This topic provides answers to some frequently asked questions about associating an elastic IP address (EIP) with and disassociating an EIP from a cloud resource.

What are the cloud resources with which I can associate EIPs?

You can associate EIPs with Elastic Compute Service (ECS) instances, internal-facing Classic Load Balancer (CLB) instances, secondary elastic network interfaces (ENIs), NAT gateways, and high-availability virtual IP addresses (HAVIPs). The ECS instances, internal-facing CLB instances, and secondary ENIs must be deployed in virtual private clouds (VPCs).

Can I associate an EIP with multiple cloud resources?

No. You can associate an EIP with only one cloud resource.

Can I associate an EIP with a cloud resource that is deployed in a different region?

No.

The EIP and the cloud resource with which you want to associate the EIP must be deployed in the same region. For example, an EIP deployed in the China (Beijing) region cannot be associated with a cloud resource deployed in the China (Hangzhou) region.

Can I associate an EIP with a cloud resource that is deployed in a different zone?

Yes.

Zones do not apply to EIPs. If a cloud resource and an EIP are deployed in the same region, you can associate the EIP with the cloud resource.

How many EIPs can I associate with a cloud resource?

  • NAT gateway

    You can associate at most 20 EIPs with a NAT gateway. You can associate at most 10 pay-by-data-transfer EIPs with a NAT gateway.

    Go to the Quota Management page to increase the quota. For more information, see Manage quotas.

  • HAVIP

    You can associate only one EIP with each HAVIP.

  • CLB instance

    You can associate only one EIP with an internal-facing CLB instance that is deployed in a VPC.

Can I associate an EIP with a CLB instance?

You can associate an EIP with an internal-facing CLB instance that is deployed in a VPC. However, you cannot associate an EIP with an Internet-facing CLB instance. You can associate only one EIP with an internal-facing CLB instance that is deployed in a VPC.

Why am I unable to view the associated CLB instances in the EIP console?

Possible causes:
  • The resource group IDs of the EIP and CLB instance are different.
  • If you log on to the EIP console as a RAM user, you cannot view the associated CLB instances in the EIP console. To view the associated CLB instances in the EIP console, use an Alibaba Cloud account.

If an EIP is associated with an ECS instance, can I use the DNAT feature of a NAT gateway to enable the ECS instance to provide Internet-facing services?

No.

The limits are:
  • If an EIP is associated with an ECS instance, you cannot use the DNAT feature of a NAT gateway to enable the ECS instance to provide Internet-facing services.

    Before you can use the DNAT feature, you must disassociate the EIP from the ECS instance. Then, you can create DNAT entries for the ECS instance. For more information, see Disassociate an EIP from a NAT gateway and Manage a DNAT entry.

  • After you create DNAT entries for an ECS instance, you cannot associate an EIP with the ECS instance.

    Before you can associate an EIP with the ECS instance, you must delete the DNAT entries that you created for the ECS instance. After you delete the DNAT entries, you can associate an EIP with the ECS instance. For more information, see Delete a NAT gateway and Associate an EIP with a NAT gateway.

Note If an ECS instance is associated with an EIP and DNAT is configured for the ECS instance, the ECS instance preferentially uses the associated EIP to communicate with the Internet.

Why am I unable to associate an EIP with an ECS instance?

Possible causes:

  • You can associate an EIP with only one ECS instance that is deployed in a VPC. If the ECS instance is not deployed in a VPC, you cannot associate an EIP with the ECS instance.
  • The EIP and ECS instance are deployed in different regions.
  • The ECS instance is in a state that does not allow you to associate an EIP with the ECS instance. You can associate an EIP with only an ECS instance that is in the Running or Stopped state.
  • The ECS instance is assigned a public IP address or another EIP is associated with the ECS instance.

Why am I unable to view the EIP in the operating system of the ECS instance after I associate the EIP with the ECS instance?

EIPs are deployed on the Internet gateway of Alibaba Cloud and are mapped to the private ENIs of the associated ECS instances through NAT. Therefore, you cannot view the EIP on the private ENI of the ECS instance.

When you associate an EIP with a secondary ENI, you can select the cut-through mode. In cut-through mode, the EIP replaces the private IP address of the secondary ENI. The secondary ENI serves as a public network interface controller (NIC) and the private network feature is no longer available. To view the EIP in the ENI information of the operating system, run the ifconfig or ipconfig command. For more information, see Associate an EIP with a secondary ENI in cut-through mode.

How can I associate multiple EIPs with one ECS instance?

You can associate multiple EIPs with one ECS instance by using the following methods:
  • Associate an EIP with each secondary ENI. Then, attach the secondary ENIs to the ECS instance. The number of secondary ENIs that can be attached to an ECS instance varies based on the specification of the ECS instance. For more information, see Instance family.
  • Associate multiple EIPs with a secondary ENI in NAT mode. In this mode, each EIP is associated with a secondary private IP address of the secondary ENI. Then, associate the secondary ENI with the ECS instance. For more information, see Associate multiple EIPs with an ECS instance in NAT mode.

Why am I unable to access services over the Internet after I associate an EIP with an ECS instance or ENI?

If you want the ECS instance to access the Internet, you must configure the default route of the ECS instance or create specific routes for the ECS instance. By default, packets are transmitted from the primary ENI. You can modify route priorities to allow packets to access the Internet through the secondary ENI. You can also configure specific routes to forward packets to the Internet through multiple ENIs or a random ENI to implement load balancing.

Can I use an EIP as the origin IP address for Web Application Firewall (WAF)?

Yes.