You can assign one or more secondary private IP addresses to a primary or secondary elastic network interface (ENI). This topic describes how to assign secondary private IP addresses and configure secondary private IP addresses in an Elastic Compute Service (ECS) instance.

Background information

Secondary private IP addresses are suitable for the following scenarios:
  • Scenarios that involve multiple applications: If your instance hosts multiple applications, you can assign secondary private IP addresses to the applications so that each application can use a separate IP address for outbound connections. This way, a single instance can provide multiple services optimally.
  • Failover scenarios: If an instance fails, you can unbind ENIs from the instance and bind the ENIs to another instance so that traffic destined for the secondary private IP addresses of the failed instance is diverted to the normal instance. This ensures service continuity.
When you assign secondary private IP addresses, take note of the following limits:
  • Limits on security groups: A limited number of private IP addresses can be contained in a security group of the Virtual Private Cloud (VPC) type. For more information, see the "Security group limits" section in Limits.
  • Limits on ENIs: The maximum number of private IP addresses that can be assigned to an ENI varies based on the state of the ENI.
    • For an ENI in the Available state, up to 10 private IP addresses can be assigned.
    • For an ENI in the Bound state, the maximum number of private IP addresses that can be assigned is subject to the instance type of the associated instance. For more information, see Instance family.

Procedure

  1. Make sure that the following prerequisites are satisfied:
    • The instance to which an ENI is bound is in the Running (Running) state. For more information, see Start an instance.
    • A secondary ENI is bound to the instance. For more information, see Bind an ENI.
  2. In the ECS console, assign secondary private IP addresses to an ENI.
    You can assign secondary private IP addresses to an ENI on the Network Interfaces, Instances, or Security Groups page. For more information, see the following sections:
  3. In the instance to which the ENI is bound, configure the assigned secondary private IP addresses.
    This topic describes how to configure secondary private IPv4 addresses. Operations vary based on the operating system type and the IP address type. For more information, see the following sections:
    Note For more information about how to configure secondary private IPv6 addresses, see Step 4: Configure an IPv6 address for Windows instances and Step 4: Configure an IPv6 address for Linux instances.

Assign secondary private IP addresses on the Network Interfaces page

  1. Log on to the ECS console.
  2. In the left-side navigation pane, choose Network & Security > ENIs.
  3. In the top navigation bar, select a region.
  4. On the Network Interfaces page, find the ENI to which you want to assign secondary private IP addresses and click Manage Secondary Private IP Address in the Actions column.
  5. In the Manage Secondary Private IP Address dialog box, click Assign New IP to assign IP addresses based on your business needs.
    • To automatically assign IP addresses, accept the default Auto-assign value. Then, the system randomly assigns IP addresses from within the private CIDR blocks in the IPv4 Private CIDR Block and IPv6 Private CIDR Block values of the ENI.
    • To manually assign IP addresses, enter specific IP addresses from within the private CIDR blocks in the IPv4 Private CIDR Block and IPv6 Private CIDR Block values of the ENI.
    enipage-moreprivateip
  6. Click OK.

Assign secondary private IP addresses on the Instances page

When you assign secondary private IP addresses for an instance on the Instances page, the IP addresses are assigned to the primary ENI of the instance.

  1. Log on to the ECS console.
  2. In the left-side navigation pane, choose Instances & Images > Instances.
  3. In the top navigation bar, select a region.
  4. On the Instances page, find the instance for which you want to assign secondary private IP addresses and choose More > Network and Security Group > Manage Secondary Private IP Address in the Actions column.
  5. In the Manage Secondary Private IP Address dialog box, click Assign New IP to assign IP addresses based on your business needs.
    • To automatically assign IP addresses, accept the default Auto-assign value. Then, the system randomly assigns IP addresses from within the private CIDR blocks in the IPv4 Private CIDR Block and IPv6 Private CIDR Block values of the ENI.
    • To manually assign IP addresses, enter specific IP addresses from within the private CIDR blocks in the IPv4 Private CIDR Block and IPv6 Private CIDR Block values of the ENI.
    private-ip
  6. Click OK.

Assign secondary private IP addresses on the Security Groups page

  1. Log on to the ECS console.
  2. In the left-side navigation pane, choose Network & Security > Security Groups.
  3. In the top navigation bar, select a region.
  4. Find a security group of the ENI to which you want to assign secondary private IP addresses and click Manage ENIs in the Actions column.
  5. On the ENIs in Security Group page, find the ENI to which you want to assign secondary private IP addresses and click Manage Secondary Private IP Address in the Actions column.
  6. In the Manage Secondary Private IP Address dialog box, click Assign New IP to assign IP addresses based on your business needs.
    • To automatically assign IP addresses, accept the default Auto-assign value. Then, the system randomly assigns IP addresses from within the private CIDR blocks in the IPv4 Private CIDR Block and IPv6 Private CIDR Block values of the ENI.
    • To manually assign IP addresses, enter specific IP addresses from within the private CIDR blocks in the IPv4 Private CIDR Block and IPv6 Private CIDR Block values of the ENI.
    enipage-moreprivateip
  7. Click OK.

Configure secondary private IPv4 addresses in a Windows instance

  1. Connect to an ECS instance.
    For more information about connection methods, see Connection methods.
  2. View the subnet mask and default gateway of the instance.
    1. Open Command Prompt or Windows PowerShell.
    2. Run the ipconfig command to view the subnet mask and default gateway of the instance.
      A command output similar to the following one is displayed. windows-viewip-original
  3. Open Network and Sharing Center.
  4. Click Change adapter settings.
  5. Double-click the network connection in use. In this example, the network connection named Ethernet is used. Click Properties in the Ethernet Status dialog box.
  6. In the Ethernet Properties dialog box, double-click Internet Protocol Version 4 (TCP/IPv4).
  7. In the Internet Protocol Version 4 (TCP/IPv4) Properties dialog box, select Use the following IP address and click Advanced...
  8. In the Advanced TCP/IP Settings dialog box, configure IP addresses.
    1. In the IP addresses section, click Add... and enter one of the assigned IP addresses in the IP address field and the obtained subnet mask in the Subnet mask field.

      You can repeat this step to add multiple IP addresses to the same adapter.

      Add IP addresses
    2. In the Default gateways section, click Add... and enter the obtained default gateway in the Default gateway field.
  9. Click OK.
  10. Run the ipconfig command to check the configuration result.
    The following figure shows the output of an example command used to configure two secondary private IP addresses. windows-viewip-new
Note

If a Windows instance cannot access the Internet after you configure secondary private IP addresses for the instance, troubleshoot the problem by following the instructions in After I configure a secondary private IP address for a Windows instance, the instance cannot connect to the Internet. Why?

Configure secondary private IPv4 addresses in a Linux instance that runs a Red Hat Enterprise Linux (RHEL) operating system

Before you perform the following procedure, take note of the following items:
  • This procedure applies to the following operating systems: Alibaba Cloud Linux 2, Alibaba Cloud Linux 3, CentOS 6, CentOS 7, CentOS 8, Red Hat 6, Red Hat 7, Red Hat 8, Anolis 7, Anolis 8, Fedora 33, and Fedora 34.
  • In the following example, the eth0 primary ENI is used. If you are working with a secondary ENI, modify the ENI ID.
  1. Connect to an ECS instance.
    For more information about connection methods, see Connection methods.
  2. Run the ifconfig command to view the subnet mask and run the route -n command to view the default gateway.
    The following figure shows the output of an example command. view-ips

    In the preceding command output, 255.255.**.** that corresponds to netmask is the IPv4 subnet mask and 192.**.**.253 that corresponds to Gateway is the default gateway.

    Note If the Linux distribution used by the instance does not support the ifconfig command, run the ip a or ip addr show command instead.
  3. Modify the network configuration file.
    • To configure a single private IPv4 address, run the vi /etc/sysconfig/network-scripts/ifcfg-eth0:0 command to add the corresponding configuration items.
      Example:
      DEVICE=eth0:0
TYPE=Ethernet
BOOTPROTO=static
ONBOOT=yes
IPADDR=<Assigned secondary private IPv4 address 1>
NETMASK=<IPv4 subnet mask>
    • To configure multiple private IPv4 addresses, increment the sequence number in the DEVICE value and continue to add configuration items.
      For example, run the vi /etc/sysconfig/network-scripts/ifcfg-eth0:1 command to add the following configuration items:
      DEVICE=eth0:1
TYPE=Ethernet
BOOTPROTO=static
ONBOOT=yes
IPADDR=<Assigned secondary private IPv4 address 2>
NETMASK=<IPv4 subnet mask>
  4. Run the corresponding command based on the operating system for the configuration to take effect.
    Operating system Command
    • Alibaba Cloud Linux 2
    • CentOS 7
    • Red Hat 7
    • Anolis 7
    		Run one of the following commands to restart the network service:
    • service network restart
    • systemctl restart network
    • CentOS 6
    • Red Hat 6
    		 Run the service network restart command to restart the network service.
    • Alibaba Cloud Linux 3
    • CentOS 8
    • Red Hat 8
    • Anolis 8
    • Fedora 33/34
    		 Perform the following operations:
    1. Run the systemctl restart NetworkManager command to restart the network service.
    2. Run the nmcli device reapply eth0 command to restart the eth0 ENI, or run the reboot command to restart the instance.
  5. Run the ifconfig command to check the configuration result.
    The following figure shows the output of an example command used to configure two secondary private IP addresses. add-secip

Configure secondary private IPv4 addresses in a Linux instance that runs a Debian operating system

Before you perform the following procedure, take note of the following items:
  • This procedure applies to the following operating systems: Ubuntu 18, Ubuntu 20, Ubuntu 14, Ubuntu16, Debian 8, Debian9, and Debian10.
  • In the following example, the eth0 primary ENI is used. If you are working with a secondary ENI, modify the ENI ID.
  1. Connect to an ECS instance.
    For more information about connection methods, see Connection methods.
  2. Run the ifconfig command to view the subnet mask and run the route -n command to view the default gateway.
    The following figure shows the output of an example command. view-ips

    In the preceding command output, 255.255.**.** that corresponds to netmask is the IPv4 subnet mask and 192.**.**.253 that corresponds to Gateway is the default gateway.

    Note If the Linux distribution used by the instance does not support the ifconfig command, run the ip a or ip addr show command instead.
  3. Configure secondary private IP addresses based on the operating system of your instance.
    • Debian series: Ubuntu 18 and Ubuntu 20
      1. Disable the network configuration feature of cloud-init for the instance. Run the vim /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg command and add the corresponding configuration items.
        Example:
        network: {config: disabled}
      2. Run the vim /etc/netplan/50-cloud-init.yaml command to open the network configuration file and change the IP addresses that are configured by using Host Configuration Protocol (DHCP) to static IP addresses.
        Example:
        network:
    version: 2
    ethernets:
        eth0:
            match:
                macaddress: 00:16:3e:36:**:**
            addresses:
              - <Primary private IPv4 address>/<Subnet mask bit>
              - <Assigned secondary private IPv4 address 1>/<Subnet mask bit>
              - <Assigned secondary private IPv4 address 2>/<Subnet mask bit>
            gateway4: <Default gateway>
        Note In the example, <Subnet mask bit> is replaced with the subnet mask bit corresponding to the subnet mask. For example, the 255.255.255.0 subnet mask corresponds to the /24 subnet mask bit.
      3. Run the netplan apply command to restart the network service.
      4. Run the ip -a command to check the configuration result.
        The following figure shows the output of an example command used to configure two secondary private IP addresses. ubuntu18-viewsecip
    • Debian series: Ubuntu 14, Ubuntu 16, Debian 8, Debian 9, and Debian 10.
      1. Run the vi /etc/network/interfaces command to open the network configuration file and add the corresponding configuration items.
        Example:
        auto eth0:0
iface eth0:0 inet static
address <Assigned secondary private IPv4 address 1>
netmask <IPv4 mask>

auto eth0:1
iface eth0:1 inet static
address <Assigned secondary private IPv4 address 2>
netmask <IPv4 mask>
      2. Run the reboot command to restart the instance.
      3. Run the ifconfig command to check the configuration result.
        The following figure shows the output of an example command used to configure two secondary private IP addresses. ubuntu-debian-secip

Configure secondary private IPv4 addresses in a Linux instance that runs a SUSE Linux Enterprise Server (SLES) operating system

Before you perform the following procedure, take note of the following items:
  • This procedure applies to the following operating systems: SUSE 11, SUSE 12, SUSE 15, OpenSUSE 15, and OpenSUSE 42.
  • In the following example, the eth0 primary ENI is used. If you are working with a secondary ENI, modify the ENI ID.
  1. Connect to an ECS instance.
    For more information about connection methods, see Connection methods.
  2. Run the ifconfig command to view the subnet mask and run the route -n command to view the default gateway.
    The following figure shows the output of an example command. view-ips

    In the preceding command output, 255.255.**.** that corresponds to netmask is the IPv4 subnet mask and 192.**.**.253 that corresponds to Gateway is the default gateway.

    Note If the Linux distribution used by the instance does not support the ifconfig command, run the ip a or ip addr show command instead.
  3. Run the vi /etc/sysconfig/network/ifcfg-eth0 command to open the network configuration file and add the following configuration items: 
    IPADDR_0=<Assigned secondary private IPv4 address 1>
NETMASK_0=<IPv4 subnet mask>
LABEL_0='0'

IPADDR_1=<Assigned secondary private IPv4 address 2>
NETMASK_1=<IPv4 subnet mask>
LABEL_1='1'
  4. Run the service network restart or systemctl restart network command to restart the network service.
  5. Run the ifconfig command to check the configuration result.
    The following figure shows the output of an example command used to configure two secondary private IP addresses. suse-secip