An elastic network interface (ENI) is a virtual network interface controller (NIC) that can be bound to an Elastic Compute Service (ECS) instance of the Virtual Private Cloud (VPC) type. You can use ENIs to deploy high availability clusters and perform low-cost failover and fine-grained network management.
|ENI type||ENIs consist of primary and secondary ENIs.
|VPC||Only instances of the VPC type support ENIs. An ENI must reside within the same VPC as the instance to which the ENI is bound.|
|Zone||The vSwitch to which the ENI belongs must reside within the same zone as the instance to which the ENI is bound.|
|Security group||An ENI must be added to at least one security group. The security group controls the inbound and outbound traffic of the ENI.|
|EIP||An ENI can be associated with one or more elastic IP addresses (EIPs).|
|Primary private IP address||The primary private IP address is an IP address specified by the user or assigned by the system during ENI creation. The primary private IP address must be an idle IP address within the CIDR block of the vSwitch.|
|Secondary private IP address||The secondary private IP address must be an idle IP address within the CIDR block of the vSwitch. You can assign or revoke the secondary private IP address.|
|MAC address||A media access control (MAC) address is a globally unique identifier of an ENI.|
An ENI is an independent virtual NIC that can be migrated among multiple instances to support the flexible scaling and migration of services. When you create an ENI together with an instance, the ENI is automatically bound to the instance. You can also separately create a secondary ENI and bind it to an instance.
- In addition to the primary ENI that is created together with an instance, you can also bind multiple secondary ENIs to the instance. The ECS instance and the secondary ENIs that you want to bind to the instance must reside within the same zone and VPC, but can belong to different vSwitches and security groups.
- Each ENI can be assigned multiple secondary private IP addresses based on the instance type of the instance to which the ENI is bound.
- When you unbind a secondary ENI from an instance and bind the ENI to another instance, the attributes of the ENI remain unchanged and the network traffic is redirected to the new instance.
- ENIs support hot-plug and can be migrated among instances. When you unbind an ENI from an instance and bind the ENI to another instance, services on the instances are not affected, and you do not need to restart the instances.
- The following limits apply to the resources supported by a single ENI:
- Primary private IP address: one.
- Secondary private IP address: one or more. The number of secondary private IP addresses is determined based on the instance type of the instance to which the ENI is bound. For more information, see Instance family.
- EIP: one or more. The number of EIPs is determined based on how the EIPs are associated with the ENI. For more information, see Associate an EIP with an ECS instance.
- MAC address: one.
- Security group: one to five. At least one security group is required.
- A limited number of ENIs can be created for one account in each region. For more information, see the "ENI limits" section in Limits.
- The ENI and the instance to which the ENI is bound must reside within the same zone and VPC, but can belong to different vSwitches and security groups.
- The number of secondary ENIs that can be bound to an ECS instance is determined based on the instance type.
- Only I/O optimized instance types support ENIs.
- ECS instances of the classic network type do not support ENIs.
- The instance bandwidth is determined based on the instance type. You cannot increase the bandwidth of an ECS instance by binding multiple secondary ENIs to the instance.
- Deployment of high availability clusters
Multiple ENIs can be bound to a single ECS instance within a high availability architecture.
- Low-cost failover
You can unbind an ENI from a failed ECS instance and bind the ENI to another instance to redirect traffic to the backup instance. This allows quick recovery of services.
- Fine-grained network management
You can configure multiple ENIs for an instance. For example, you can use some ENIs for internal management and other ENIs for Internet business access to isolate management data from business data. You can also configure specific security group rules for each ENI based on the source IP addresses, protocols, and ports to achieve access control.
- Configuration of multiple private IP addresses for a single instance
You can assign multiple secondary private IP addresses to an ENI. If multiple applications are managed on your instance, you can assign an independent IP address for each application to improve the utilization of your instance.
- Configuration of multiple public IP addresses for a single instance
Only a single public IP address can be assigned to an ECS instance that has no ENIs bound. To assign multiple public IP addresses to an instance, you can associate EIPs with one or more ENIs of the instance. In NAT mode, each private IP address of an ENI can have EIPs associated.
Operations in the ECS console
The following table describes the operations that you can perform in the ECS console to manage ENIs.
|Create an ENI||You can create an ENI together with an instance or separately create an ENI.||Create an ENI|
|Bind an ENI||When you create an ENI together with an instance, the ENI is automatically bound to the instance. You can also separately create an ENI and bind it to an instance. An ENI can be bound only to a single ECS instance at a time. However, an ECS instance can have multiple ENIs bound to it.||Bind an ENI|
|Configure an ENI||For instances whose images cannot identify secondary ENIs, you must log on to the
instance to configure the ENIs.
Note If an instance runs an image of CentOS 7.3 64-bit, CentOS 6.8 64-bit, or Windows Server 2008 R2 or later, you do not need to configure ENIs.
|Configure a secondary ENI|
|Assign or revoke secondary private IP addresses||You can assign or revoke multiple secondary private IP addresses to or from an ENI.|
|Modify an ENI||You can modify the security groups to which the primary and secondary ENIs belong. You can also modify the names and descriptions of secondary ENIs.||Modify an ENI|
|Unbind an ENI||You can unbind an ENI from an instance.||Unbind an ENI|
|Delete an ENI||You can delete an ENI after you unbind it from an instance.||Delete an ENI|
The following table describes the API operations that you can call to manage ENIs.
|CreateNetworkInterface||Creates a secondary ENI.|
|DeleteNetworkInterface||Deletes a secondary ENI.|
|DescribeNetworkInterfaces||Queries the details of one or more ENIs.|
|AttachNetworkInterface||Binds a secondary ENI to an instance.|
|AssignPrivateIpAddresses||Assigns one or more secondary private IP addresses to an ENI.|
|UnassignPrivateIpAddresses||Revokes one or more secondary private IP addresses from an ENI.|
|DetachNetworkInterface||Unbinds a secondary ENI from an instance.|
|ModifyNetworkInterfaceAttribute||Modifies the name, description, and security group of a secondary ENI.|
|DescribeInstances||Queries the information about ENIs that are bound to instances.|