This topic describes how to associate an elastic IP address (EIP) with a secondary elastic network interface (ENI) in cut-through mode. Then, the EIP replaces the private IP address of the secondary ENI. The secondary ENI functions as a public network interface controller (NIC). This way, you can query the EIP in the operating system.

Note
  • We recommend that you expose an EIP on an ENI by adding a secondary CIDR block to a virtual private cloud (VPC). For more information, see Expose an EIP on an NIC by adding a secondary CIDR block to a VPC.
  • The regions that support the cut-through mode include China (Hangzhou), China (Shanghai), China (Qingdao), China (Beijing), China (Zhangjiakou), China (Hohhot), China (Shenzhen), China (Guangzhou), China (Chengdu), Singapore (Singapore), Indonesia (Jakarta), Germany (Frankfurt), UK (London), and US (Virginia).

Prerequisites

  • A secondary ENI is created in a VPC. The secondary ENI and the EIP are created in the same region. For more information, see Create an ENI.
  • The secondary ENI is not associated with an Elastic Compute Service (ECS) instance.

    If the secondary ENI is associated with an ECS instance, you must disassociate the secondary ENI from the ECS instance. Then, associate an EIP with the secondary ENI in cut-through mode and associate the secondary ENI with the ECS instance. For more information, see Unbind an ENI.

Background information

EIPs function as NAT IP addresses. In NAT mode, public IP addresses are assigned to gateways instead of the ENIs of ECS instances. Therefore, you can query only private IP addresses and cannot query public IP addresses in the operating system. Administrators must manually maintain the mappings between ENIs or servers and public IP addresses. In addition, EIPs that are associated with resources in NAT mode do not support protocols such as H.323, Session Initiation Protocol (SIP), Domain Name System (DNS), or Real Time Streaming Protocol (RTSP).

To use an EIP that supports these protocols, you can associate the EIP with a secondary ENI in cut-through mode. In cut-through mode:
  • The EIP that is associated with a secondary ENI replaces the private IP address of the secondary ENI. The secondary ENI functions as a public NIC. The private network feature of the secondary ENI is no longer available.
  • To query the EIP in the operating system, run the ifconfig or ipconfig command.
  • EIPs support all IP protocols, including FTP, H.323, SIP, DNS, RTSP, and TFTP.
  • Each secondary ENI can be associated with only one EIP.
Notice If you associate a subscription EIP with a secondary ENI in cut-through mode, and the secondary ENI is associated with an ECS instance, the private network feature of the secondary ENI is unavailable after the EIP is released. To restore the private network feature of the secondary ENI, you must disassociate the secondary ENI from the ECS instance, and associate the secondary ENI with the ECS instance again.

Procedure

  1. Log on to the Elastic IP Address console .
  2. In the top navigation bar, select the region of the EIP.
  3. On the Elastic IP Addresses page, find the EIP that you want to associate and click Bind Resource in the Actions column.
  4. In the Associate EIP with Resource dialog box, set the following parameters and click OK.
    Parameter Description
    Instance Type Select Secondary ENI.
    Mode Select Cut-Through Mode.
    Select an instance to associate. Select the secondary ENI with which you want to associate the EIP.
    Notice Make sure that the selected secondary ENI is not associated with an ECS instance.
  5. Then, click the ENI that is associated with the EIP.
    View the details of the ENI.
  6. On the Network Interfaces page, click Bind to Instance in the Actions to associate the ENI with an ECS instance.
    Note
  7. Log on to the ECS instance by using the associated EIP and run the ipconfig command to view the network configuration of the ECS instance.
    Note Make sure that the security group rules of the ECS instance allow remote access.
    The following figure shows that the private IP address of the ECS instance is replaced by the EIP. Check the EIP that is associated with the ECS instance