This topic describes how to associate an elastic IP address (EIP) with a secondary elastic network interface (ENI) in cut-through mode. Then, the EIP replaces the private IP address of the secondary ENI. The secondary ENI functions as a public network interface controller (NIC). This way, you can query the EIP in the operating system.
- We recommend that you expose an EIP on an ENI by adding a secondary CIDR block to a virtual private cloud (VPC). For more information, see Expose an EIP on an NIC by adding a secondary CIDR block to a VPC.
- The regions that support the cut-through mode include China (Hangzhou), China (Shanghai), China (Qingdao), China (Beijing), China (Zhangjiakou), China (Hohhot), China (Shenzhen), China (Guangzhou), China (Chengdu), Singapore (Singapore), Indonesia (Jakarta), Germany (Frankfurt), UK (London), and US (Virginia).
- A secondary ENI is created in a VPC. The secondary ENI and the EIP are created in the same region. For more information, see Create an ENI.
- The secondary ENI is not associated with an Elastic Compute Service (ECS) instance.
If the secondary ENI is associated with an ECS instance, you must disassociate the secondary ENI from the ECS instance. Then, associate an EIP with the secondary ENI in cut-through mode and associate the secondary ENI with the ECS instance. For more information, see Unbind an ENI.
EIPs function as NAT IP addresses. In NAT mode, public IP addresses are assigned to gateways instead of the ENIs of ECS instances. Therefore, you can query only private IP addresses and cannot query public IP addresses in the operating system. Administrators must manually maintain the mappings between ENIs or servers and public IP addresses. In addition, EIPs that are associated with resources in NAT mode do not support protocols such as H.323, Session Initiation Protocol (SIP), Domain Name System (DNS), or Real Time Streaming Protocol (RTSP).
- The EIP that is associated with a secondary ENI replaces the private IP address of the secondary ENI. The secondary ENI functions as a public NIC. The private network feature of the secondary ENI is no longer available.
- To query the EIP in the operating system, run the ifconfig or ipconfig command.
- EIPs support all IP protocols, including FTP, H.323, SIP, DNS, RTSP, and TFTP.
- Each secondary ENI can be associated with only one EIP.
- Log on to the Elastic IP Address console .
- In the top navigation bar, select the region of the EIP.
- On the Elastic IP Addresses page, find the EIP that you want to associate and click Bind Resource in the Actions column.
- In the Associate EIP with Resource dialog box, set the following parameters and click OK.
Parameter Description Instance Type Select Secondary ENI. Mode Select Cut-Through Mode. Select an instance to associate. Select the secondary ENI with which you want to associate the EIP.Notice Make sure that the selected secondary ENI is not associated with an ECS instance.
- Then, click the ENI that is associated with the EIP.
- On the Network Interfaces page, click Bind to Instance in the Actions to associate the ENI with an ECS instance. Note
- The number of ENIs that can be associated with an ECS instance varies based on the instance type. For more information, see the Instance family.
- After you associate a secondary ENI with an ECS instance, some images cannot automatically identify the IP address of the secondary ENI or add routes. You must configure the secondary ENI on the ECS instance to identify the IP address of the ENI and add routes. For more information, see Configure a secondary ENI.
- After you associate an EIP in cut-through mode, the ECS instance automatically generates a route that uses the secondary ENI as the outbound interface. The priority of this route is lower than the priority of the route of the primary ENI. You can modify the priorities of the routes based on your business requirements. For more information about how to configure routes in some operating systems, see Configure routes for a secondary ENI that is bound to an instance that runs an Alibaba Cloud Linux 2 or CentOS 7 operating system and Configure routes for a secondary ENI that is bound to an instance that runs a CentOS 8 operating system.
- Log on to the ECS instance by using the associated EIP and run the
ipconfigcommand to view the network configuration of the ECS instance.Note Make sure that the security group rules of the ECS instance allow remote access.The following figure shows that the private IP address of the ECS instance is replaced by the EIP.