You can associate an elastic IP address (EIP) with an elastic network interface (ENI). If you associate EIPs with ENIs and associate the ENIs with an Elastic Compute Service (ECS) instance, the ECS instance can use multiple EIPs. This improves the availability, flexibility, and scalability of your service.

Each ENI is assigned a private IP address. After you associate an EIP with an ENI, the ENI can send and receive network traffic through both a private IP address and a public IP address. If you migrate an ENI that is associated with an EIP from an ECS instance to another ECS instance, both the private and public IP addresses of the ENI are migrated. This solution allows you to migrate the IP addresses of an ECS instance without affecting the reliability and availability of your service.

Associate ENIs

You can associate multiple ENIs with an ECS instance. You can associate each ENI with an EIP. This way, the ECS instance has multiple public IP addresses. The ECS instance can use the EIPs to provide Internet-facing services. You can configure security group rules for the ECS instance to control access from the Internet.

Associate multiple ENIs

Association modes

You can associate an EIP with an ENI in one of the following modes:
  • NAT mode
  • Cut-through mode
    Note
    • The cut-through mode is supported in the following regions: China (Hangzhou), China (Shanghai), China (Qingdao), China (Beijing), China (Zhangjiakou), China (Hohhot), China (Shenzhen), China (Guangzhou), China (Chengdu), Singapore (Singapore), Indonesia (Jakarta), Germany (Frankfurt), UK (London), and US (Virginia).
    • To display an EIP on an ENI, we recommend that you add a secondary CIDR block to the virtual private cloud (VPC) where the ENI is deployed. For more information, see Expose an EIP on an NIC by adding a secondary CIDR block to a VPC.
The following table describes the differences between these modes.
Item NAT mode Cut-through mode
Whether the EIP is displayed on the ENI in the operating system No Yes
Note You can run the ifconfig or ipconfig command to query the public IP address of the ENI.
Types of ENIs that can be associated with EIPs Primary ENI and secondary ENI Secondary ENI
Number of EIPs that can be associated with a primary ENI 1 EIPs cannot be associated with primary ENIs
Number of EIPs that can be associated with a secondary ENI Based on the number of private IP addresses of the secondary ENI
Note Each EIP is mapped to a private IP address of a secondary ENI. If a secondary ENI is assigned 10 private IP addresses, at most 10 EIPs can be associated with the secondary ENI.
1
Note You can associate an EIP with only the primary private IP address of a secondary ENI in cut-through mode.
Whether private network features of a secondary ENI are available after an EIP is associated with the secondary ENI Yes No
Supported protocols

EIPs do not support protocols that are managed by NAT application layer gateways (ALGs), such as H.323, Session Initiation Protocol (SIP), Domain Network System (DNS), and Real Time Streaming Protocol (RTSP).

EIPs support all IP protocols, such as FTP, H.323, SIP, DNS, RTSP, and Trivial File Transfer Protocol (TFTP).

FAQ

Am I charged an instance fee for an EIP after I associate the EIP with a secondary ENI?

Yes,

you are not charged an instance fee for an EIP only when you associate the EIP with an ECS instance. You are charged an instance fee if you associate an EIP with other types of resources.

Do I need to configure an ECS instance after I attach an ENI that is associated with an EIP to the ECS instance?
  • If you want the ECS instance to provide Internet-facing services, for example, web services, you do not need to configure routes for the ECS instance or the VPC where the ECS instance is deployed. The ECS instance uses the EIP to provide services.
  • If you want the ECS instance to access the Internet, you must configure the default route of the ECS instance or create specific routes for the ECS instance. By default, packets are transmitted from the primary ENI. You can modify route priorities to allow packets to access the Internet from the secondary ENI. You can also create specific routes to forward packets to the Internet from multiple ENIs or a random ENI to implement load balancing.