After secondary elastic network interfaces (ENIs) are bound to Elastic Compute Service (ECS) instances, some images used by these instances may not recognize the secondary ENIs and configure routes for the secondary ENIs. If this occurs, the secondary ENIs cannot be used on the instances. This topic describes how to configure secondary ENIs from within instances to have their IP addresses recognized and how to configure routes for the secondary ENIs.
Prerequisites
- A secondary ENI is bound to an ECS instance.
- You are connected to the ECS instance. For more information, see Connection methods.
Background information
- Alibaba Cloud Linux 3.2104 64-bit
- CentOS 8.0 64-bit, CentOS 8.1 64-bit, CentOS 8.2 64-bit, and later
- CentOS 7.3 64-bit, CentOS 7.4 64-bit, and CentOS 7.5 64-bit
- CentOS 6.8 64-bit and CentOS 6.9 64-bit
- Debian 11.3 64-bit, Debian 11.4 64-bit, and later
- Windows Server 2008 R2 and later
Procedure
- Check whether the IP address of a secondary ENI bound to an instance can be recognized.
For more information, see the Check whether the IP addresses of ENIs can be recognized section of this topic. If the IP address of the secondary ENI is recognized, skip the following steps. If the IP address of the secondary ENI is not recognized, proceed with the following steps to configure the secondary ENI.
- Obtain the information of the secondary ENI.
When you configure a secondary ENI, the primary private IP address and media access control (MAC) address may be required. Prepare the information for subsequent configurations. For more information, see the Obtain the information of an ENI section of this topic.
In the examples provided in this topic, the sample values listed in the following table are used. In actual scenarios, replace them with the attribute values of your secondary ENI.Secondary ENI attribute Sample value ENI name eth1 MAC address 00:16:3e:0f:**:** Primary private IP address 192.168.**.*2 Subnet mask 255.255.255.0 Gateway address 192.168.**.253 - Configure the secondary ENI to have its IP address recognized. The operations required to configure secondary ENIs vary based on the operating systems of instances to which the secondary ENIs are bound.
Operating system References - Alibaba Cloud Linux 2 (Instances that run this operating system use the network-scripts network service)
- CentOS
- RedHat
Configure a secondary ENI for an instance that runs an Alibaba Cloud Linux 2, CentOS 6, CentOS 7, or Red Hat operating system and that uses the network-scripts network service Alibaba Cloud Linux 2 (Instances that run this operating system use the systemd-networkd network service) Note For more information, see Methods and impacts of switching the network service for instances that run Alibaba Cloud Linux 2.Configure a secondary ENI for an instance that runs an Alibaba Cloud Linux 2 operating system and that uses the systemd-networkd network service - Ubuntu
- Debian
Configure a secondary ENI for an instance that runs a Ubuntu or Debian operating system - SUSE
- OpenSUSE
Configure a secondary ENI for an instance that runs a SUSE or openSUSE operating system - Check whether routes are configured for the secondary ENI. You can run the
route -n
command to check the route information. If no routes are configured for the secondary ENI or if the existing routes do not meet your requirements, manually configure routes for the secondary ENI. The following sections provide examples on configuring routes for a secondary ENI that is bound to an instance that runs one of the following operating systems:
Check whether the IP addresses of ENIs can be recognized
ip address show
- The following command output shows that the IP address of the eth0 primary ENI is recognized but the IP address of the eth1 secondary ENI is not recognized. You can perform operations described in this topic to configure the secondary ENI.
- The following command output shows that the IP addresses of both the eth0 primary ENI and the eth1 secondary ENI are recognized. You do not need to configure the secondary ENI.
00:16:3e:16:**:**
is the MAC address of the primary ENI and 00:16:3e:0f:**:**
is the MAC address of the secondary ENI. Obtain the information of an ENI
- Obtain the information of an ENI from instance metadata.
- Obtain the MAC addresses of ENIs that are bound to an instance.
curl http://100.100.100.200/latest/meta-data/network/interfaces/macs/
Note The MAC addresses of ENIs are required to obtain the primary private IP addresses, subnet masks, and gateway addresses of the ENIs. - Obtain the primary private IP address of the specified ENI.
curl http://100.100.100.200/latest/meta-data/network/interfaces/macs/00:16:3e:19:**:**/primary-ip-address
- Obtain the subnet mask of the specified ENI.
curl http://100.100.100.200/latest/meta-data/network/interfaces/macs/00:16:3e:19:**:**/netmask
- Obtain the gateway address of the specified ENI.
curl http://100.100.100.200/latest/meta-data/network/interfaces/macs/00:16:3e:19:**:**/gateway
The following figure shows the sample command output. In the command output,00:16:3e:16:**:**
is the MAC address of the primary ENI and00:16:3e:0f:**:**
is the MAC address of the secondary ENI.Note After you run theip address show
command, you can determine which is the primary ENI and which is the secondary ENI based on the order in which the MAC addresses are displayed in the command output. - Obtain the MAC addresses of ENIs that are bound to an instance.
- Obtain the information of an ENI by using the ECS console.
- Log on to the ECS console.
- In the left-side navigation pane, choose .
- On the Network Interfaces page, find the ENIs whose information you want to query and view their primary private IP addresses and MAC addresses in the Private IP Address and Type/MAC Address(All) columns.
- Obtain the information of an ENI by running commands in Alibaba Cloud CLI to call the DescribeNetworkInterfaces operation.
aliyun ecs DescribeNetworkInterfaces \ --output cols=MacAddress,PrivateIpAddress rows=NetworkInterfaceSets.NetworkInterfaceSet[] \ --RegionId 'cn-hangzhou' \ --InstanceId 'i-bp1a5gj0bzhwz7q****'
The following figure shows the sample command output. In the command output,00:16:3e:16:**:**
is the MAC address of the primary ENI and00:16:3e:0f:**:**
is the MAC address of the secondary ENI.Note After you run theip address show
command, you can determine which is the primary ENI and which is the secondary ENI based on the order in which the MAC addresses are displayed in the command output.
Configure a secondary ENI for an instance that runs an Alibaba Cloud Linux 2, CentOS 6, CentOS 7, or Red Hat operating system and that uses the network-scripts network service
- Use the multi-nic-util tool to have a secondary ENI automatically configured.Note If you want to use the multi-nic-util tool to have secondary ENIs automatically configured for CentOS instances, note that the multi-nic-util tool is supported only on some versions of CentOS images. If your instance uses a CentOS 6 image, make sure that the instance uses CentOS 6.8 or later. If your instance uses a CentOS 7 image, make sure that the instance uses CentOS 7.3 or later. If the multi-nic-util tool is not supported on the image version that your instance uses, you must manually modify the configuration files of secondary ENIs to configure the secondary ENIs.
- Download and install the multi-nic-util tool.
wget https://image-offline.oss-cn-hangzhou.aliyuncs.com/multi-nic-util/multi-nic-util-0.6.tgz && \ tar -zxvf multi-nic-util-0.6.tgz && \ cd multi-nic-util-0.6 && \ bash install.sh
- Restart the ENI service.
systemctl restart eni.service
- Download and install the multi-nic-util tool.
- Manually modify the configuration file of a secondary ENI to configure the secondary ENI.
- Open the configuration file of the secondary ENI.
vi /etc/sysconfig/network-scripts/ifcfg-eth1
- Add the information of the secondary ENI to the configuration file. Then, save and close the configuration file. The following section provides an example of the ENI information to add to the configuration file:
DEVICE=eth1 # Specify the ENI that you want to configure. BOOTPROTO=dhcp ONBOOT=yes TYPE=Ethernet USERCTL=yes PEERDNS=no IPV6INIT=no PERSISTENT_DHCLIENT=yes HWADDR=00:16:3e:0f:**:** # Use the obtained MAC address of the ENI. DEFROUTE=no # Specify that the ENI is not the default route. To prevent the default route of the ECS instance from being changed when you run the ifup command to start the secondary ENI, do not set eth1 as the default route.
- Restart the network service.
- Versions earlier than CentOS 7, such as CentOS 6:
service network restart
- CentOS 7 or later and Alibaba Cloud Linux 2:
systemctl restart network
- Versions earlier than CentOS 7, such as CentOS 6:
- Open the configuration file of the secondary ENI.
- After you configure the secondary ENI, you can configure routes for the ENI. For more information, see the Configure routes for a secondary ENI that is bound to an instance that runs an Alibaba Cloud Linux 2 or CentOS 7 operating system section of this topic.
- If you want to create custom images from the instance whose ENIs are configured, you must first run the /etc/eni_utils/eni-cleanup command to remove network configurations from /etc/udev/rules.d/70-persistent-net.rules and /etc/sysconfig/network-scripts/.
Configure a secondary ENI for an instance that runs an Alibaba Cloud Linux 2 operating system and that uses the systemd-networkd network service
If your instance runs an Alibaba Cloud Linux 2 operating system and uses the systemd-networkd network service, you must manually modify the ENI configuration file to configure an ENI.
- Open the configuration file of the secondary ENI.
vi /etc/systemd/network/60-eth1.network
- Add the information of the secondary ENI to the configuration file. Then, save and close the configuration file. You can assign a dynamic or static IP address to the secondary ENI. You can use one of the following methods based on your requirements. The following section provides an example of the ENI information to add to the configuration file:
- Assign a dynamic IP address to the secondary ENI by using the Dynamic Host Configuration Protocol (DHCP).
[Match] Name=eth1 # Specify the ENI that you want to configure. [Network] DHCP=yes [DHCP] UseDNS=yes
- Assign a static IP address to the secondary ENI.
[Match] Name=eth1 # Specify the ENI that you want to configure. [Network] Address=192.168.**.*2/24 # Specify the static IP address and subnet mask to be assigned.
Note In the preceding example,192.168.**.*2
is the primary private IP address and the/24
subnet mask is255.255.255.0
.
- Assign a dynamic IP address to the secondary ENI by using the Dynamic Host Configuration Protocol (DHCP).
- Restart the network service.
systemctl restart systemd-networkd
Configure a secondary ENI for an instance that runs a Ubuntu or Debian operating system
- Perform the following operations on an instance that runs Ubuntu 14.04, Ubuntu 16.04, or Debian:
- Open the ENI configuration file.
vi /etc/network/interfaces
- Add the information of the secondary ENI to the configuration file. Then, save and close the configuration file. Example of the ENI information to add to the configuration file:
auto eth0 iface eth0 inet dhcp auto eth1 # Specify the ENI that you want to configure. iface eth1 inet dhcp
Note The eth0 primary ENI is configured in the same configuration file as the eth1 secondary ENI. You must add the information of the primary ENI to the configuration file. - Restart the network service.
- Versions earlier than Ubuntu 16.04, such as Ubuntu 14.04:
service networking restart
- Ubuntu 16.04 and Debian:
systemctl restart networking
The configurations of the secondary ENI take effect regardless of whether the following alert notification appears. You can run theip address show
command to check whether the IP address of the secondary ENI can be recognized. - Versions earlier than Ubuntu 16.04, such as Ubuntu 14.04:
- Open the ENI configuration file.
- Perform the following operations on an instance that runs Ubuntu 18.04:
- Open the configuration file of a secondary ENI.
vi /etc/netplan/eth1-netcfg.yaml
- Add the information of the secondary ENI to the configuration file. Then, save and close the configuration file. Note When you modify the configuration file, take note of the following items:
- The configuration file is in the
YAML
format. Follow theYAML
syntax rules when you configure the file. - Tabs cannot be used for indentation in
YAML
files. Use spaces instead. - We recommend that you copy information from the default /etc/netplan/99-netcfg.yaml configuration file to prevent format issues.
Example of the ENI information to add to the configuration file:network: version: 2 renderer: networkd ethernets: eth1: dhcp4: yes dhcp6: no
- The configuration file is in the
- Apply the added configurations.
netplan apply
- Open the configuration file of a secondary ENI.
Configure a secondary ENI for an instance that runs a SUSE or openSUSE operating system
If your instance run a SUSE or openSUSE operating system, you must manually modify the ENI configuration file to configure the secondary ENI.
- Open the configuration file of the secondary ENI.
vi /etc/sysconfig/network/ifcfg-eth1
- Add the information of the secondary ENI to the configuration file. Then, save and close the configuration file. In the following example, a dynamic IP address is assigned to the secondary ENI by using DHCP.
BOOTPROTO='dhcp4' STARTMODE='auto' USERCONTROL='no'
- Restart the network service.
- Versions earlier than SUSE Linux Enterprise Server 12:
service network restart
- SUSE Linux Enterprise Server 12 or later:
systemctl restart network
- Versions earlier than SUSE Linux Enterprise Server 12:
Configure routes for a secondary ENI that is bound to an instance that runs an Alibaba Cloud Linux 2 or CentOS 7 operating system
If you manually configure secondary ENIs but do not configure routes for the secondary ENIs or if routes configured by the multi-nic-util tool do not meet your requirements, perform the following steps to configure routes:
- View the route information.
route -n
Sample command outputs:- The following command output shows only the route information of the eth0 primary ENI, which indicates that no routes are configured for the eth1 secondary ENI.
- The following command output shows the route information of both the eth0 primary ENI and the eth1 secondary ENI. If the configured routes do not meet your requirements, you can modify the route configurations.
- The following command output shows only the route information of the eth0 primary ENI, which indicates that no routes are configured for the eth1 secondary ENI.
- Plan the default route based on your requirements. In this example, the sample values listed in the following table are used.
Secondary ENI attribute Sample value ENI name eth1 Primary private IP address 192.168.**.*2 Gateway address 192.168.**.253 metric 1001 - Configure the default route. You can run the following commands to add the default route for the eth1 secondary ENI, create a route table, and then attach a routing policy to the table. In this example, table 1001 is created as the route table. We recommend that you keep the name of the route table the same as the metric value in the default route of the ENI. 192.168.**.253 is the gateway address and 192.168.*.*2 is the primary private IP address of the eth1 secondary ENI.
ip -4 route add default via 192.168.**.253 dev eth1 metric 1001 && \ ip -4 route add default via 192.168.**.253 dev eth1 table 1001 && \ ip -4 rule add from 192.168.**.*2 lookup 1001
- View the created route table and routing policy.
ip route list table 1001 && \ ip rule list
The following figure shows that the route table and routing policy are created. - Configure routes to automatically update on instance startup. After you perform the preceding steps to configure routes for the eth1 secondary ENI, you must perform the following steps to configure the routes to automatically update on instance startup. Otherwise, the routes become invalid after the instance is restarted.
Configure routes for a secondary ENI that is bound to an instance that runs a CentOS 8 operating system
If routes configured by the system do not meet your requirements, perform the following steps to configure routes:
- View the route information.
route -n
The following figure shows the route information of both the eth0 primary ENI and the eth1 secondary ENI. If the configured routes do not meet your requirements, you can modify the route configurations. - Plan the default route based on your requirements. In this example, the sample values listed in the following table are used.
Secondary ENI attribute Sample value ENI name eth1 Primary private IP address 192.168.**.*2 Gateway address 192.168.**.253 table 1001 - Create a script for configuring routes.
- Configure the default route.
sh /home/route.sh
- View the created route table and routing policy.
ip route list table 1001 && \ ip rule list
The following figure shows that the route table and routing policy are created. - Configure routes to be automatically updated on instance startup. After you perform the preceding steps to configure routes for the eth1 secondary ENI, perform the following steps to configure the routes to be automatically updated on instance startup. Otherwise, the routes become invalid after the instance is restarted.