Associate an EIP with a cloud resource to enable internet access.
EIP supports associating with ECS instances, elastic network interfaces (ENIs), Application Load Balancer (ALB) instances, Network Load Balancer (NLB) instances, Classic Load Balancer (CLB) instances, Internet NAT gateways, and high-availability virtual IP addresses (HaVips).
Associate an EIP with an ECS instance
Associate an EIP with a VPC-type ECS instance in the same region.
Constraints:
-
Each ECS instance supports only one EIP.
-
The ECS instance must be in the Running or Stopped state, with no fixed public IP address or other EIP already associated.
-
The EIP associates in NAT mode. NAT ALG-dependent protocols are not supported.
Console
Associate an EIP
-
Go to the Elastic IP Addresses console and select the region of the EIP.
-
Find the target EIP, click Associate with Resource in the Actions column, select ECS Instance, then select the target instance.
Replace the EIP
Disassociate the current EIP first, then associate the new one.
Recover a released EIP
An EIP keeps its address throughout its lifecycle. If released due to expiration or overdue payment, recover it within 7 days.
API
Call AssociateEipAddress with InstanceType set to EcsInstance.
Associate EIPs with ENIs
Each ECS instance supports only one directly associated EIP. To use multiple public IPs, associate EIPs with the instance's ENIs instead.
NAT mode (multiple EIPs per ECS instance)
In NAT mode, each EIP maps to one private IP on the ENI. The maximum EIP count equals the number of private IPs on the ENI.
The number of secondary ENIs supported varies by instance type.
After attaching a secondary ENI to an ECS instance, some images may not automatically recognize the ENI IP address or add routes. If so, configure the secondary ENI manually.
In NAT mode, protocols that depend on NAT ALG are not supported. Both primary and secondary ENIs are supported.
Two approaches:
-
Multiple ENIs: Associate multiple secondary ENIs with a single ECS instance, associate one EIP with each, and associate each ENI with a different security group for fine-grained access control.
-
Multiple EIPs on a single ENI: Attach one secondary ENI, assign multiple secondary private IPs, and associate an EIP with each in NAT mode.
Console
-
Go to the Elastic IP Addresses console and select the region of the EIP.
-
Find the target EIP, click Associate with Resource in the Actions column, select ENI, choose NAT Mode, and select the secondary private IP to associate with.
API
-
Call AssociateEipAddress with
InstanceTypeset toNetworkInterfaceandModeset toNAT.
-
Call AssociateEipAddressBatch to associate multiple EIPs with secondary ENIs in a single request.
Cut-through mode
In NAT mode, the EIP is invisible to the ECS OS. Cut-through mode makes the EIP visible on the secondary ENI.
-
After associating in cut-through mode, 100.64.0.0/10 (Alibaba Cloud internal services) becomes inaccessible through the ENI. Route 100.64.0.0/10 traffic to the primary ENI or another secondary ENI not in cut-through mode.
-
Cut-through mode has more restrictions. Consider EIPs with additional CIDR blocks instead: configure a public IP CIDR block as a VPC additional CIDR block, create a secondary ENI in that block, associate the EIP, and attach the ENI to the ECS instance to manage the EIP from the OS.
After attaching a secondary ENI, some images require manual ENI configuration. The system creates a route with the secondary ENI as the outbound interface at a lower priority than the primary ENI route. Adjust route priorities based on your requirements.
Console
-
Go to the Elastic IP Addresses page and select the region of the EIP.
-
Find the target EIP, click Associate with Resource in the Actions column, select ENI, choose Cut-through Mode, and select the secondary private IP to associate with.
API
-
Call AssociateEipAddress with
InstanceTypeset toNetworkInterfaceandModeset toBINDEDorMULTI_BINDED. -
Call AssociateEipAddressBatch to associate multiple EIPs with secondary ENIs in a single request.
Associate an EIP with a NAT gateway
Associate EIPs with an Internet NAT gateway and configure SNAT rules to let multiple instances share EIPs for outbound access.
Constraints:
-
Each Internet NAT gateway supports up to 20 EIPs.
-
Since September 19, 2022, associating an EIP with a newly created Internet NAT gateway consumes a private IP from the gateway's vSwitch. Ensure the vSwitch has sufficient private IPs. Existing gateways are not affected.
Console
-
Go to the Elastic IP Addresses page and select the region of the EIP.
-
Find the target EIP, click Associate with Resource in the Actions column, select NAT Gateway, then select the target instance.
API
-
Call AssociateEipAddress with
InstanceTypeset toNat. -
Call AssociateEipAddressBatch to associate multiple EIPs with an Internet NAT gateway in a single request.
Associate an EIP with an SLB instance
Associate EIPs with SLB instances to distribute traffic across backend servers in multiple zones.
For new deployments, use ALB or NLB.
Console
ALB or NLB
The Elastic IP Addresses page does not support directly associating EIPs with ALB or NLB instances. Instead:
-
New instance: Go to the ALB buy page or NLB buy page and create an Internet-facing instance.
-
Existing instance: Go to the ALB instances page or NLB instances page, click the target instance ID, and change Network Type to Internet-facing.
CLB
-
Go to the Elastic IP Addresses page and select the region of the EIP.
-
Find the target EIP, click Associate with Resource in the Actions column, select SLB Instance, then select the target CLB instance.
API
|
Action |
API |
Key parameter |
|
Create an Internet-facing ALB instance |
CreateLoadBalancer (ALB) |
|
|
Change an ALB instance to Internet-facing |
|
|
|
Create an Internet-facing NLB instance |
CreateLoadBalancer (NLB) |
|
|
Change an NLB instance to Internet-facing |
|
|
|
Associate an EIP with a CLB instance |
|
Associate an EIP with an HaVip
HaVips implement IP failover between primary and standby servers in the same zone. Associating an EIP with an HaVip enables it to serve Internet traffic with high availability.
Constraints:
-
Apply for HaVip creation permission in the Quota Center console first. A quota of 1 means creation is enabled. Each account supports up to 50 HaVips by default.
-
Each HaVip supports only one EIP.
-
The HaVip must be in the Available or Assigned state.
Console
-
Go to the Elastic IP Addresses page and select the region of the EIP.
-
Find the target EIP, click Associate with Resource in the Actions column, select HaVip, then select the target instance.
API
Call AssociateEipAddress with InstanceType set to HaVip.
Disassociate an EIP from a cloud resource
Console
Find the target EIP and click Disassociate from Resources in the Actions column.
API
Call UnassociateEipAddress to disassociate an EIP from a cloud resource.
After disassociation
-
Pay-as-you-go EIPs: EIP configuration fees (public IP retention fees) still apply after disassociation. If no longer needed, release the EIP to stop billing.
-
Subscription EIPs: Unsubscribe if no longer needed.