Assign secondary private IP addresses - Elastic Compute Service

You can assign one or more secondary private IP addresses to a primary or secondary elastic network interface (ENI). This topic describes how to assign secondary private IP addresses and configure secondary private IP addresses in an Elastic Compute Service (ECS) instance.

Background information

Scenarios

Secondary private IP addresses are suitable for the following scenarios:

Scenarios that involve multiple applications: If your instance hosts multiple applications, you can assign secondary private IP addresses to the applications so that each application can use a separate IP address for outbound connections. This way, a single instance can provide multiple services to maximize instance utilization.
Failover scenarios: If an instance fails, you can unbind ENIs from the instance and bind the ENIs to another instance so that traffic destined for the secondary private IP addresses of the failed instance is diverted to the normal instance. This ensures service continuity.

Event notifications

You can configure event notifications in EventBridge or CloudMonitor to specify how you receive notifications for private IP address assignment events. You can select by email and DingTalk chatbots. You can obtain information, such as the IDs of ENIs and the secondary private IP addresses that are assigned to the ENIs, from the notifications and configure operations to be automatically performed in response to the notifications. For more information, see Configure event notifications, ECS events, and the "Notifications for private IPv4 address assignment events" section of the IP address event notifications topic.

Limits

When you assign secondary private IP addresses, take note of the following limits:

Limits on security groups: A limited number of private IP addresses can be contained in a security group of the Virtual Private Cloud (VPC) type. For more information, see the "Security group limits" section of the Limits topic.
Limits on ENIs: The maximum number of private IP addresses that can be assigned to an ENI varies based on the status of the ENI.
- For an ENI in the Available state, up to 10 private IP addresses can be assigned.
- For an ENI in the Bound state, the maximum number of private IP addresses that can be assigned is subject to the instance type of the associated instance. For more information, see Instance families.

Procedure

Step 1: Make preparations

Make sure that the following requirements are met:

The instance to which an ENI is bound is in the Running (Running) state. For more information, see Start an instance.
A secondary ENI is bound to the instance. For more information, see Bind an ENI.

Step 2: Assign secondary private IP addresses

Log on to the ECS console.
In the left-side navigation pane, choose Network & Security > ENIs.
In the top navigation bar, select a region.
On the Network Interfaces page, find the ENI to which you want to assign secondary private IP addresses and click Manage Secondary Private IP Address in the Actions column.
In the Manage Secondary Private IP Address dialog box, click Assign New IP in the IPv4 Addresses or IPv6 Address section to assign IP addresses based on your business needs.
- If you leave the fields empty, IP addresses are automatically assigned at random from within the private CIDR blocks in the IPv4 Private CIDR Block and IPv6 Private CIDR Block values of the ENI.
- If you enter IP addresses, make sure that the IP addresses are within the private CIDR blocks in the IPv4 Private CIDR Block and IPv6 Private CIDR Block values of the ENI.
Click OK.

Step 3: Configure secondary private IP addresses in an instance

This section describes how to configure secondary private IPv4 addresses. Operations vary based on the operating system type and the IP address type.

Note

For more information about how to configure secondary private IPv6 addresses, see Step 4: Configure an IPv6 address for Windows instances and Step 4: Configure an IPv6 address for Linux instances.

Windows instances

Connect to an ECS instance.
For more information about connection methods, see Connection methods.
View the subnet mask and default gateway of the instance.
1. Open Command Prompt or Windows PowerShell.
2. Run the ipconfig command to view the subnet mask and default gateway of the instance.
Open Network and Sharing Center.
Click Change adapter settings.
Double-click the network connection in use. In this example, the network connection named Ethernet is used. Click Properties in the Ethernet Status dialog box.
In the Ethernet Properties dialog box, double-click Internet Protocol Version 4 (TCP/IPv4).
In the Internet Protocol Version 4 (TCP/IPv4) Properties dialog box, select Use the following IP address and click Advanced...
In the Advanced TCP/IP Settings dialog box, configure IP addresses.
1. In the IP addresses section, click Add... and enter one of the assigned IP addresses in the IP address field and the obtained subnet mask in the Subnet mask field.
  You can repeat this operation to add multiple IP addresses to the same adapter.
2. In the Default gateways section, click Add... and enter the obtained default gateway in the Default gateway field.
Click OK.
Run the ipconfig command to check the configuration result.

Note

If a Windows instance cannot access the Internet after you configure secondary private IP addresses for the instance, troubleshoot the problem by following the instructions in the After I configure a secondary private IP address for a Windows instance, the instance cannot connect to the Internet. Why? section of the Network FAQ topic.

Linux instances that run an RHEL operating system

Before you perform the following procedure, take note of the following items:

This procedure applies to the following operating systems: Alibaba Cloud Linux 2, Alibaba Cloud Linux 3, CentOS 6, CentOS 7, CentOS 8, Red Hat 6, Red Hat 7, Red Hat 8, Anolis 7, Anolis 8, Fedora 33, and Fedora 34.
In the following example, the eth0 primary ENI is used. If you are working with a secondary ENI, modify the ENI ID.

Connect to an ECS instance.
For more information about connection methods, see Connection methods.
Run the ifconfig command to query the subnet mask and run the route -n command to query the default gateway.
The following figure shows a sample command output.
In the preceding command output, 255.255.**.** corresponding to netmask is the IPv4 subnet mask, and 192.**.**.253 corresponding to Gateway is the default gateway.
Note
If the Linux distribution used by the instance does not support the ifconfig command, run the ip a or ip addr show command instead.
Modify the network configuration file.
- To configure a single private IPv4 address, run the vi /etc/sysconfig/network-scripts/ifcfg-eth0:0 command to add the corresponding configuration items.
  Example:
```
DEVICE=eth0:0
TYPE=Ethernet
BOOTPROTO=static
ONBOOT=yes
IPADDR=<Assigned secondary private IPv4 address 1>
NETMASK=<IPv4 subnet mask>
```
- To configure multiple private IPv4 addresses, increment the sequence number in the DEVICE value and continue to add configuration items.
  For example, run the vi /etc/sysconfig/network-scripts/ifcfg-eth0:1 command to add the following configuration items:
```
DEVICE=eth0:1
TYPE=Ethernet
BOOTPROTO=static
ONBOOT=yes
IPADDR=<Assigned secondary private IPv4 address 2>
NETMASK=<IPv4 subnet mask>
```

Run the corresponding command based on the operating system for the configuration to take effect.

Operating system	Command
Alibaba Cloud Linux 2 CentOS 7 Red Hat 7 Anolis 7	Run one of the following commands to restart the network service: `service network restart` `systemctl restart network`
CentOS 6 Red Hat 6	Run the `service network restart` command to restart the network service.
Alibaba Cloud Linux 3 CentOS 8 Red Hat 8 Anolis 8 Fedora 33/34	Perform the following operations: Run the `systemctl restart NetworkManager` command to restart the network service. Run the `nmcli device reapply eth0` command to restart the eth0 ENI, or run the `reboot` command to restart the instance.

Run the ifconfig command to check the configuration result.
The following figure shows the output of a sample command used to configure two secondary private IP addresses.

Linux instances that run a Debian operating system

Before you perform the following procedure, take note of the following items:

This procedure applies to the following operating systems: Ubuntu 18, Ubuntu 20, Ubuntu 14, Ubuntu16, Debian 8, Debian9, and Debian10.
In the following example, the eth0 primary ENI is used. If you are working with a secondary ENI, modify the ENI ID.

Connect to an ECS instance.
For more information about connection methods, see Connection methods.
Configure secondary private IP addresses based on the operating system of your instance.
- Debian series: Ubuntu 18 and Ubuntu 20
  1. Disable the network configuration feature of cloud-init for the instance. Run the vim /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg command and add the corresponding configuration items.
    Example:
```
network: {config: disabled}
```
  2. Run the vim /etc/netplan/50-cloud-init.yaml command to open the network configuration file and change the IP addresses that are configured by using Host Configuration Protocol (DHCP) to static IP addresses.
    Example:
```
network:
    version: 2
    ethernets:
        eth0:
            match:
                macaddress: 00:16:3e:36:**:**
            addresses:
              - <Primary private IPv4 address>/<Subnet mask bit>
              - <Assigned secondary private IPv4 address 1>/<Subnet mask bit>
              - <Assigned secondary private IPv4 address 2>/<Subnet mask bit>
            gateway4: <Default gateway>
```
    Note
    In the example, <Subnet mask bit> is replaced with the subnet mask bit corresponding to the subnet mask. For example, the 255.255.255.0 subnet mask corresponds to the /24 subnet mask bit.
  3. Run the netplan apply command to restart the network service.
  4. Run the ip -a command to check the configuration result.
    The following figure shows the output of a sample command used to configure two secondary private IP addresses.
- Debian series: Ubuntu 14, Ubuntu 16, Debian 8, Debian 9, and Debian 10.
  1. Run the vi /etc/network/interfaces command to open the network configuration file and add the corresponding configuration items.
    Example:
```
auto eth0:0
iface eth0:0 inet static
address <Assigned secondary private IPv4 address 1>
netmask <IPv4 mask>

auto eth0:1
iface eth0:1 inet static
address <Assigned secondary private IPv4 address 2>
netmask <IPv4 mask>
```
  2. Run the reboot command to restart the instance.
  3. Run the ifconfig command to check the configuration result.
    The following figure shows the output of a sample command used to configure two secondary private IP addresses.

Linux instances that run a SLES operating system

Before you perform the following procedure, take note of the following items:

This procedure applies to the following operating systems: SUSE 11, SUSE 12, SUSE 15, OpenSUSE 15, and OpenSUSE 42.
In the following example, the eth0 primary ENI is used. If you are working with a secondary ENI, modify the ENI ID.

Connect to an ECS instance.
For more information about connection methods, see Connection methods.

Run the vi /etc/sysconfig/network/ifcfg-eth0 command to open the network configuration file and add the following configuration items:

IPADDR_0=<Assigned secondary private IPv4 address 1>
NETMASK_0=<IPv4 subnet mask>
LABEL_0='0'

IPADDR_1=<Assigned secondary private IPv4 address 2>
NETMASK_1=<IPv4 subnet mask>
LABEL_1='1'

Run the service network restart or systemctl restart network command to restart the network service.
Run the ifconfig command to check the configuration result.
The following figure shows the output of a sample command used to configure two secondary private IP addresses.