All Products
Search

This Product

    Container Service for Kubernetes:Use the Terway Edge network plug-in based on ENIs of ENS

    Document Center

    Container Service for Kubernetes:Use the Terway Edge network plug-in based on ENIs of ENS

    Last Updated:Mar 14, 2025

    Terway Edge is a network plug-in provided by Container Service for Kubernetes (ACK) Edge clusters that creates an underlay network for communication. This topic describes how Terway Edge enables container communication by using the Elastic Network Interfaces (ENIs) of Edge Node Service (ENS).

    Background information

    image

    Terway Edge supports underlay container network communication in ENS by using the ENIs of the ENS network.

    Important

    Do not manually configure the private IP addresses. Terway Edge automatically assigns ENIs and their attached private IP addresses to pods.

    • In Virtual Private Cloud (VPC), Terway assigns ENIs to pods. Multiple pods share a single ENI, and pod addresses are allocated from the private IP addresses of the ENI. The pod network and Elastic Compute Service (ECS) reside on the same network plane.

    • In the edge-side ENS network, Terway assigns the ENIs of ENS to pods. Multiple pods share a single ENI, and pod addresses are allocated from the private IP addresses of the ENI. The pod network and ENS are on the same network plane.

    • Typically, internal network communication between the VPC in the central cloud and the ENS network at the edge cloud can be achieved through Edge Network Acceleration (ENA). This ensures seamless connectivity between containers and hosts across network domains.

    Usage notes

    When you configure security groups, take note of the following:

    Configuration

    Direction

    Protocol

    Port

    Authorized object

    Communication between containers

    Inbound

    All

    All

    ENS CIDR block

    Outbound

    All

    All

    ENS CIDR block

    Prerequisites

    Step 1: Bind an ENI

    You can bind an ENI through the console, or use the ENI mounting tool to purchase and bind it with one click.

    Important

    • To bind an ENI to an ENS instance, you must first shut down the ENS instance. After binding the ENI, restart the instance to apply the changes.

    • Each ENI can be allocated up to 25 private IP addresses. These private IP addresses are assigned to pods as pod IPs, allowing each ENI to support up to 25 pods.

    • The primary ENI of each ENS instance cannot assign private IP addresses to pods.

    • The maximum number of pods supported by each ENS instance is calculated by the formula: Max Pods per ENS instance = (Number of ENIs - 1) × 25.

      You can bind the necessary number of ENIs based on your requirements.

    ACK console

    Before adding the node, manually mount the ENI to the ENS instance by performing the following steps:

    1. Log on to the ENS console. In the left-side navigation pane, choose Network Management > ENIs.

    2. On the ENIs page, click Create ENI. Configure the parameters based on your requirements and click Create.

    3. Find the ENI ID of the ENI that you just created, click Associate Instance in the Actions column, select the appropriate Instance ID/Name, and click OK.

    ENI binding tool

    The following table describes the types and architectures of OS supported by the ENI binding tool:

    Tool name

    OS type

    OS architecture

    eni-tool-linux-amd64

    Linux

    amd64

    eni-tool-linux-arm64

    Linux

    arm64

    eni-tool-darwin-amd64

    Darwin

    amd64

    eni-tool-darwin-arm64

    Darwin

    arm64

    1. Download the ENI binding tool eni-tool-linux-amd64.

      To use a different version, replace eni-tool-linux-amd64 with the name of the ENI binding tool you want to use.

      wget https://alias-cn-hangzhou.oss-cn-beijing.aliyuncs.com/ens/eni-tool/eni-tool-linux-amd64; chmod +x eni-tool-linux-amd64

    2. Use a binding tool to bind an ENI to an ENS instance by running one of the following commands:

      • ./eni-tool-linux-amd64 --accessKey aliyun-ak-xxxxx --secretKey aliyun-sk-xxx --instance i-56ixxxxxxx
      • ./eni-tool-linux-amd64 --profile ./profile.json --instance i-56ixxxxxxx

        Option

        Description

        Default value

        Required

        --accessKey

        The AccessKey ID of your Alibaba Cloud account.

        N/A

        Yes

        --secretKey

        The AccessKey secret of your Alibaba Cloud account.

        N/A

        Yes

        --instance

        The ID of the ENS instance to bind the ENI with.

        N/A

        Yes

        --vswitch

        The vSwitch ID of the purchased ENI.

        The vSwitch ID of the ENS instance.

        No

        --eniNumber

        The number of ENIs purchased.

        2 (supports up to 50 pods)

        No

        --securityGroup

        The security group ID of the purchased ENI.

        The security group ID of the ENS instance.

        No

        --region

        The region ID for the ENI binding tool to access the ENS service.

        ap-southeast-1

        Yes

        --profile

        The AccessKey pair of your Alibaba Cloud account. Example of profile.json:

        {
  "AccessKey": "xxxxx",
  "SecretKey": "xxxxxxxxxxx"
}

        N/A

        No

    Step 2: Add the ENS node

    Add the ENS node to the ACK Edge cluster. For more information about the instructions, see Add an edge node.