After secondary elastic network interfaces (ENIs) are bound to Elastic Compute Service (ECS) instances, some images used by the instances may not recognize the IP addresses of the secondary ENIs and configure routes for the secondary ENIs. If this issue occurs, the secondary ENIs cannot be used as expected on the instances. To resolve this issue, we recommend that you configure secondary ENIs from within instances to have their IP addresses recognized as described in this topic. You can also configure routes for the secondary ENIs based on your business requirements to better manage and control network traffic.
Prerequisites
A secondary ENI is bound to an ECS instance. For more information, see Bind an ENI.
Step 1: Check whether you need to configure a secondary ENI
To determine whether you need to configure the secondary ENI, you can check whether the IP address of the secondary ENI can be recognized or check the type of the image used by the instance that is bound to the secondary ENI.
Connect to the Linux instance.
For more information, see Connect to a Linux instance by using a password or key.
Run the following command to check whether the IP address of the secondary ENI can be recognized:
ip address show
Determine whether you need to configure the secondary ENI based on the returned result.
Scenario 1: The IP addresses of both the eth0 primary ENI and the eth1 secondary ENI are recognized. You do not need to configure the secondary ENI.
Sample command output:
Scenario 2: The IP address of the eth0 primary ENI is recognized but the IP address of the eth1 secondary ENI is not recognized. You can perform the operations described in this topic to configure the secondary ENI.
Sample command output:
In the preceding command outputs, 00:16:3e:16:**:**
is the media access control (MAC) address of the primary ENI and 00:16:3e:0f:**:**
is the MAC address of the secondary ENI.
(Optional) Step 2: Obtain the information of the secondary ENI
When you configure a secondary ENI, the primary private IP address and MAC address may be required. Prepare the information for subsequent configurations.
Sample values are used in the following operations. In actual scenarios, replace them with the attribute values of your secondary ENI.
Obtain the information of the ENI in the ECS console (recommended)
Log on to the ECS console.
In the left-side navigation pane, choose
.In the top navigation bar, select the region and resource group to which the resource belongs.
On the Elastic Network Interfaces page, find the ENI whose information you want to obtain and view its primary private IP address and MAC address in the IP Address and MAC Address columns.
Obtain the information of the ENI from instance metadata
Connect to the Linux instance.
For more information, see Connect to a Linux instance by using a password or key.
Run the following commands in sequence to obtain the information of the ENI.
Obtain the MAC addresses of the ENIs that are bound to the instance.
curl http://100.100.100.200/latest/meta-data/network/interfaces/macs/
NoteThe MAC addresses of ENIs are required to obtain the primary private IP addresses, subnet masks, and gateway addresses of the ENIs.
Obtain the primary private IP address of the specified ENI.
curl http://100.100.100.200/latest/meta-data/network/interfaces/macs/00:16:3e:19:**:**/primary-ip-address
Obtain the subnet mask of the specified ENI.
curl http://100.100.100.200/latest/meta-data/network/interfaces/macs/00:16:3e:19:**:**/netmask
Obtain the gateway address of the specified ENI.
curl http://100.100.100.200/latest/meta-data/network/interfaces/macs/00:16:3e:19:**:**/gateway
The following figure shows the sample command output. In the command output, 00:16:3e:16:**:**
is the MAC address of the primary ENI and 00:16:3e:0f:**:**
is the MAC address of the secondary ENI.
After you run the ip address show
command, you can determine which is the primary ENI and which is the secondary ENI based on the order in which the MAC addresses are displayed in the command output.
Step 3: Configure the secondary ENI
The operations required to configure secondary ENIs vary based on the operating systems of instances to which the secondary ENIs are bound.
The network service of an instance that uses Alibaba Cloud Linux 2 images can be network-scripts or systemd-networkd.
Alibaba Cloud Linux 2 (network-scripts)
You can run the
ls /etc/sysconfig/network-scripts
command to check whether the/etc/sysconfig/network-scripts
directory exists in the system. If files whose names are prefixed withifcfg-
,ifdown-
, andifup-
appear in the preceding directory, the system uses the network-scripts service.Alibaba Cloud Linux 2 (systemd-networkd)
You can run the
systemctl status systemd-networkd
command to check whether the systemd-networkd service is installed on the system. If the command output includes the status information ofsystemd-networkd.service
, such as running status, activeness status, and log entries, the system uses the systemd-networkd service.
For more information, see Methods and impacts of switching the network service for instances that run Alibaba Cloud Linux 2.
CentOS 6, CentOS 7, RedHat, or Alibaba Cloud Linux 2 (network-scripts)
If your instance runs an Alibaba Cloud Linux 2, CentOS 6, CentOS 7, or Red Hat operating system and uses the network-scripts network service, you can install the multi-nic-util tool to have ENIs bound to the instance automatically configured. You can also manually modify the ENI configuration files to configure the ENIs. Take note of the following items:
If you use the multi-nic-util tool, the original network configurations of the ECS instance may be overwritten.
If you want to use the multi-nic-util tool to have secondary ENIs automatically configured for CentOS instances, the following CentOS image versions support the multi-nic-util tool:
CentOS 6 images: CentOS 6.8 or later
CentOS 7 images: CentOS 7.3 or later
For other CentOS image versions that do not support the multi-nic-util tool, you must manually modify the configuration files of secondary ENIs to configure the secondary ENIs.
Method 1: Use the multi-nic-util tool to have a secondary ENI automatically configured (recommended)
Run the following commands to download and install the multi-nic-util tool:
Run the following command to restart the ENI service:
sudo systemctl restart eni.service
wget https://image-offline.oss-cn-hangzhou.aliyuncs.com/multi-nic-util/multi-nic-util-0.6.tgz && \
tar -zxvf multi-nic-util-0.6.tgz && \
cd multi-nic-util-0.6 && \
bash install.sh
Method 2: Manually modify the configuration file of a secondary ENI to configure the secondary ENI
Run the following command to open the configuration file of the secondary ENI:
Press the
I
key to enter Insert mode, and add the information of the secondary ENI to the configuration file. Then, press theEsc
key to exit Insert mode and enter:wq
to save and close the file.Example of the ENI information to add to the configuration file:
DEVICE=eth1 # Specify the name of the ENI that you want to configure. BOOTPROTO=dhcp ONBOOT=yes TYPE=Ethernet USERCTL=yes PEERDNS=no IPV6INIT=no PERSISTENT_DHCLIENT=yes HWADDR=00:16:3e:0f:**:** # Use the obtained MAC address of the ENI. DEFROUTE=no # Specify that the ENI is not the default route. To prevent the default route of the ECS instance from being changed when you run the ifup command to start the secondary ENI, do not set eth1 as the default route.
Run one of the following commands to restart the network service:
Versions earlier than CentOS 7 and RedHat 7, such as CentOS 6 and RedHat 6:
sudo service network restart
CentOS 7 or later, RedHat 7 or later, and Alibaba Cloud Linux 2:
vi /etc/sysconfig/network-scripts/ifcfg-eth1
sudo systemctl restart network
Before you create custom images from the instance whose ENIs are configured, you must run the /etc/eni_utils/eni-cleanup
command to remove network configurations from /etc/udev/rules.d/70-persistent-net.rules
and /etc/sysconfig/network-scripts/
.
Alibaba Cloud Linux 2 (systemd-networkd)
If your instance runs an Alibaba Cloud Linux 2 operating system and uses the systemd-networkd network service, you must manually modify the ENI configuration file to configure an ENI.
Run the following command to open the configuration file of the secondary ENI:
vi /etc/systemd/network/60-eth1.network
Press the
I
key to enter Insert mode, and add the information of the secondary ENI to the configuration file. Then press theEsc
key to exit Insert mode and enter:wq
to save and closet the file.You can assign a dynamic or static IP address to the secondary ENI. You can use one of the following methods based on your requirements. The following section provides an example of the ENI information to add to the configuration file:
Assign a dynamic IP address to the secondary ENI by using Dynamic Host Configuration Protocol (DHCP).
[Match] Name=eth1 # Specify the name of the ENI that you want to configure. [Network] DHCP=yes [DHCP] UseDNS=yes
Assign a static IP address to the secondary ENI.
[Match] Name=eth1 # Specify the name of the ENI that you want to configure. [Network] Address=192.168.**.*2/24 # Specify the static IP address and subnet mask to be assigned.
NoteIn the preceding example,
192.168.**.*2
is the primary private IP address and the/24
subnet mask bit corresponds to the255.255.255.0
subnet mask.
Run the following command to restart the network service:
sudo systemctl restart systemd-networkd
Ubuntu or Debian
If your instance runs a Ubuntu or Debian operating system, you must modify the configuration file of the secondary ENI based on the image version.
Ubuntu 14.04, Ubuntu 16.04, or Debian
Run the following command to open the configuration file of the secondary ENI:
vi /etc/network/interfaces
Press the
I
key to enter Insert mode, and add the information of the secondary ENI to the configuration file. Then press theEsc
key to exit Insert mode and enter:wq
to save and close the file.Example of the ENI information to add to the configuration file:
auto eth0 iface eth0 inet dhcp auto eth1 # Specify the name of the ENI that you want to configure. iface eth1 inet dhcp
NoteThe eth0 primary ENI is configured in the same configuration file as the eth1 secondary ENI. You must add the information of the primary ENI to the configuration file.
Run one of the following commands to restart the network service:
Ubuntu 14.04:
sudo service networking restart
Ubuntu 16.04 and Debian:
sudo systemctl restart networking
The configurations of the secondary ENI take effect regardless of whether the following alert notification appears. You can run the
ip address show
command to check whether the IP address of the secondary ENI can be recognized.
Ubuntu 18.04
Run the following command to open the configuration file of the secondary ENI:
Press the
I
key to enter Insert mode, and add the information of the secondary ENI to the configuration file. Then press theEsc
key to exit Insert mode and enter:wq
to save and close the file.NoteWhen you modify the configuration file, take note of the following items:
The configuration file is in the
YAML
format. Follow theYAML
syntax rules when you configure the file.Use spaces for indentation in
YAML
files. Tabs are not supported.We recommend that you copy information from the default
/etc/netplan/99-netcfg.yaml
configuration file to prevent format issues.
Example of the ENI information to add to the configuration file:
network: version: 2 renderer: networkd ethernets: eth1: dhcp4: yes dhcp6: no
Run the following command for the configurations to take effect:
vi /etc/netplan/eth1-netcfg.yaml
netplan apply
SUSE or openSUSE
If your instance runs a SUSE or openSUSE operating system, you must manually modify the ENI configuration file to configure the secondary ENI.
Run the following command to open the configuration file of the secondary ENI:
vi /etc/sysconfig/network/ifcfg-eth1
Press the
I
key to enter Insert mode, and add the information of the secondary ENI to the configuration file. Then press theEsc
key to exit Insert mode and enter:wq
to save and close the file.In the following example, a dynamic IP address is assigned to the secondary ENI by using DHCP.
BOOTPROTO='dhcp4' STARTMODE='auto' USERCONTROL='no'
Run one of the following commands to restart the network service:
Versions earlier than SUSE Linux Enterprise Server 12 and openSUSE 13.2:
sudo service network restart
SUSE Linux Enterprise Server 12 or later, and openSUSE 13.2 or later:
sudo systemctl restart network
(Optional) Step 4: Configure routes
You can run the route -n
command to query the current route information. If no routes are configured for the secondary ENI or if the existing routes do not meet your business requirements, you can configure route tables and rules for the secondary ENI as described in this topic. The route tables and rules help implement routing policies to forward traffic by using specific gateways. This allows you to control and manage network traffic in a finer-grained manner.
Plan the default route based on your requirements. In this example, the sample values listed in the following table are used.
Secondary ENI attribute | Sample value |
ENI name | eth1 |
Primary private IP address | 192.168.**.*2 |
Gateway address | 192.168.**.253 |
metric | 1001 |
Configure routes for a secondary ENI bound to an instance that runs an Alibaba Cloud Linux 2 or CentOS 7 operating system
Run the following command to query the route information:
route -n
Sample command outputs:
The following command output shows only the route information of the eth0 primary ENI. No routes are configured for the eth1 secondary ENI. You must perform the subsequent operations to configure routes for the secondary ENI.
The following command output shows the route information of both the eth0 primary ENI and the eth1 secondary ENI. You do not need to perform subsequent operations to configure routes for the secondary ENI. If the configured routes do not meet your requirements, you can modify the route configurations.
Run the following commands to configure the default route:
ip -4 route add default via 192.168.**.253 dev eth1 metric 1001 && \ ip -4 route add default via 192.168.**.253 dev eth1 table 1001 && \ ip -4 rule add from 192.168.**.*2 lookup 1001
NoteYou can run the preceding commands to add the default route for the eth1 secondary ENI, create a route table, and then attach a routing policy to the table. In this example, a route table named
table 1001
is created. We recommend that you keep the name of the route table the same as the metric value in the default route of the ENI.192.168.**.253
is the gateway address and192.168.*.*2
is the primary private IP address of the eth1 secondary ENI. Replace the parameter values with the actual values.Run the following commands to query the created route table and routing policy:
ip route list table 1001 && \ ip rule list
The following command output shows that the route table and routing policy are created.
Configure routes to automatically update on instance startup.
After you configure routes for the eth1 secondary ENI, you must configure the routes to automatically update on instance startup. Otherwise, the routes become invalid after the instance is restarted.
Run the following command to open the
/etc/rc.local
file:vim /etc/rc.local
Press the
I
key to enter Insert mode, add the following content, press theEsc
key to exit Insert mode, and then enter:wq
to save and close the file.ip -4 route add default via 192.168.**.253 dev eth1 metric 1001 ip -4 route add default via 192.168.**.253 dev eth1 table 1001 ip -4 rule add from 192.168.**.*2 lookup 1001
Run the following command to grant execute permissions on the
/etc/rc.local
file:sudo chmod +x /etc/rc.local
Configure routes for a secondary ENI bound to an instance that runs a CentOS 8 operating system
Run the following command to query the route information:
route -n
The following command output shows the route information of both the eth0 primary ENI and the eth1 secondary ENI.
Create a script for configuring routes.
Run the following command to create and open the
/home/route.sh
file:vi /home/route.sh
Press the
I
key to enter Insert mode, add the following content, press theEsc
key to exit Insert mode, and then enter:wq
to save and close the file.NoteThe following sample script shows how to create a route table and attach a routing policy to the route table for the eth1 secondary ENI. In this example, a route table named
table 1001
is created,192.168.**.253
is the gateway address, and192.168.*.*2
is the primary private IP address of the eth1 secondary ENI.#!/bin/bash i=0 while true; do /usr/sbin/ip -4 route add default via 192.168.**.253 dev eth1 table 1001 if [ $? -eq 0 ]; then break fi sleep 3 let i++ if [ $i -gt 10 ]; then exit -1 fi done i=0 while true; do /usr/sbin/ip -4 rule add from 192.168.**.*2 lookup 1001 if [ $? -eq 0 ]; then break fi sleep 3 let i++ if [ $i -gt 10 ]; then exit -1 fi done
Run the following command to configure the default route:
sh /home/route.sh
Run the following commands to query the created route table and routing policy:
ip route list table 1001 && \ ip rule list
A command output similar to the following one is returned.
Configure routes to automatically update on instance startup.
After you perform the preceding steps to configure routes for the eth1 secondary ENI, you must perform the following steps to configure the routes to automatically update on instance startup. Otherwise, the routes become invalid after the instance is restarted.
Run the following command to open the
/etc/rc.local
file:vim /etc/rc.local
Press the
I
key to enter Insert mode, add the following content, press theEsc
key to exit Insert mode, and then enter:wq
to save and close the file.sh /home/route.sh
Run the following command to grant execute permissions on the
/etc/rc.local
file:sudo chmod +x /etc/rc.local