All Products
Search

This Product

    :Introduction to RDS Custom networking

    Document Center

    :Introduction to RDS Custom networking

    Last Updated:Aug 08, 2025

    This topic describes the default network configurations of RDS Custom and how to configure network initialization for a custom image.

    RDS Custom networking overview

    An RDS Custom instance in dual-NIC mode has two network interfaces by default: a primary network interface (usually named eth0) and an Elastic Network Interface (ENI) (usually named eth1).

    • eth0: This interface is created in a management VPC. Because of security group restrictions, only traffic from the ECS management CIDR block 100.100.0.0/16 is allowed to exit through the eth0 interface.

      Note

      The IP addresses 100.100.2.136 and 100.100.2.138 are internal DNS IP addresses. Traffic to and from these addresses must pass through eth1.

    • eth1: This interface is created in your VPC. Typically, all traffic, except for traffic from the ECS management CIDR block, passes through eth1. You can manage inbound and outbound traffic using security groups.

    After you connect to an RDS Custom instance, its network interfaces, route table, and iptables firewall rules are typically as follows:

    • Run the ip address show command to view the status of the instance's network interfaces.

      image

    • Run the route -n command to view the instance's route table.

      Traffic passes only through the eth1 network interface.

      image

    • Run the iptables -L -n command to view the default iptables configuration of the instance.

      image

    If you change the route table, iptables firewall rules, or network interface configurations (such as restarting eth0) on your RDS Custom instance and lose connectivity, restart the instance to initialize the RDS Custom network.

    Warning

    RDS Custom instances use the /etc/rds_custom_init.sh script for network initialization. Do not delete this script. If you do, initialization will fail.

    Configure network initialization for a custom image

    When you create an RDS Custom instance from a custom image, RDS Custom automatically configures the /etc/rds_custom_init.sh script for network initialization on most public images. Supported images include Alibaba Cloud Linux 3, Alibaba Cloud Linux 2, CentOS 8, CentOS 7, Debian 11, Debian 10.5, AlmaLinux 9.2, Ubuntu 22, Ubuntu 20, and Ubuntu 16. To use other custom images, you must manually create the rds_custom_init.sh script on the source image instance before you create the custom image.

    The main functions of the rds_custom_init.sh script are as follows:

    1. For systems that cannot automatically activate the ENI, it configures the network for eth1 and starts the related services.

    2. It modifies the routing configuration to point the default route to eth1 and the ECS management CIDR block 100.100.0.0/16 to eth0.

    3. It modifies the routing configuration to point the internal DNS IP addresses 100.100.2.136 and 100.100.2.138 to eth1.

    Important

    When an RDS Custom instance starts, the system records the gateway of eth0 in /etc/eth0_gateway and automatically configures the /etc/rds_custom_init.sh script for most public images. If you plan to perform network-related initialization on the RDS Custom instance, ensure that you manually run the /etc/rds_custom_init.sh script after your network initialization is complete. If eth1 is not working (for example, if its IP address is not detected), contact us or configure the network to ensure that eth1 runs properly.

    Manually create the script and configure it to run on startup

    1. Create the rds_custom_init.sh script in the /etc folder. The script content is as follows:

      rds_custom_init.sh script

      #!/bin/bash
echo "RDS CUSTOM INIT START, $(date)" >> /tmp/rds_custom_init.log
flag=0
for ((i=1; i<=5; i++)); do
    eth1_ip=$(ip address show eth1 | grep "inet " | awk "{print \$2}" | cut -d'/' -f1)  
    if [[ -n "$eth1_ip" ]]; then
        break
    else
        sleep 1
    fi
done
eth0_gateway=$(ip route | grep "default via " | grep "eth0" | awk "{print \$3}")
# check eth0_gateway
if [ -z "$eth0_gateway" ]; then
    if [ -f /etc/eth0_gateway ]; then
        eth0_gateway=$(cat /etc/eth0_gateway)
    else
        echo "No gateway found for eth0, and /etc/eth0_gateway file does not exist." >> /tmp/rds_custom_init.log
        exit 0
    fi
fi
if [ -z "$eth1_ip" ] && ip address show | grep -q "eth1"; then
    if lsb_release -a 2>/dev/null | grep -q -e "Ubuntu 16.04" -e "Debian"; then
      sed -i 's/eth0/eth1/g' /etc/network/interfaces
      echo "auto eth0" >> /etc/network/interfaces
      echo "iface eth0 inet dhcp" >> /etc/network/interfaces
      sudo systemctl restart networking
      flag=1
      echo "UP ETH1 FOR UBUNTU 16.04 or Debian, $(date)" >> /tmp/rds_custom_init.log
    else   
      HWADDR=$(ip address show eth1 | grep "link/ether" | awk "{print \$2}")
      echo -e "DEVICE=eth1\nBOOTPROTO=dhcp\nONBOOT=yes\nTYPE=Ethernet\nUSERCTL=yes\nPEERDNS=no\nIPV6INIT=no\nPERSISTENT_DHCLIENT=yes\nHWADDR=$HWADDR\nDEFROUTE=yes" | tee /etc/sysconfig/network-scripts/ifcfg-eth1 > /dev/null
      service network restart
      echo "UP ETH1, $(date)" >> /tmp/rds_custom_init.log
    fi
fi
eth1_ip=$(ip address show eth1 | grep "inet " | awk "{print \$2}" | cut -d'/' -f1)
if [ "$flag" -eq 0 ] && lsb_release -a 2>/dev/null | grep -q "Ubuntu 16.04"; then
  sudo systemctl restart networking
  echo "UP ETH1 FOR UBUNTU 16.04, $(date)" >> /tmp/rds_custom_init.log
fi
if [ -n "$eth1_ip" ]; then
    ip route add 100.100.0.0/16 via $eth0_gateway dev eth0 2> /dev/null
    keep_route="100.100.0.0/16 via $eth0_gateway dev eth0"
    routes=$(ip route | grep "dev eth0")
    echo "$routes" | while read -r route; do
      if [[ "$route" != "$keep_route" ]]; then
        prefix=$(echo "$route" | awk "{print \$1}")
        ip route delete $prefix dev eth0 > /dev/null
      fi
    done
    echo "DELETE IP ROUTE FOR ETH0, $(date)" >> /tmp/rds_custom_init.log
    eth1_gateway=$(ip route | grep "default via " | grep "eth1" | awk "{print \$3}")
    if ip route | grep -q "100.100.2.136 via $eth1_gateway dev eth1"; then
      ip route delete 100.100.2.136 via "$eth1_gateway" dev eth1
    fi
    if ip route | grep -q "100.100.2.138 via $eth1_gateway dev eth1"; then
      ip route delete 100.100.2.138 via "$eth1_gateway" dev eth1
    fi
    ip route add 100.100.2.136 via $eth1_gateway dev eth1 2> /dev/null
    ip route add 100.100.2.138 via $eth1_gateway dev eth1 2> /dev/null
    ip route delete default via $eth1_gateway dev eth1 2> /dev/null
    ip route add default via $eth1_gateway dev eth1 metric 0 2> /dev/null
fi
echo "RDS CUSTOM INIT FINISHED, $(date)" >> /tmp/rds_custom_init.log

    2. Run the chmod a+x /etc/rds_custom_init.sh command to grant execute permissions to the script.

    3. Edit the /etc/rc.local file to configure the rds_custom_init.sh script to run on startup.

      • If the operating system is not Ubuntu, add /etc/rds_custom_init.sh to the /etc/rc.local file and grant the required permissions to the /etc/rc.local file.

        chmod 777 /etc/rc.local

      • If the operating system is Ubuntu, configure and enable the rc-local.service service.

        1. Edit the /lib/systemd/system/rc-local.service file and add the following content:

          [Install]
WantedBy=multi-user.target

        2. Configure the rc-local.service service to run on startup.

          # Configure the service to run on startup.
systemctl enable rc-local.service
# Check whether the service is configured to run on startup.
systemctl is-enabled rc-local.service

        3. Start the rc-local.service service.

          # Start the service. 
systemctl start rc-local.service
# Check the service status.
systemctl status rc-local.service
        Note

        Ubuntu 20.04, 22.04, and 24.04 support automatic configuration for attached secondary ENIs by default. If automatic configuration fails, perform the following steps to manually configure the ENI.

        Manual configuration steps

        1. Run the following command to open the secondary ENI configuration file.

          vi /etc/netplan/eth1-netcfg.yaml

        2. Add the following configuration for the secondary ENI to the network interface configuration file, and then save and close the file.

          network:
  version: 2
  renderer: networkd
  ethernets:
    eth1:
      dhcp4: yes
      dhcp6: no

        3. Run the following command to apply the configuration.

          netplan apply

    References