After secondary elastic network interfaces (ENIs) are bound to Elastic Compute Service (ECS) instances, some images used by the instances may not recognize the IP addresses of the secondary ENIs and configure routes for the secondary ENIs. If this issue occurs, the secondary ENIs cannot be used as expected on the instances. To resolve this issue, we recommend that you configure secondary ENIs from within instances to have their IP addresses recognized as described in this topic. You can also configure routes for the secondary ENIs based on your business requirements to better manage and control network traffic.
Prerequisites
A secondary ENI is bound to an ECS instance. For more information, see Bind a secondary ENI.
Step 1: Check whether you need to configure a secondary ENI
To determine whether you need to configure a secondary ENI that is bound to an ECS instance, check whether the IP addresses of the secondary ENI are recognized or check the type of the image used by the instance.
Connect to the Linux instance.
For more information, see Connect to a Linux instance by using a password or key.
Run the following command to check whether the IP addresses of the secondary ENI are recognized:
ip address show
Determine whether you need to configure the secondary ENI based on the returned result.
Scenario 1: The IP addresses of both the eth0 primary ENI and the eth1 secondary ENI are recognized. You do not need to configure the secondary ENI.
Sample command output:
Scenario 2: The IP address of the eth0 primary ENI is recognized but the IP address of the eth1 secondary ENI is not recognized. You can perform the operations described in this topic to configure the secondary ENI.
Sample command output:
In the preceding command outputs, 00:16:3e:16:**:**
is the media access control (MAC) address of the primary ENI and 00:16:3e:0f:**:**
is the MAC address of the secondary ENI.
(Optional) Step 2: Obtain the information of the secondary ENI
When you configure a secondary ENI, the primary private IP address and MAC address may be required. Prepare the information for subsequent configurations.
Sample values are used in the following operations. In actual scenarios, replace them with the attribute values of your secondary ENI.
(Recommended) Obtain information about the secondary ENI in the ECS console
Log on to the ECS console.
In the left-side navigation pane, choose
.In the top navigation bar, select the region and resource group to which the resource belongs.
On the Elastic Network Interfaces page, find the secondary ENI whose information you want to obtain and view the primary private IP address and MAC address in the IP Address and MAC Address columns.
Obtain information about the secondary ENI from instance metadata
Connect to the Linux ECS instance.
For more information, see Connect to a Linux instance by using a password or key.
Run the following commands in sequence to obtain the information of the secondary ENI.
Obtain the MAC addresses of all ENIs that are bound to the Linux instance.
curl http://100.100.100.200/latest/meta-data/network/interfaces/macs/
NoteThe MAC addresses of the ENIs are required to obtain the primary private IP addresses, subnet masks, and gateway addresses of the ENIs.
Obtain the primary private IP address of a specific ENI.
curl http://100.100.100.200/latest/meta-data/network/interfaces/macs/00:16:3e:19:**:**/primary-ip-address
Obtain the subnet mask of a specific ENI.
curl http://100.100.100.200/latest/meta-data/network/interfaces/macs/00:16:3e:19:**:**/netmask
Obtain the gateway address of a specific ENI.
curl http://100.100.100.200/latest/meta-data/network/interfaces/macs/00:16:3e:19:**:**/gateway
The following figure shows a sample command output. In the sample command output, 00:16:3e:16:**:**
is the MAC address of the primary ENI and 00:16:3e:0f:**:**
is the MAC address of the secondary ENI.
After you run the ip address show
command, you can identify the primary ENI and the secondary ENI based on the order in which the MAC addresses are displayed in the command output.
Step 3: Configure the secondary ENI
The operations required to configure secondary ENIs vary based on the operating systems of instances to which the secondary ENIs are bound.
Alibaba Cloud Linux 2, CentOS 6, CentOS 7, or Red Hat
If the instance runs Alibaba Cloud Linux 2, CentOS 6, CentOS 7, or Red Hat, you can use the multi-nic-util tool to automatically configure or modify the configurations of ENIs that are bound to the instance.
If you use the multi-nic-util tool, the original network configurations of the ECS instance may be overwritten. Proceed with caution.
We recommend that you do not use the multi-nic-util tool in Docker or other containerized environments.
For CentOS instances, you can use the multi-nic-util tool to configure secondary ENIs only if the instances use CentOS image versions that support the tool. The following CentOS image versions support the multi-nic-util tool:
CentOS 6 images: CentOS 6.8 or later
CentOS 7 images: CentOS 7.3 or later
If the CentOS instances use CentOS image versions that do not support the multi-nic-util tool, modify the configuration files of secondary ENIs to configure the secondary ENIs on the instances.
(Recommended) Method 1: Use the multi-nic-util tool to configure a secondary ENI
Run the following commands to download and install the multi-nic-util tool:
Run the following command to restart the ENI service:
sudo systemctl restart eni.service
wget https://image-offline.oss-cn-hangzhou.aliyuncs.com/multi-nic-util/multi-nic-util-0.6.tgz && \
tar -zxvf multi-nic-util-0.6.tgz && \
cd multi-nic-util-0.6 && \
bash install.sh
Method 2: Modify the configuration file of a secondary ENI to configure the secondary ENI
Run the following command to open the configuration file of the secondary ENI:
Press the
I
key to enter Insert mode and add the information about the secondary ENI to the configuration file. Press theEsc
key to exit Insert mode and enter:wq
to save and close the configuration file.Sample information about the secondary ENI:
DEVICE=eth1 # Specify the name of the ENI that you want to configure. BOOTPROTO=dhcp ONBOOT=yes TYPE=Ethernet USERCTL=yes PEERDNS=no IPV6INIT=no PERSISTENT_DHCLIENT=yes HWADDR=00:16:3e:0f:**:** # Specify the MAC address of the ENI that you obtained. DEFROUTE=no # Indicates that the ENI is not used for the default route. To prevent the default route of the instance from being changed when you run the ifup command to start the secondary ENI, do not specify eth1 information as the default route.
Run one of the following commands to restart the network service:
Versions earlier than CentOS 7 and Red Hat 7, such as CentOS 6 and Red Hat 6:
sudo service network restart
CentOS 7 or later, RedHat 7 or later, and Alibaba Cloud Linux 2:
vi /etc/sysconfig/network-scripts/ifcfg-eth1
sudo systemctl restart network
Before you create a custom image from the instance whose ENIs are configured, run the /etc/eni_utils/eni-cleanup
command to remove network configurations from the /etc/udev/rules.d/70-persistent-net.rules
and /etc/sysconfig/network-scripts/
files.
Ubuntu or Debian
If the instance runs Ubuntu or Debian, modify the configuration file of the secondary ENI based on the image version.
Ubuntu 14.04, Ubuntu 16.04, and Debian
Run the following command to open the configuration file of the secondary ENI:
vi /etc/network/interfaces
Press the
I
key to enter Insert mode and add information about the secondary ENI to the configuration file. Then press theEsc
key to exit Insert mode and enter:wq
to save and close the configuration file.Sample information about the secondary ENI:
auto eth0 iface eth0 inet dhcp auto eth1 # Specify the name of the ENI that you want to configure. iface eth1 inet dhcp
NoteThe eth0 primary ENI is configured in the same configuration file in which the eth1 secondary ENI is configured. You must add information about the primary ENI to the configuration file.
Run one of the following commands to restart the network service:
Ubuntu 14.04:
sudo service networking restart
Ubuntu 16.04 and Debian:
sudo systemctl restart networking
The configurations of the secondary ENI take effect regardless of whether the following alert notification appears. You can run the
ip address show
command to check whether the IP address of the secondary ENI is recognized.
Ubuntu 18.04, 20.04, and 22.04
Run the following command to open the configuration file of the secondary ENI:
Press the
I
key to enter Insert mode and add information about the secondary ENI to the configuration file. Press theEsc
key to exit Insert mode and enter:wq
to save and close the configuration file.NoteWhen you modify the configuration file, take note of the following items:
The configuration file is in the
YAML
format. Follow theYAML
syntax rules when you modify the configuration file.Use spaces for indentation in
YAML
files. Tabs are not supported.To prevent formatting issues, we recommend that you copy information from the default
/etc/netplan/99-netcfg.yaml
configuration file.
Sample information about the secondary ENI:
network: version: 2 renderer: networkd ethernets: eth1: dhcp4: yes dhcp6: no
Run the following command for the changes to the configuration file to take effect:
vi /etc/netplan/eth1-netcfg.yaml
netplan apply
SUSE or openSUSE
If your instance runs SUSE or openSUSE, you must modify the configuration file of the secondary ENI.
Run the following command to open the configuration file of the secondary ENI:
vi /etc/sysconfig/network/ifcfg-eth1
Press the
I
key to enter Insert mode and add information about the secondary ENI to the configuration file. Press theEsc
key to exit Insert mode and enter:wq
to save and close the configuration file.In the following example, the IP address assignment method is set to Dynamic Host Configuration Protocol (DHCP):
BOOTPROTO='dhcp4' STARTMODE='auto' USERCONTROL='no'
Run one of the following commands to restart the network service:
Versions earlier than SUSE Linux Enterprise Server 12 and openSUSE 13.2:
sudo service network restart
SUSE Linux Enterprise Server 12 or later, and openSUSE 13.2 or later:
sudo systemctl restart network
(Conditionally required) Step 4: Configure routes
You can run the route -n
command to query the current route information. If no routes are configured for the secondary ENI or if the existing routes do not meet your business requirements, you can configure route tables and rules for the secondary ENI as described in this topic. The route tables and rules help implement routing policies to forward traffic by using specific gateways. This allows you to control and manage network traffic in a finer-grained manner.
Plan the default route based on your requirements. In this example, the sample values listed in the following table are used.
Secondary ENI attribute | Sample value |
ENI name | eth1 |
Primary private IP address | 192.168.**.*2 |
Gateway address | 192.168.**.253 |
metric | 1001 |
Configure routes for a secondary ENI on an instance that runs Alibaba Cloud Linux 2 or CentOS 7
Run the following command to query the route information:
route -n
Sample command outputs:
The following command output contains only the route information of the eth0 primary ENI. No routes are configured for the eth1 secondary ENI. You must perform subsequent operations to configure routes for the secondary ENI.
The following command output contains the route information of the eth0 primary ENI and the eth1 secondary ENI. You do not need to perform subsequent operations to configure routes for the secondary ENI. If the configured routes do not meet your business requirements, you can modify the route configurations.
Run the following commands to configure the default route:
ip -4 route add default via 192.168.**.253 dev eth1 metric 1001 && \ ip -4 route add default via 192.168.**.253 dev eth1 table 1001 && \ ip -4 rule add from 192.168.**.*2 lookup 1001
NoteYou can run the preceding commands to configure the default route for the eth1 secondary ENI, create a route table, and then attach a routing policy to the table. In this example, a route table named
table 1001
is created. We recommend that the name of the route table is the same as the metric value in the default route of the ENI.192.168.**.253
is the gateway address and192.168.*.*2
is the primary private IP address of the eth1 secondary ENI. Replace the parameter values with actual values.Run the following commands to query the created route table and routing policy:
ip route list table 1001 && \ ip rule list
The following command output indicates that the route table and routing policy are created.
Configure routes to automatically update on instance startup.
After you configure routes for the eth1 secondary ENI, you must configure the routes to automatically update on instance startup. Otherwise, the routes become invalid when the instance is restarted.
Run the following command to open the
/etc/rc.local
file:vim /etc/rc.local
Press the
I
key to enter Insert mode, add the following content, press theEsc
key to exit Insert mode, and then enter:wq
to save and close the file.ip -4 route add default via 192.168.**.253 dev eth1 metric 1001 ip -4 route add default via 192.168.**.253 dev eth1 table 1001 ip -4 rule add from 192.168.**.*2 lookup 1001
Run the following command to grant execute permissions on the
/etc/rc.local
file:sudo chmod +x /etc/rc.local
Configure routes for a secondary ENI on an instance that runs CentOS 8
Run the following command to query the route information:
route -n
The following command output contains the route information of the eth0 primary ENI and the eth1 secondary ENI.
Create a script that is used to configure routes.
Run the following command to create and open the
/home/route.sh
file:vi /home/route.sh
Press the
I
key to enter Insert mode, add the following content, press theEsc
key to exit Insert mode, and then enter:wq
to save and close the file.NoteThe following sample script provides an example on how to create a route table and attach a routing policy to the route table for the eth1 secondary ENI. In this example, a route table named
table 1001
is created,192.168.**.253
is the gateway address, and192.168.*.*2
is the primary private IP address of the eth1 secondary ENI.#!/bin/bash i=0 while true; do /usr/sbin/ip -4 route add default via 192.168.**.253 dev eth1 table 1001 if [ $? -eq 0 ]; then break fi sleep 3 let i++ if [ $i -gt 10 ]; then exit -1 fi done i=0 while true; do /usr/sbin/ip -4 rule add from 192.168.**.*2 lookup 1001 if [ $? -eq 0 ]; then break fi sleep 3 let i++ if [ $i -gt 10 ]; then exit -1 fi done
Run the following command to configure the default route:
sh /home/route.sh
Run the following commands to query the created route table and routing policy:
ip route list table 1001 && \ ip rule list
The following figure shows a sample command output.
Configure routes to automatically update on instance startup.
After you perform the preceding steps to configure routes for the eth1 secondary ENI, you must perform the following steps to configure the routes to automatically update on instance startup. Otherwise, the routes become invalid after the instance is restarted.
Run the following command to open the
/etc/rc.local
file:vim /etc/rc.local
Press the
I
key to enter Insert mode, add the following content, press theEsc
key to exit Insert mode, and then enter:wq
to save and close the file.sh /home/route.sh
Run the following command to grant execute permissions on the
/etc/rc.local
file:sudo chmod +x /etc/rc.local