Use a reserved CIDR block to assign an IP prefix to an ENI - Virtual Private Cloud

When building a container network based on multiple IP addresses, you can add reserved IPv4 or IPv6 CIDR blocks to a vSwitch. Use the reserved CIDR block to assign prefixes to Elastic Network Interface (ENI) to simplify configurations and enhance the IP density of a node.

Overview

ENI

An ENI is a virtual network interface that equips Elastic Compute Service (ECS) instances in a VPC with network interfaces and IP addresses. Each ECS instance can attach multiple ENIs. You can configure multiple IP addresses for each ENI and migrate ENI among ECS instances in the same zone of the same VPC. This offers flexible and scalable network configurations to meet diverse business requirements.

IP prefixes

ENIs support the allocation of private IPv4 or IPv6 CIDR blocks, known as IP prefixes. By assigning these, you can batch manage the IP addresses of ECS instances .

Reserved CIDR blocks

You can add reserved CIDR blocks to a vSwitch and assign IPv4 or IPv6 prefixes to ENIs. This streamlines batch IP configurations, enhances efficiency, and boosts the IP density of ECS instances.

When the VPC to which the vSwitch belongs allocates private IP addresses to resources, IPs in the reserved CIDR block are skipped.

Procedure

Step 1: Add a reserved CIDR block

Log on to the VPC console.
In the left-side navigation pane, click vSwitch and choose the region where the vSwitch is located.

On the vSwitch page, find the one you want and click its ID to access the vSwitch Basic Information section. Navigate to the Reserved CIDR Block tab, where you can add IPv4 or IPv6 reserved CIDR blocks. This example demonstrates how to add an IPv4 reserved CIDR block using 192.168.1.128/26.

Note

The reserved CIDR block must exclude the system reserved addresses of the VPC. These include the first and last three IPv4 addresses, along with the first and last nine IPv6 addresses of the vSwitch.
When you add a reserved IPv6 CIDR block, ensure that the vSwitch has the IPv6 feature enabled.

Method	Description
Specify CIDR Block Note Enter the reserved IPv4 or IPv6 CIDR block. The reserved CIDR block must be a subset of the IPv4 or IPv6 CIDR block of the vSwitch to which it belongs. For example, if the vSwitch CIDR block is `192.168.1.0/24`, specify the reserved CIDR block as `192.168.1.128/26`.
Mask Length Note Enter the mask length of the reserved CIDR block. The system will add the first available CIDR block of that mask length. The mask length must be at least 2 greater than that of the vSwitch. The maximum mask length of IPv4 CIDR blocks cannot exceed 28, while that of IPv6 is 80.

After adding the reserved CIDR block, the available IP addresses include 192.168.1.128/28, 192.168.1.144/28, 192.168.1.160/28, and 192.168.1.176/28.

Note

The available IP addresses refer to the unassigned IPs with a mask of /28.

Step 2: Assign IP prefixes

Log on to the ECS console.
In the left-side navigation pane, select Network & Security > Elastic Network Interfaces. At the top left of the page, select the resource group and region where the target resource is located.
Click Create ENI to assign the IP prefix 192.168.1.128/28 to the ENI.
- Primary Private IP Address: No primary private IP is specified in this example. When creating an ENI, the system automatically assigns an available address from the CIDR block of vSwitch.
- Secondary Private IPv4 Address: Select Specify IPv4 Prefix. Set an IPv4 prefix within the reserved CIDR block with a mask length of 28. This topic sets it to 192.168.1.128/28.
- IPv6: Not Assign is chosen in this example. If a reserved IPv6 CIDR block is required, you must select Specify IPv6 Prefix and set an IPv6 prefix with a mask length of 80.
  Note
  If you need to assign an IPv6 address to the ENI, ensure the selected vSwitch supports IPv6 address configuration. If the feature is not enabled, click Enable vSwitch IPv6 to enable it.
After assigning the IP prefix 192.168.1.128/28 to the ENI, the available IP segments are 192.168.1.144/28, 192.168.1.160/28, and 192.168.1.176/28.
Note
- After the IP prefix is assigned, you can configure secondary IP addresses on the associated ECS instance. For more information, see Configure IPv4 addresses and Configure IPv6 addresses.
- After associating an ENI with an ECS instance, certain images may not automatically recognize IP addresses on secondary ENIs. You must manually configure secondary ENIs.

(Optional) Add IP prefix for ENI

On the Elastic Network Interface page, locate the desired ENI, and in the Actions column, click Manage ENI IP.
Add available IP address as the Secondary Private IPv4 Address.

Additional operations

View used IPs and delete reserved CIDR blocks

Before deleting a reserved CIDR block, ensure there are no ENIs that have been assigned IP prefixes from it. If there are, release the IP prefixes before proceeding.

On the vSwitch page, locate the vSwitch and click its ID.
In the vSwitch Basic Information section, click the Reserved CIDR Block tab to the occupied IPs or delete the reserved CIDR blocks.
- View occupied IPv4 CIDR block/IPv6 CIDR block
  On the IPv4 tab or the IPv6 tab, find the reserved CIDR block. Then, in the Actions column, click View Used IP.
- Delete the reserved IPv4 or IPv6 CIDR block.
  On the IPv4 tab or the IPv6 tab, find the reserved CIDR block. Then, in the Actions column, click Delete.

Limits

Supported regions

Reserved IPv4 CIDR blocks are supported in all regions, while reserved IPv6 CIDR blocks are available in regions that support IPv4/IPv6 dual-stack.

Quota limit

You can create up to 10 reserved IPv4 CIDR blocks and 10 reserved IPv6 CIDR blocks for each vSwitch in a VPC.

References

For more information about ENIs, see primary private IP and secondary private IP.
For more information about the limits of IP prefixes, see IP prefix.