Configure a secondary ENI - Elastic Compute Service - Alibaba Cloud Documentation Center

After secondary elastic network interfaces (ENIs) are bound to Elastic Compute Service (ECS) instances, some images used by these instances may not recognize the secondary ENIs and configure routes for the secondary ENIs. If this occurs, the secondary ENIs cannot be used on the instances. This topic describes how to configure secondary ENIs from within instances to have their IP addresses recognized and how to configure routes for the secondary ENIs.

Prerequisites

A secondary ENI is bound to an ECS instance.
You are connected to the ECS instance. For more information, see Connection methods.

Background information

If automatic configuration tools are pre-installed in images that instances use, secondary ENIs that are bound to the instances can be automatically configured by the tools. You can use the secondary ENIs without the need to manually configure them. Examples of images in which automatic configuration tools are pre-installed:

Alibaba Cloud Linux 3.2104 64-bit
CentOS 8.0 64-bit, CentOS 8.1 64-bit, CentOS 8.2 64-bit, and later
CentOS 7.3 64-bit, CentOS 7.4 64-bit, and CentOS 7.5 64-bit
CentOS 6.8 64-bit and CentOS 6.9 64-bit
Debian 11.3 64-bit, Debian 11.4 64-bit, and later
Windows Server 2008 R2 and later

Procedure

Check whether the IP address of a secondary ENI bound to an instance can be recognized.
For more information, see the Check whether the IP addresses of ENIs can be recognized section of this topic. If the IP address of the secondary ENI is recognized, skip the following steps. If the IP address of the secondary ENI is not recognized, proceed with the following steps to configure the secondary ENI.
Obtain the information of the secondary ENI.
When you configure a secondary ENI, the primary private IP address and media access control (MAC) address may be required. Prepare the information for subsequent configurations. For more information, see the Obtain the information of an ENI section of this topic.
In the examples provided in this topic, the sample values listed in the following table are used. In actual scenarios, replace them with the attribute values of your secondary ENI.
Secondary ENI attribute Sample value
ENI name eth1
MAC address 00:16:3e:0f:**:**
Primary private IP address 192.168.**.*2
Subnet mask 255.255.255.0
Gateway address 192.168.**.253

Secondary ENI attribute	Sample value
ENI name	eth1
MAC address	00:16:3e:0f::
Primary private IP address	192.168.*.2
Subnet mask	255.255.255.0
Gateway address	192.168.**.253

Configure the secondary ENI to have its IP address recognized.

The operations required to configure secondary ENIs vary based on the operating systems of instances to which the secondary ENIs are bound.


Operating system	References
Alibaba Cloud Linux 2 (Instances that run this operating system use the network-scripts network service) CentOS RedHat	Configure a secondary ENI for an instance that runs an Alibaba Cloud Linux 2, CentOS 6, CentOS 7, or Red Hat operating system and that uses the network-scripts network service
Alibaba Cloud Linux 2 (Instances that run this operating system use the systemd-networkd network service) Note For more information, see Methods and impacts of switching the network service for instances that run Alibaba Cloud Linux 2.	Configure a secondary ENI for an instance that runs an Alibaba Cloud Linux 2 operating system and that uses the systemd-networkd network service
Ubuntu Debian	Configure a secondary ENI for an instance that runs a Ubuntu or Debian operating system
SUSE OpenSUSE	Configure a secondary ENI for an instance that runs a SUSE or openSUSE operating system

Check whether routes are configured for the secondary ENI.
You can run the route -n command to check the route information. If no routes are configured for the secondary ENI or if the existing routes do not meet your requirements, manually configure routes for the secondary ENI. The following sections provide examples on configuring routes for a secondary ENI that is bound to an instance that runs one of the following operating systems:
- Configure routes for a secondary ENI that is bound to an instance that runs an Alibaba Cloud Linux 2 or CentOS 7 operating system
- Configure routes for a secondary ENI that is bound to an instance that runs a CentOS 8 operating system

Check whether the IP addresses of ENIs can be recognized

Run the following command to check whether the IP addresses of ENIs can be recognized:

ip address show

Sample command outputs:

The following command output shows that the IP address of the eth0 primary ENI is recognized but the IP address of the eth1 secondary ENI is not recognized. You can perform operations described in this topic to configure the secondary ENI.
The following command output shows that the IP addresses of both the eth0 primary ENI and the eth1 secondary ENI are recognized. You do not need to configure the secondary ENI.

Note In the preceding command outputs, 00:16:3e:16:**:** is the MAC address of the primary ENI and 00:16:3e:0f:**:** is the MAC address of the secondary ENI.

Obtain the information of an ENI

You can obtain the information of an ENI from instance metadata, by using the ECS console, or by calling an API operation. You can use one of the following methods to obtain the information of an ENI:

Obtain the information of an ENI from instance metadata.
- Obtain the MAC addresses of ENIs that are bound to an instance.
```
curl http://100.100.100.200/latest/meta-data/network/interfaces/macs/
```
  Note The MAC addresses of ENIs are required to obtain the primary private IP addresses, subnet masks, and gateway addresses of the ENIs.
- Obtain the primary private IP address of the specified ENI.
```
curl http://100.100.100.200/latest/meta-data/network/interfaces/macs/00:16:3e:19:**:**/primary-ip-address
```
- Obtain the subnet mask of the specified ENI.
```
curl http://100.100.100.200/latest/meta-data/network/interfaces/macs/00:16:3e:19:**:**/netmask
```
- Obtain the gateway address of the specified ENI.
```
curl http://100.100.100.200/latest/meta-data/network/interfaces/macs/00:16:3e:19:**:**/gateway
```
The following figure shows the sample command output. In the command output, 00:16:3e:16:**:** is the MAC address of the primary ENI and 00:16:3e:0f:**:** is the MAC address of the secondary ENI.
Note After you run the ip address show command, you can determine which is the primary ENI and which is the secondary ENI based on the order in which the MAC addresses are displayed in the command output.
Obtain the information of an ENI by using the ECS console.
1. Log on to the ECS console.
2. In the left-side navigation pane, choose Network & Security > ENIs.
3. On the Network Interfaces page, find the ENIs whose information you want to query and view their primary private IP addresses and MAC addresses in the Private IP Address and Type/MAC Address(All) columns.
Obtain the information of an ENI by running commands in Alibaba Cloud CLI to call the DescribeNetworkInterfaces operation.
```
aliyun ecs DescribeNetworkInterfaces \
--output cols=MacAddress,PrivateIpAddress rows=NetworkInterfaceSets.NetworkInterfaceSet[] \
--RegionId 'cn-hangzhou' \
--InstanceId 'i-bp1a5gj0bzhwz7q****'
```
The following figure shows the sample command output. In the command output, 00:16:3e:16:**:** is the MAC address of the primary ENI and 00:16:3e:0f:**:** is the MAC address of the secondary ENI.
Note After you run the ip address show command, you can determine which is the primary ENI and which is the secondary ENI based on the order in which the MAC addresses are displayed in the command output.

Configure a secondary ENI for an instance that runs an Alibaba Cloud Linux 2, CentOS 6, CentOS 7, or Red Hat operating system and that uses the network-scripts network service

If your instance runs an Alibaba Cloud Linux 2, CentOS 6, CentOS 7, or Red Hat operating system and uses the network-scripts network service, you can use the multi-nic-util tool to have ENIs bound to the instance automatically configured. You can also manually modify the ENI configuration files to configure the ENIs.

Use the multi-nic-util tool to have a secondary ENI automatically configured.
Note If you want to use the multi-nic-util tool to have secondary ENIs automatically configured for CentOS instances, note that the multi-nic-util tool is supported only on some versions of CentOS images. If your instance uses a CentOS 6 image, make sure that the instance uses CentOS 6.8 or later. If your instance uses a CentOS 7 image, make sure that the instance uses CentOS 7.3 or later. If the multi-nic-util tool is not supported on the image version that your instance uses, you must manually modify the configuration files of secondary ENIs to configure the secondary ENIs.
1. Download and install the multi-nic-util tool.
```
wget https://image-offline.oss-cn-hangzhou.aliyuncs.com/multi-nic-util/multi-nic-util-0.6.tgz && \
tar -zxvf multi-nic-util-0.6.tgz && \
cd multi-nic-util-0.6 && \
bash install.sh
```
2. Restart the ENI service.
```
systemctl restart eni.service
```

Manually modify the configuration file of a secondary ENI to configure the secondary ENI.

Open the configuration file of the secondary ENI.
```
vi /etc/sysconfig/network-scripts/ifcfg-eth1
```

Add the information of the secondary ENI to the configuration file. Then, save and close the configuration file.

The following section provides an example of the ENI information to add to the configuration file:

DEVICE=eth1  # Specify the ENI that you want to configure. 
BOOTPROTO=dhcp
ONBOOT=yes
TYPE=Ethernet
USERCTL=yes
PEERDNS=no
IPV6INIT=no
PERSISTENT_DHCLIENT=yes
HWADDR=00:16:3e:0f:**:**  # Use the obtained MAC address of the ENI. 
DEFROUTE=no  # Specify that the ENI is not the default route. To prevent the default route of the ECS instance from being changed when you run the ifup command to start the secondary ENI, do not set eth1 as the default route.

Restart the network service.
- Versions earlier than CentOS 7, such as CentOS 6:
```
service network restart
```
- CentOS 7 or later and Alibaba Cloud Linux 2:
```
systemctl restart network
```

Note

After you configure the secondary ENI, you can configure routes for the ENI. For more information, see the Configure routes for a secondary ENI that is bound to an instance that runs an Alibaba Cloud Linux 2 or CentOS 7 operating system section of this topic.
If you want to create custom images from the instance whose ENIs are configured, you must first run the /etc/eni_utils/eni-cleanup command to remove network configurations from /etc/udev/rules.d/70-persistent-net.rules and /etc/sysconfig/network-scripts/.

Configure a secondary ENI for an instance that runs an Alibaba Cloud Linux 2 operating system and that uses the systemd-networkd network service

If your instance runs an Alibaba Cloud Linux 2 operating system and uses the systemd-networkd network service, you must manually modify the ENI configuration file to configure an ENI.

Open the configuration file of the secondary ENI.
```
vi /etc/systemd/network/60-eth1.network
```
Add the information of the secondary ENI to the configuration file. Then, save and close the configuration file.
You can assign a dynamic or static IP address to the secondary ENI. You can use one of the following methods based on your requirements. The following section provides an example of the ENI information to add to the configuration file:
- Assign a dynamic IP address to the secondary ENI by using the Dynamic Host Configuration Protocol (DHCP).
```
[Match]
Name=eth1 # Specify the ENI that you want to configure. 

[Network]
DHCP=yes

[DHCP]
UseDNS=yes
```
- Assign a static IP address to the secondary ENI.
```
[Match]
Name=eth1 # Specify the ENI that you want to configure. 

[Network]
Address=192.168.**.*2/24 # Specify the static IP address and subnet mask to be assigned. 
```
  Note In the preceding example, 192.168.**.*2 is the primary private IP address and the /24 subnet mask is 255.255.255.0.
Restart the network service.
```
systemctl restart systemd-networkd
```

Configure a secondary ENI for an instance that runs a Ubuntu or Debian operating system

If your instance runs a Ubuntu or Debian operating system, you must modify the configuration file of the secondary ENI based on the image version.

Perform the following operations on an instance that runs Ubuntu 14.04, Ubuntu 16.04, or Debian:
1. Open the ENI configuration file.
```
vi /etc/network/interfaces
```
2. Add the information of the secondary ENI to the configuration file. Then, save and close the configuration file.
  Example of the ENI information to add to the configuration file:
```
auto eth0
iface eth0 inet dhcp

auto eth1  # Specify the ENI that you want to configure. 
iface eth1 inet dhcp
```
  Note The eth0 primary ENI is configured in the same configuration file as the eth1 secondary ENI. You must add the information of the primary ENI to the configuration file.
3. Restart the network service.
  - Versions earlier than Ubuntu 16.04, such as Ubuntu 14.04:
```
service networking restart
```
  - Ubuntu 16.04 and Debian:
```
systemctl restart networking
```
  The configurations of the secondary ENI take effect regardless of whether the following alert notification appears. You can run the ip address show command to check whether the IP address of the secondary ENI can be recognized.
Perform the following operations on an instance that runs Ubuntu 18.04:
1. Open the configuration file of a secondary ENI.
```
vi /etc/netplan/eth1-netcfg.yaml
```
2. Add the information of the secondary ENI to the configuration file. Then, save and close the configuration file.
  Note When you modify the configuration file, take note of the following items:
  - The configuration file is in the YAML format. Follow the YAML syntax rules when you configure the file.
  - Tabs cannot be used for indentation in YAML files. Use spaces instead.
  - We recommend that you copy information from the default /etc/netplan/99-netcfg.yaml configuration file to prevent format issues.
  Example of the ENI information to add to the configuration file:
```
network:
  version: 2
  renderer: networkd
  ethernets:
    eth1:
      dhcp4: yes
      dhcp6: no
```
3. Apply the added configurations.
```
netplan apply
```

Configure a secondary ENI for an instance that runs a SUSE or openSUSE operating system

If your instance run a SUSE or openSUSE operating system, you must manually modify the ENI configuration file to configure the secondary ENI.

Open the configuration file of the secondary ENI.
```
vi /etc/sysconfig/network/ifcfg-eth1
```
Add the information of the secondary ENI to the configuration file. Then, save and close the configuration file.
In the following example, a dynamic IP address is assigned to the secondary ENI by using DHCP.
```
BOOTPROTO='dhcp4'
STARTMODE='auto'
USERCONTROL='no'
```
Restart the network service.
- Versions earlier than SUSE Linux Enterprise Server 12:
```
service network restart
```
- SUSE Linux Enterprise Server 12 or later:
```
systemctl restart network
```

Configure routes for a secondary ENI that is bound to an instance that runs an Alibaba Cloud Linux 2 or CentOS 7 operating system

If you manually configure secondary ENIs but do not configure routes for the secondary ENIs or if routes configured by the multi-nic-util tool do not meet your requirements, perform the following steps to configure routes:

View the route information.
```
route -n
```
Sample command outputs:
- The following command output shows only the route information of the eth0 primary ENI, which indicates that no routes are configured for the eth1 secondary ENI.
- The following command output shows the route information of both the eth0 primary ENI and the eth1 secondary ENI. If the configured routes do not meet your requirements, you can modify the route configurations.
Plan the default route based on your requirements.
In this example, the sample values listed in the following table are used.
Secondary ENI attribute Sample value
ENI name eth1
Primary private IP address 192.168.**.*2
Gateway address 192.168.**.253
metric 1001
Configure the default route.
You can run the following commands to add the default route for the eth1 secondary ENI, create a route table, and then attach a routing policy to the table. In this example, table 1001 is created as the route table. We recommend that you keep the name of the route table the same as the metric value in the default route of the ENI. 192.168.**.253 is the gateway address and 192.168.*.*2 is the primary private IP address of the eth1 secondary ENI.
```
ip -4 route add default via 192.168.**.253 dev eth1 metric 1001 && \
ip -4 route add default via 192.168.**.253 dev eth1 table 1001 && \
ip -4 rule add from 192.168.**.*2 lookup 1001
```
View the created route table and routing policy.
```
ip route list table 1001 && \
ip rule list
```
The following figure shows that the route table and routing policy are created.
Configure routes to automatically update on instance startup.
After you perform the preceding steps to configure routes for the eth1 secondary ENI, you must perform the following steps to configure the routes to automatically update on instance startup. Otherwise, the routes become invalid after the instance is restarted.
1. Open the /etc/rc.local file.
```
vim /etc/rc.local
```
2. Add the configuration information of the routes to the /etc/rc.local file. Then, save and close the file.
```
ip -4 route add default via 192.168.**.253 dev eth1 metric 1001
ip -4 route add default via 192.168.**.253 dev eth1 table 1001
ip -4 rule add from 192.168.**.*2 lookup 1001
```
3. Grant execution permissions on the /etc/rc.local file.
```
chmod +x /etc/rc.local
```

Secondary ENI attribute	Sample value
ENI name	eth1
Primary private IP address	192.168.*.2
Gateway address	192.168.**.253
metric	1001

Configure routes for a secondary ENI that is bound to an instance that runs a CentOS 8 operating system

If routes configured by the system do not meet your requirements, perform the following steps to configure routes:

View the route information.
```
route -n
```
The following figure shows the route information of both the eth0 primary ENI and the eth1 secondary ENI. If the configured routes do not meet your requirements, you can modify the route configurations.
Plan the default route based on your requirements.
In this example, the sample values listed in the following table are used.
Secondary ENI attribute Sample value
ENI name eth1
Primary private IP address 192.168.**.*2
Gateway address 192.168.**.253
table 1001

Secondary ENI attribute	Sample value
ENI name	eth1
Primary private IP address	192.168.*.2
Gateway address	192.168.**.253
table	1001

Create a script for configuring routes.

Create and open the /home/route.sh file.

Add the configuration information of routes to the /home/route.sh file. Then, save and close the file.

The following sample script shows how to create a route table and attach a routing policy to the route table for the eth1 secondary ENI. In this example, a route table named table 1001 is created, and 192.168.**.253 is the gateway address and 192.168.*.*2 is the primary private IP address of the eth1 secondary ENI.

#!/bin/bash

i=0
while true; do
        /usr/sbin/ip -4 route add default via 192.168.**.253 dev eth1 table 1001
        if [ $? -eq 0 ]; then
                break
    fi
        sleep 3
        let i++
        if [ $i -gt 10 ]; then
                exit -1
        fi
done

i=0
while true; do
        /usr/sbin/ip -4 rule add from 192.168.**.*2 lookup 1001
        if [ $? -eq 0 ]; then
                break
    fi
        sleep 3
        let i++
        if [ $i -gt 10 ]; then
                exit -1
        fi
done

Configure the default route.
```
sh /home/route.sh
```
View the created route table and routing policy.
```
ip route list table 1001 && \
ip rule list
```
The following figure shows that the route table and routing policy are created.
Configure routes to be automatically updated on instance startup.
After you perform the preceding steps to configure routes for the eth1 secondary ENI, perform the following steps to configure the routes to be automatically updated on instance startup. Otherwise, the routes become invalid after the instance is restarted.
1. Open the /etc/rc.local file.
```
vim /etc/rc.local
```
2. Add the configuration information of routes to the /etc/rc.local file. Then, save and close the file.
```
sh /home/route.sh
```
3. Grant execute permissions on the /etc/rc.local file.
```
chmod +x /etc/rc.local
```