This topic describes how to set the cut-through mode. In this mode, the EIP replaces the private IP address of the ENI and the ENI becomes a pure Internet network interface. You can see the EIP in the network interface information of the operating system.


Before you set the cut-through mode, make sure that the following conditions are met:
  • The network type of the secondary ENI must be a VPC.
  • The secondary ENI and the EIP instance must be in the same region.
  • The secondary ENI is not associated with any ECS instance.

    If the secondary ENI is already associated with an ECS instance, please disassociate first. Associate the secondary ENI with the ECS instance after you set the cut-through mode. For more information, see Detach an ENI from an instance.

  • A secondary ENI can only be associated with one EIP.

Background information

EIPs are a type of NAT IP address. Because the public IP address in the NAT mode exists in the NAT Gateway and is not on the network interface of the ECS instance, you cannot see the public IP address in the operating system and can only see the private IP address. This complicates the operation and maintenance, and the relationship between network interfaces/servers and public IP addresses must be maintained manually. Additionally, when an EIP is deployed as a NAT ALG (NAT application layer gateway), protocols such as H.323, SIP, DNS, and RTSP are not supported.

The Cut-Through Mode makes the EIP visible on the network interface and solves the preceding problems. In the cut-through mode:
  • The EIP replaces the private IP address of the ENI. The ENI becomes a pure Internet network interface and its intranet functions are not available any more.
  • You can see the EIP in the ENI of the operating system, and directly obtain the public IP address on the ENI by running the ifconfig or ipconfig command.
  • The EIP supports all IP protocol types, including FTP, H.323, SIP, DNS, RTSP, and TFTP.


  1. Log on to the VPC console.
  2. In the left-side navigation pane, choose Elastic IP Addresses.
  3. Select the region of the target EIP.
    Note Currently, the cut-through mode is supported only in the China (Zhangjiakou), China (Shenzhen), China (Hohhot), Germany (Frankfurt), and US (Virginia) regions.
  4. On the Elastic IP Addresses page, find the target EIP and click Bind in the Actions column.
  5. On the Bind Elastic IP Address page, complete the following configurations, and then click OK.
    Configuration Required? Description
    Instance Type Yes Select Secondary ENI.
    Resource Group No Select the resource group to which the EIP belongs.
    Mode No Select Cut-Through Mode.
    Secondary ENI Yes Select the secondary ENI to be associated with the EIP.
    Notice Make sure that the selected secondary ENI is not associated with any ECS instance.
    Bind Elastic IP Address
  6. Return to the EIP list page and click the ID of the associated ENI.
    View the ENI associated with the EIP.
  7. On the network interface list page, find the target ENI and click Bind to Instance to associate the ENI with an ECS instance.
    • The number of ENIs that can be associated with an ECS instance varies according to the specification of the ECS instance. For more information, see Instance families.
    • After you associate the secondary ENI with the ECS instance, you must enable the DHCP function of the secondary ENI and restart networking service to make the cut-through mode effective.
    • After the cut-through mode is set, the ECS instance automatically generates a route entry with the secondary ENI as the exit interface. The priority of this route entry is lower than that of the route with the primary ENI as the exit interface. Therefore, you must adjust the priority of these entries if the preceding does not fit your service requirements.
  8. Log on to the ECS instance by using the associated EIP and check the network configurations of the ECS instance.
    Note Make sure that the security group rules of the ECS instance allow remote access.
    You can see that the local IP address of the ECS instance has changed to the associated EIP.View the EIP of the ECS instance