You can assign one or more secondary private IP addresses to a primary or secondary elastic network interface (ENI) to meet your business requirements in multi-application, failover, and Server Load Balancer (SLB) scenarios. This topic describes how to assign secondary private IP addresses and configure secondary private IP addresses for an Elastic Compute Service (ECS) instance.
Scenarios
Secondary private IP addresses are suitable for the following scenarios:
Multi-application scenarios: If your instance hosts multiple applications, you can assign secondary private IP addresses to the applications so that each application can use a separate IP address for outbound connections. This way, a single instance can provide multiple services to maximize instance utilization.
Failover scenarios: If an instance fails, you can unbind secondary ENIs from the instance and bind the ENIs to another instance so that traffic destined for the secondary private IP addresses of the failed instance is diverted to the normal instance. This ensures service continuity.
SLB scenario: By assigning multiple secondary private IP addresses to each instance, an SLB mechanism can be implemented to evenly distribute traffic across multiple instances. This improves system scalability and performance.
Limits
When you assign secondary private IP addresses, take note of the following limits:
Limits on security groups: A limited number of private IP addresses can be contained in a security group of the Virtual Private Cloud (VPC) type. For more information, see the Security group limits section of the "Limits" topic.
Limits on ENIs: The maximum number of private IP addresses that can be assigned to an ENI varies based on the status of the ENI.
For an ENI in the Available state, up to 10 private IP addresses can be assigned.
For an ENI in the InUse state, the maximum number of private IP addresses that can be assigned varies based on the instance type of the instance to which the ENI is bound. For more information, see Overview of instance families.
Procedure
Step 1: Make preparations
Make sure that the following requirements are met:
The instance to which an ENI is bound is in the Running (Running) state. For more information, see Start an instance.
The ENI is bound to the instance. For more information, see Bind a secondary ENI.
Step 2: Assign secondary private IP addresses
Log on to the ECS console.
In the left-side navigation pane, choose .
In the top navigation bar, select the region and resource group to which the resource belongs.
On the Elastic Network Interfaces page, find the ENI to which you want to assign secondary private IP addresses and click Manage ENI IP Addresses in the Actions column.
In the Manage ENI IP Addresses dialog box, click Increase in the Secondary Private IPv4 Address or IPv6 section.
If you leave the fields empty, random IP addresses are automatically assigned from within the private IPv4 or IPv6 CIDR blocks of the vSwitch to which the ENI is connected.
If you enter IP addresses, make sure that the IP addresses are within the private IPv4 or IPv6 CIDR blocks of the vSwitch to which the ENI is connected.
Click Confirm.
Step 3: Configure secondary private IP addresses for an instance
After you assign a secondary private IP address to an instance, you must configure the secondary private IP address for the instance based on the operating system type and IP address type. The operations that you must perform vary based on the operating system type and IP address type.
For information about how to configure secondary private IPv6 addresses, see Configure an IPv6 address for an ECS instance.
Windows instances
Connect to an ECS instance.
For information about the connection methods, see Connection method overview.
View the subnet mask and default gateway of the instance.
Open Command Prompt or Windows PowerShell.
Run the
ipconfig
command to view the subnet mask and default gateway of the instance.The sample command output shown in the following figure is returned. The command output indicates that Ethernet is used.
Click Network and Sharing Center.
Click Change adapter settings.
Double-click the network connection in use. In this example, the network connection named Ethernet is used. Click Properties in the Ethernet Status dialog box.
In the Ethernet Properties dialog box, double-click Internet Protocol Version 4 (TCP/IPv4).
In the Internet Protocol Version 4 (TCP/IPv4) Properties dialog box, select Use the following IP address and click Advanced...
In the Advanced TCP/IP Settings dialog box, configure IP addresses.
In the IP addresses section, click Add... and enter one of the assigned IP addresses in the IP address field and the obtained subnet mask in the Subnet mask field.
You can repeat this step to add multiple IP addresses to the same adapter.
In the Default gateways section, click Add... and enter the obtained default gateway in the Default gateway field.
Click OK.
Run the
ipconfig
command to check the configuration result.The following figure shows the output of a sample command used to configure two secondary private IP addresses.
If a Windows instance cannot access the Internet after you configure secondary private IP addresses for the instance, troubleshoot the issue by following the instructions in the After I configure a secondary private IP address for a Windows instance, the instance cannot connect to the Internet. Why? section of the "Network FAQ" topic.
Linux instances that run a Red Hat Enterprise Linux (RHEL) operating system
The procedure applies to the following operating systems: Alibaba Cloud Linux 2, Alibaba Cloud Linux 3, CentOS 6, CentOS 7, CentOS 8, Red Hat 6, Red Hat 7, Red Hat 8, Anolis 7, Anolis 8, Fedora 33, and Fedora 34.
Connect to an ECS instance.
For information about the connection methods, see Connection method overview.
View network configurations.
Run the
ifconfig
command to query the subnet mask and run theroute -n
command to query the default gateway.The following figure shows a sample command output.
In the preceding command output,
255.255.**.**
corresponding to netmask is the IPv4 subnet mask, and192.**.**.253
corresponding to Gateway is the default gateway.NoteIf the Linux distribution used by the instance does not support the
ifconfig
command, run theip a
orip addr show
command instead.Run the
ls /etc/sysconfig/network-scripts/ifcfg-<Name of the ENI>
command to check whether the configuration file that contains the primary private IP address of the ENI exists.The following figures show sample command outputs.
The specified file does not exist
If the preceding message is returned, the configuration file that contains the primary private IP address of the ENI does not exist. You must run the
sudo vi /etc/sysconfig/network-scripts/ifcfg-<Name of the ENI>
command to specify the primary private IP address of the ENI in the configuration file.Example:
DEVICE=<Name of the ENI> // Example: eth1 TYPE=Ethernet BOOTPROTO=static ONBOOT=yes IPADDR=<Assigned primary private IPv4 address> NETMASK=<IPv4 subnet mask> GATEWAY=<Default gateway>
The specified file exists
If the preceding message is returned, the configuration file that contains the primary private IP address of the ENI exists. Ignore this step and proceed to the next step.
Modify the network configuration file.
NoteIn the following example, the secondary ENI named eth1 is used. You must replace the value of DEVICE based on your business requirements.
To configure a single secondary private IPv4 address, run the
sudo vi /etc/sysconfig/network-scripts/ifcfg-eth1:0
command to add configuration items to the configuration file.Example:
DEVICE=eth1:0 TYPE=Ethernet BOOTPROTO=static IPADDR=<Assigned secondary private IPv4 address 1> NETMASK=<IPv4 subnet mask>
If you want to configure more secondary private IPv4 addresses, increment the DEVICE sequence number and add the corresponding configuration items.
For example, run the
sudo vi /etc/sysconfig/network-scripts/ifcfg-eth1:1
command to add the following sample configuration items:DEVICE=eth1:1 TYPE=Ethernet BOOTPROTO=static IPADDR=<Assigned secondary private IPv4 address 2> NETMASK=<IPv4 subnet mask>
Run a corresponding command based on the operating system for the configuration to take effect.
Operating system
Command
Alibaba Cloud Linux 2
CentOS 7
Red Hat 7
Anolis 7
Run one of the following commands to restart the network service:
sudo service network restart
sudo systemctl restart network
CentOS 6
Red Hat 6
Run the
sudo service network restart
command to restart the network service.Alibaba Cloud Linux 3
CentOS 8
Red Hat 8
Anolis 8
Fedora 33/34
Perform the following operations:
Run the
sudo systemctl restart NetworkManager
command to restart the network service.Run the
sudo nmcli device reapply eth1
command to reconnect to the eth1 ENI, or run thesudo reboot
command to restart the instance.
Run the
ifconfig
command to check whether the configuration takes effect.The following figure shows the output of a sample command used to configure two secondary private IP addresses.
Linux instances that run a Debian operating system
Before you perform the following procedure, take note of the following items:
This procedure applies to the following operating systems: Ubuntu 18, Ubuntu 20, Ubuntu 14, Ubuntu16, Debian 8, Debian 9, and Debian 10.
In the following example, the eth0 primary ENI is used. If you use a secondary ENI, replace the ENI ID with the actual ENI ID.
Connect to an ECS instance.
For information about the connection methods, see Connection method overview.
Configure secondary private IP addresses based on the operating system that your instance runs.
Debian series: Ubuntu 18 and Ubuntu 20
Disable cloud-init network configuration. Run the
sudo vim /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg
command to open the configuration file and add the corresponding configuration items to the file.Example:
network: {config: disabled}
Run the
sudo vim /etc/netplan/50-cloud-init.yaml
command to open the network configuration file and change the IP addresses that are assigned by using Dynamic Host Configuration Protocol (DHCP) to static IP addresses.Example:
network: version: 2 ethernets: eth0: match: macaddress: 00:16:3e:36:**:** addresses: - <Primary private IPv4 address>/<Subnet mask bit> - <Assigned secondary private IPv4 address 1>/<Subnet mask bit> - <Assigned secondary private IPv4 address 2>/<Subnet mask bit> gateway4: <Default gateway>
NoteYou must replace
<Subnet mask bit>
with the subnet mask bit corresponding to the subnet mask. For example, set the subnet mask bit to/24
for the255.255.255.0
subnet mask.Run the
sudo netplan apply
command to restart the network service.Run the
ip -a
command to check whether the configuration takes effect.The following figure shows the output of a sample command used to configure two secondary private IP addresses.
Debian series: Ubuntu 14, Ubuntu 16, Debian 8, Debian 9, and Debian 10
Run the
sudo vi /etc/network/interfaces
command to open the network configuration file and add the corresponding configuration items to the file.Example:
auto eth0:0 iface eth0:0 inet static address <Assigned secondary private IPv4 address 1> netmask <IPv4 mask> auto eth0:1 iface eth0:1 inet static address <Assigned secondary private IPv4 address 2> netmask <IPv4 mask>
Run the
sudo reboot
command to restart the instance.Run the
ifconfig
command to check whether the configuration takes effect.The following figure shows the output of a sample command used to configure two secondary private IP addresses.
Linux instances that run a SUSE Linux Enterprise Server (SLES) operating system
Before you perform the following procedure, take note of the following items:
This procedure applies to the following operating systems: SUSE 11, SUSE 12, SUSE 15, OpenSUSE 15, and OpenSUSE 42.
In the following example, the eth0 primary ENI is used. If you use a secondary ENI, replace the ENI ID with the actual ENI ID.
Connect to an ECS instance.
For information about the connection methods, see Connection method overview.
Run the
sudo vi /etc/sysconfig/network/ifcfg-eth0
command to open the network configuration file and add the corresponding configuration items. Example:IPADDR_0=<Assigned secondary private IPv4 address 1> NETMASK_0=<IPv4 subnet mask> LABEL_0='0' IPADDR_1=<Assigned secondary private IPv4 address 2> NETMASK_1=<IPv4 subnet mask> LABEL_1='1'
Run the
sudo service network restart
orsudo systemctl restart network
command to restart the network service.Run the
ifconfig
command to check whether the configuration takes effect.The following figure shows the output of a sample command used to configure two secondary private IP addresses.