ECS instances in a VPC use private IPv4, public IPv4, and optionally IPv6 addresses for internal and Internet communication.
Private IP addresses
Private IP addresses refer to private IPv4 addresses not reachable over the Internet, used for communication between ECS instances and internal resources. They are assigned via DHCP and must fall within the vSwitch CIDR block. The number of private IPv4 addresses per elastic network interface (ENI) varies by instance type. See the Private IPv4 Addresses per ENI metric in Instance families.
Key points about private IPv4 addresses:
-
Each instance has one primary private IPv4 address on the primary ENI, assigned from the vSwitch CIDR block at instance creation. If not specified, Alibaba Cloud auto-assigns one. The primary private IPv4 address cannot be reclaimed until the instance is released. To change it, see Modify a private IP address.
-
You can assign secondary private IPv4 addresses to an instance automatically or manually. Secondary addresses can be reclaimed and reassigned but not modified after assignment. Manual configuration is required after assignment. See Secondary private IPs.
-
Private IPv4 addresses are retained across stop/start cycles and reclaimed when the instance is released.
Public IP addresses
Public IP addresses refer to public IPv4 addresses that enable Internet communication. To use one, purchase public bandwidth for the instance.
VPC-type ECS instances support static public IP addresses and elastic IP addresses (EIPs).
-
When you create an ECS instance, you can configure public bandwidth. Alibaba Cloud then assigns a public IPv4 address from the address pool. By default, no public IP address is assigned.
-
For an existing instance without a public IP address, increase the peak bandwidth to a value greater than 0 Mbit/s to automatically obtain one.
-
A public IP address is reclaimed when the instance is released. The address is also reclaimed or reassigned in the following cases:
-
If you set the bandwidth to 0 Mbit/s, the public IP address is reclaimed. See Modify the bandwidth of a subscription instance with a static public IP address and Modify the bandwidth of a pay-as-you-go instance.
-
If you stop a pay-as-you-go instance in economical mode, the public IP address is released. A new address is assigned on restart, which may differ from the previous one.
-
-
To retain a public IPv4 address long-term and reassign it across instances, convert it to an EIP. See Convert a static public IP address to an EIP.
-
An EIP is an independently held public IP address. You can request an EIP or convert one from a static public IP address. You can associate and disassociate EIPs with ECS instances. An instance can be associated with multiple EIPs (see Associate an EIP with a secondary ENI). EIPs are not reclaimed when the instance is released. To release one, see Release a pay-as-you-go EIP. See EIP overview.
IPv6 addresses
After you enable IPv6, Alibaba Cloud assigns IPv6 CIDR blocks to VPCs from the address pool (you cannot specify them). vSwitches in IPv6-enabled VPCs also support IPv6 CIDR blocks. You can enable IPv6 when creating a vSwitch or for an existing one. See Create and manage vSwitches. IPv6 addresses must fall within the vSwitch IPv6 CIDR block. The number of IPv6 addresses per ENI varies by instance type. See the IPv6 addresses per ENI metric in Instance families.
IPv6 addresses are globally unique. By default, they support only private access. To enable Internet access, enable IPv6 Internet bandwidth.
-
You can assign multiple IPv6 addresses to the primary ENI during instance creation.
-
After instance creation, you can assign IPv6 addresses to attached ENIs.
After assignment, configure the IPv6 address in the instance operating system for it to take effect.
IPv6 addresses can be unassigned and reassigned before instance release. They are retained across stop/start cycles and released when the ENI is released.
View the IP addresses of an instance
View IP addresses in the ECS console or from within the instance. Ensure consistency between the two; mismatches can cause communication failures, invalid security group rules, or management issues.
View in the console
Log in to the ECS console.
In the left-side navigation pane, choose .
In the upper-left corner of the page, select a region and resource group.
-
On the Instance page, click the target instance ID to open Instance Details. View the IP addresses:
-
In the Configuration Information section:
-
Public IP Address: 47.98.XX.XX
-
Elastic IP Address: 121.41.XX.XX
-
Primary Private IP Address: 192.168.XX.XX
-
-
In the Associated Resources section:
-
Secondary Private IP Address: 192.168.XX.XX,192.168.XX.XX
-
IPv6 Address: 2408:XXXX:325:a216:95f1:3dd9:6640:8b9e
-
NoteFields appear empty if the instance lacks a static public IP address, secondary private IP address, IPv6 address, or associated EIP.
-
View API
-
Call DescribeInstanceAttribute to query IP address information:
-
PrivateIpAddress: The primary private IPv4 address.
-
PublicIpAddress: The static public IP address.
-
EipAddress: The associated EIP.
-
-
Call DescribeNetworkInterfaceAttribute to query ENI details, including secondary private IPs, IPv6 addresses, and EIPs.
View IP addresses from within an instance
-
Linux instances: After you remotely connect to a Linux instance, run
ip ato view private IP addresses.
Run
sudo route -nto view the gateway IP address:In the row where
Destinationis the default route (0.0.0.0), theGatewayvalue is the internal gateway IP ofeth0.
-
Windows instances: After you remotely connect to a Windows instance, run
ipconfigto view the private IP address and default gateway.
In a VPC, the public IP address resides on the gateway device and is not visible in the instance OS. Only the private IP address is visible. To make an EIP visible in the OS, see Make an EIP visible on an ENI using a secondary CIDR block.
References
-
If a client cannot ping the public IP address of a destination ECS instance, see Troubleshoot issues when you cannot ping the public IP address of an ECS instance.
-
An IPv6 address may be inaccessible due to internal configuration errors or lack of Internet access. See Troubleshoot issues when you cannot ping the IPv6 address of an ECS instance.
-
If you cannot assign a public IP address to each instance in a multi-instance cluster, see Use the SNAT feature of an Internet NAT gateway to enable an ECS instance without a public IP address to access the Internet.
-
When creating a VPC and vSwitch, you must specify the VPC and vSwitch CIDR blocks. The size of the CIDR block determines the number of resources that can be deployed. Proper CIDR block planning avoids address conflicts and ensures scalability, whereas improper planning may cause high reconstruction costs.
See Network planning.
-
ECS instances in the same VPC communicate over the internal network, controlled by security groups. For cross-VPC private communication, use Cloud Enterprise Network (CEN), VPC peering connections, or PrivateLink. See ECS service interconnection.