restart eni.service
  • Manually modify the configuration file of a secondary ENI to configure the secondary ENI.

    1. Open the configuration file of the secondary ENI.

      vi /etc/sysconfig/network-scripts/ifcfg-eth1
    2. Add the information of the secondary ENI to the configuration file. Then, save and close the configuration file.

      The following section provides an example of the ENI information to add to the configuration file:

      DEVICE=eth1  # Specify the ENI that you want to configure. 
      BOOTPROTO=dhcp
      ONBOOT=yes
      TYPE=Ethernet
      USERCTL=yes
      PEERDNS=no
      IPV6INIT=no
      PERSISTENT_DHCLIENT=yes
      HWADDR=00:16:3e:0f:**:**  # Use the obtained MAC address of the ENI. 
      DEFROUTE=no  # Specify that the ENI is not the default route. To prevent the default route of the ECS instance from being changed when you run the ifup command to start the secondary ENI, do not set eth1 as the default route. 
    3. Restart the network service.

      • Versions earlier than CentOS 7, such as CentOS 6:

        service network restart
      • CentOS 7 or later and Alibaba Cloud Linux 2:

        systemctl restart network
Note

Configure a secondary ENI for an instance that runs an Alibaba Cloud Linux 2 operating system and that uses the systemd-networkd network service

If your instance runs an Alibaba Cloud Linux 2 operating system and uses the systemd-networkd network service, you must manually modify the ENI configuration file to configure an ENI.

  1. Open the configuration file of the secondary ENI.

    vi /etc/systemd/network/60-eth1.network
  2. Add the information of the secondary ENI to the configuration file. Then, save and close the configuration file.

    You can assign a dynamic or static IP address to the secondary ENI. You can use one of the following methods based on your requirements. The following section provides an example of the ENI information to add to the configuration file:

    • Assign a dynamic IP address to the secondary ENI by using the Dynamic Host Configuration Protocol (DHCP).

      [Match]
      Name=eth1 # Specify the ENI that you want to configure. 
      
      [Network]
      DHCP=yes
      
      [DHCP]
      UseDNS=yes
    • Assign a static IP address to the secondary ENI.

      [Match]
      Name=eth1 # Specify the ENI that you want to configure. 
      
      [Network]
      Address=192.168.**.*2/24 # Specify the static IP address and subnet mask to be assigned. 
      Note

      In the preceding example, 192.168.**.*2 is the primary private IP address and the /24 subnet mask is 255.255.255.0.

  3. Restart the network service.

    systemctl restart systemd-networkd

Configure a secondary ENI for an instance that runs a Ubuntu or Debian operating system

If your instance runs a Ubuntu or Debian operating system, you must modify the configuration file of the secondary ENI based on the image version.

  • Perform the following operations on an instance that runs Ubuntu 14.04, Ubuntu 16.04, or Debian:

    1. Open the ENI configuration file.

      vi /etc/network/interfaces
    2. Add the information of the secondary ENI to the configuration file. Then, save and close the configuration file.

      Example of the ENI information to add to the configuration file:

      auto eth0
      iface eth0 inet dhcp
      
      auto eth1  # Specify the ENI that you want to configure. 
      iface eth1 inet dhcp
      Note

      The eth0 primary ENI is configured in the same configuration file as the eth1 secondary ENI. You must add the information of the primary ENI to the configuration file.

    3. Restart the network service.

      • Versions earlier than Ubuntu 16.04, such as Ubuntu 14.04:

        service networking restart
      • Ubuntu 16.04 and Debian:

        systemctl restart networking

      The configurations of the secondary ENI take effect regardless of whether the following alert notification appears. You can run the ip address show command to check whether the IP address of the secondary ENI can be recognized. warning

  • Perform the following operations on an instance that runs Ubuntu 18.04:

    1. Open the configuration file of a secondary ENI.

      vi /etc/netplan/eth1-netcfg.yaml
    2. Add the information of the secondary ENI to the configuration file. Then, save and close the configuration file.

      Note

      When you modify the configuration file, take note of the following items:

      • The configuration file is in the YAML format. Follow the YAML syntax rules when you configure the file.

      • Tabs cannot be used for indentation in YAML files. Use spaces instead.

      • We recommend that you copy information from the default /etc/netplan/99-netcfg.yaml configuration file to prevent format issues.

      Example of the ENI information to add to the configuration file:

      network:
        version: 2
        renderer: networkd
        ethernets:
          eth1:
            dhcp4: yes
            dhcp6: no
    3. Apply the added configurations.

      netplan apply

Configure a secondary ENI for an instance that runs a SUSE or openSUSE operating system

If your instance run a SUSE or openSUSE operating system, you must manually modify the ENI configuration file to configure the secondary ENI.

  1. Open the configuration file of the secondary ENI.

    vi /etc/sysconfig/network/ifcfg-eth1
  2. Add the information of the secondary ENI to the configuration file. Then, save and close the configuration file.

    In the following example, a dynamic IP address is assigned to the secondary ENI by using DHCP.

    BOOTPROTO='dhcp4'
    STARTMODE='auto'
    USERCONTROL='no'
  3. Restart the network service.

    • Versions earlier than SUSE Linux Enterprise Server 12:

      service network restart
    • SUSE Linux Enterprise Server 12 or later:

      systemctl restart network

Configure routes for a secondary ENI that is bound to an instance that runs an Alibaba Cloud Linux 2 or CentOS 7 operating system

If you manually configure secondary ENIs but do not configure routes for the secondary ENIs or if routes configured by the multi-nic-util tool do not meet your requirements, perform the following steps to configure routes:

  1. View the route information.

    route -n

    Sample command outputs:

    • The following command output shows only the route information of the eth0 primary ENI, which indicates that no routes are configured for the eth1 secondary ENI. main-eni-route

    • The following command output shows the route information of both the eth0 primary ENI and the eth1 secondary ENI. If the configured routes do not meet your requirements, you can modify the route configurations. both-eni-route

  2. Plan the default route based on your requirements.

    In this example, the sample values listed in the following table are used.

    Secondary ENI attribute

    Sample value

    ENI name

    eth1

    Primary private IP address

    192.168.**.*2

    Gateway address

    192.168.**.253

    metric

    1001

  3. Configure the default route.

    You can run the following commands to add the default route for the eth1 secondary ENI, create a route table, and then attach a routing policy to the table. In this example, table 1001 is created as the route table. We recommend that you keep the name of the route table the same as the metric value in the default route of the ENI. 192.168.**.253 is the gateway address and 192.168.*.*2 is the primary private IP address of the eth1 secondary ENI.

    ip -4 route add default via 192.168.**.253 dev eth1 metric 1001 && \
    ip -4 route add default via 192.168.**.253 dev eth1 table 1001 && \
    ip -4 rule add from 192.168.**.*2 lookup 1001
  4. View the created route table and routing policy.

    ip route list table 1001 && \
    ip rule list

    The following figure shows that the route table and routing policy are created. view-route-policy

  5. Configure routes to automatically update on instance startup.

    After you perform the preceding steps to configure routes for the eth1 secondary ENI, you must perform the following steps to configure the routes to automatically update on instance startup. Otherwise, the routes become invalid after the instance is restarted.

    1. Open the /etc/rc.local file.

      vim /etc/rc.local
    2. Add the configuration information of the routes to the /etc/rc.local file. Then, save and close the file.

      ip -4 route add default via 192.168.**.253 dev eth1 metric 1001
      ip -4 route add default via 192.168.**.253 dev eth1 table 1001
      ip -4 rule add from 192.168.**.*2 lookup 1001
    3. Grant execution permissions on the /etc/rc.local file.

      chmod +x /etc/rc.local

Configure routes for a secondary ENI that is bound to an instance that runs a CentOS 8 operating system

If routes configured by the system do not meet your requirements, perform the following steps to configure routes:

  1. View the route information.

    route -n

    The following figure shows the route information of both the eth0 primary ENI and the eth1 secondary ENI. If the configured routes do not meet your requirements, you can modify the route configurations. centos8-route

  2. Plan the default route based on your requirements.

    In this example, the sample values listed in the following table are used.

    Secondary ENI attribute

    Sample value

    ENI name

    eth1

    Primary private IP address

    192.168.**.*2

    Gateway address

    192.168.**.253

    table

    1001

  3. Create a script for configuring routes.

    1. Create and open the /home/route.sh file.

    2. Add the configuration information of routes to the /home/route.sh file. Then, save and close the file.

      The following sample script shows how to create a route table and attach a routing policy to the route table for the eth1 secondary ENI. In this example, a route table named table 1001 is created, and 192.168.**.253 is the gateway address and 192.168.*.*2 is the primary private IP address of the eth1 secondary ENI.

      #!/bin/bash
      
      i=0
      while true; do
              /usr/sbin/ip -4 route add default via 192.168.**.253 dev eth1 table 1001
              if [ $? -eq 0 ]; then
                      break
          fi
              sleep 3
              let i++
              if [ $i -gt 10 ]; then
                      exit -1
              fi
      done
      
      i=0
      while true; do
              /usr/sbin/ip -4 rule add from 192.168.**.*2 lookup 1001
              if [ $? -eq 0 ]; then
                      break
          fi
              sleep 3
              let i++
              if [ $i -gt 10 ]; then
                      exit -1
              fi
      done
  4. Configure the default route.

    sh /home/route.sh
  5. View the created route table and routing policy.

    ip route list table 1001 && \
    ip rule list

    The following figure shows that the route table and routing policy are created. view-route-policy

  6. Configure routes to be automatically updated on instance startup.

    After you perform the preceding steps to configure routes for the eth1 secondary ENI, perform the following steps to configure the routes to be automatically updated on instance startup. Otherwise, the routes become invalid after the instance is restarted.

    1. Open the /etc/rc.local file.

      vim /etc/rc.local
    2. Add the configuration information of routes to the /etc/rc.local file. Then, save and close the file.

      sh /home/route.sh
    3. Grant execute permissions on the /etc/rc.local file.

      chmod +x /etc/rc.local