All Products
Search

This Product

    Elastic Compute Service:Configure a secondary ENI

    Document Center

    Elastic Compute Service:Configure a secondary ENI

    Last Updated:Nov 08, 2024

    After secondary elastic network interfaces (ENIs) are bound to Elastic Compute Service (ECS) instances, some images used by the instances may not recognize the IP addresses of the secondary ENIs and configure routes for the secondary ENIs. If this issue occurs, the secondary ENIs cannot be used as expected on the instances. To resolve this issue, we recommend that you configure secondary ENIs from within instances to have their IP addresses recognized as described in this topic. You can also configure routes for the secondary ENIs based on your business requirements to better manage and control network traffic.

    Prerequisites

    A secondary ENI is bound to an ECS instance. For more information, see Bind a secondary ENI.

    Step 1: Check whether you need to configure a secondary ENI

    To determine whether you need to configure a secondary ENI that is bound to an ECS instance, check whether the IP addresses of the secondary ENI are recognized or check the type of the image used by the instance.

    Images for which secondary ENIs do not need to be configured

    Automated configuration tools that can automatically configure secondary ENIs are pre-installed on specific images. If you use such an image on ECS instances, you do not need to configure the secondary ENIs that are bound to the instances.

    Note

    The following list provides examples of images for which secondary ENIs do not need to be configured.

    • Linux images:

      • Alibaba Cloud Linux 3.2104 64-bit

      • Anolis OS 7.7 RHCK 64-bit, Anolis OS 8.2 RHCK 64-bit, Anolis OS 8.4 RHCK 64-bit, Anolis OS 8.6 RHCK 64-bit, Anolis OS 8.8 RHCK 64-bit, Anolis OS 7.7 ANCK 64-bit, Anolis OS 8.2 ANCK 64-bit, Anolis OS 8.4 ANCK 64-bit, Anolis OS 8.6 ANCK 64-bit, Anolis OS 8.8 ANCK 64-bit, Anolis OS 8.4 RHCK 64-bit (UEFI), Anolis OS 8.6 RHCK 64-bit (UEFI), Anolis OS 8.4 ANCK 64-bit (UEFI), Anolis OS 8.6 ANCK 64-bit (UEFI), and Anolis OS 8.8 ANCK 64-bit (MLPS 2.0 Level 3)

      • CentOS 8.1 64-bit, CentOS 8.2 64-bit, CentOS 8.3 64-bit, CentOS 8.4 64-bit, CentOS 8.5 64-bit, CentOS 8.3 64-bit (UEFI), CentOS 8.4 64-bit (UEFI), and CentOS 8.5 64-bit (UEFI)

      • Debian 11.8 64-bit, Debian 11.9 64-bit, Debian 12.2 64-bit, Debian 12.4 64-bit, Debian 12.5 64-bit, and Debian 12.2 64-bit (UEFI)

      • Ubuntu 20.04 64-bit, Ubuntu 22.04 64-bit, and Ubuntu 24.04 64-bit

      • AlmaLinux 8.5 64-bit, AlmaLinux 8.6 64-bit, AlmaLinux 8.7 64-bit, AlmaLinux 8.8 64-bit, AlmaLinux 8.9 64-bit, AlmaLinux 9.0 64-bit, AlmaLinux 9.1 64-bit, AlmaLinux 9.2 64-bit, AlmaLinux 9.3 64-bit, AlmaLinux 8.7 64-bit (UEFI), AlmaLinux 8.8 64-bit (UEFI), and AlmaLinux 9.2 64-bit (UEFI)

      • Rocky Linux 8.5 64-bit, Rocky Linux 8.6 64-bit, Rocky Linux 8.7 64-bit, Rocky Linux 8.8 64-bit, Rocky Linux 8.9 64-bit, Rocky Linux 9.0 64-bit, Rocky Linux 9.1 64-bit, Rocky Linux 9.2 64-bit, Rocky Linux 9.3 64-bit, Rocky Linux 8.7 64-bit (UEFI), Rocky Linux 8.8 64-bit (UEFI), and Rocky Linux 9.1 64-bit (UEFI)

      • CentOS Stream 8 64-bit, CentOS Stream 9 64-bit, CentOS Stream 8 64-bit (UEFI), and CentOS Stream 9 64-bit (UEFI)

      • Fedora 33 64-bit, Fedora 34 64-bit, Fedora 35 64-bit, Fedora 37 64-bit, Fedora 38 64-bit, and Fedora 39 64-bit

    • Windows Server 2008 R2 and later

    1. Connect to the Linux instance.

      For more information, see Connect to a Linux instance by using a password or key.

    2. Run the following command to check whether the IP addresses of the secondary ENI are recognized: 

      ip address show

    3. Determine whether you need to configure the secondary ENI based on the returned result.

      • Scenario 1: The IP addresses of both the eth0 primary ENI and the eth1 secondary ENI are recognized. You do not need to configure the secondary ENI.

        Sample command output:

        eth1-detected

      • Scenario 2: The IP address of the eth0 primary ENI is recognized but the IP address of the eth1 secondary ENI is not recognized. You can perform the operations described in this topic to configure the secondary ENI.

        Sample command output:

        ip-detected

      Note

      In the preceding command outputs, 00:16:3e:16:**:** is the media access control (MAC) address of the primary ENI and 00:16:3e:0f:**:** is the MAC address of the secondary ENI.

    (Optional) Step 2: Obtain the information of the secondary ENI

    When you configure a secondary ENI, the primary private IP address and MAC address may be required. Prepare the information for subsequent configurations.

    Sample values are used in the following operations. In actual scenarios, replace them with the attribute values of your secondary ENI.

    (Recommended) Obtain information about the secondary ENI in the ECS console

    1. Log on to the ECS console.

    2. In the left-side navigation pane, choose Network & Security > Elastic Network Interfaces.

    3. In the top navigation bar, select the region and resource group to which the resource belongs. 地域

    4. On the Elastic Network Interfaces page, find the secondary ENI whose information you want to obtain and view the primary private IP address and MAC address in the IP Address and MAC Address columns.

    Obtain information about the secondary ENI from instance metadata

    1. Connect to the Linux ECS instance.

      For more information, see Connect to a Linux instance by using a password or key.

    2. Run the following commands in sequence to obtain the information of the secondary ENI.

      • Obtain the MAC addresses of all ENIs that are bound to the Linux instance. 

        curl http://100.100.100.200/latest/meta-data/network/interfaces/macs/
        Note

        The MAC addresses of the ENIs are required to obtain the primary private IP addresses, subnet masks, and gateway addresses of the ENIs.

      • Obtain the primary private IP address of a specific ENI. 

        curl http://100.100.100.200/latest/meta-data/network/interfaces/macs/00:16:3e:19:**:**/primary-ip-address

      • Obtain the subnet mask of a specific ENI. 

        curl http://100.100.100.200/latest/meta-data/network/interfaces/macs/00:16:3e:19:**:**/netmask

      • Obtain the gateway address of a specific ENI. 

        curl http://100.100.100.200/latest/meta-data/network/interfaces/macs/00:16:3e:19:**:**/gateway

    The following figure shows a sample command output. In the sample command output, 00:16:3e:16:**:** is the MAC address of the primary ENI and 00:16:3e:0f:**:** is the MAC address of the secondary ENI.

    Note

    After you run the ip address show command, you can identify the primary ENI and the secondary ENI based on the order in which the MAC addresses are displayed in the command output.

    eni-status

    Step 3: Configure the secondary ENI

    The operations required to configure secondary ENIs vary based on the operating systems of instances to which the secondary ENIs are bound.

    Alibaba Cloud Linux 2, CentOS 6, CentOS 7, or Red Hat

    If the instance runs Alibaba Cloud Linux 2, CentOS 6, CentOS 7, or Red Hat, you can use the multi-nic-util tool to automatically configure or modify the configurations of ENIs that are bound to the instance.

    Important

    • If you use the multi-nic-util tool, the original network configurations of the ECS instance may be overwritten. Proceed with caution.

    • We recommend that you do not use the multi-nic-util tool in Docker or other containerized environments.

    • For CentOS instances, you can use the multi-nic-util tool to configure secondary ENIs only if the instances use CentOS image versions that support the tool. The following CentOS image versions support the multi-nic-util tool:

      • CentOS 6 images: CentOS 6.8 or later

      • CentOS 7 images: CentOS 7.3 or later

      • If the CentOS instances use CentOS image versions that do not support the multi-nic-util tool, modify the configuration files of secondary ENIs to configure the secondary ENIs on the instances.

    (Recommended) Method 1: Use the multi-nic-util tool to configure a secondary ENI

    1. Run the following commands to download and install the multi-nic-util tool: 

      2. wget https://image-offline.oss-cn-hangzhou.aliyuncs.com/multi-nic-util/multi-nic-util-0.6.tgz && \
tar -zxvf multi-nic-util-0.6.tgz && \
cd multi-nic-util-0.6 && \
bash install.sh

    2. Run the following command to restart the ENI service: 

      sudo systemctl restart eni.service

    Method 2: Modify the configuration file of a secondary ENI to configure the secondary ENI

    1. Run the following command to open the configuration file of the secondary ENI: 

      2. vi /etc/sysconfig/network-scripts/ifcfg-eth1

    2. Press the I key to enter Insert mode and add the information about the secondary ENI to the configuration file. Press the Esc key to exit Insert mode and enter :wq to save and close the configuration file.

      Sample information about the secondary ENI:

      DEVICE=eth1  # Specify the name of the ENI that you want to configure. 
BOOTPROTO=dhcp
ONBOOT=yes
TYPE=Ethernet
USERCTL=yes
PEERDNS=no
IPV6INIT=no
PERSISTENT_DHCLIENT=yes
HWADDR=00:16:3e:0f:**:**  # Specify the MAC address of the ENI that you obtained. 
DEFROUTE=no  # Indicates that the ENI is not used for the default route. To prevent the default route of the instance from being changed when you run the ifup command to start the secondary ENI, do not specify eth1 information as the default route.

    3. Run one of the following commands to restart the network service:

      • Versions earlier than CentOS 7 and Red Hat 7, such as CentOS 6 and Red Hat 6:

        • sudo service network restart

      • CentOS 7 or later, RedHat 7 or later, and Alibaba Cloud Linux 2:

        • sudo systemctl restart network
    Note

    Before you create a custom image from the instance whose ENIs are configured, run the /etc/eni_utils/eni-cleanup command to remove network configurations from the /etc/udev/rules.d/70-persistent-net.rules and /etc/sysconfig/network-scripts/ files.

    Ubuntu or Debian

    If the instance runs Ubuntu or Debian, modify the configuration file of the secondary ENI based on the image version.

    • Ubuntu 14.04, Ubuntu 16.04, and Debian

      1. Run the following command to open the configuration file of the secondary ENI: 

        vi /etc/network/interfaces

      2. Press the I key to enter Insert mode and add information about the secondary ENI to the configuration file. Then press the Esc key to exit Insert mode and enter :wq to save and close the configuration file.

        Sample information about the secondary ENI:

        auto eth0
iface eth0 inet dhcp

auto eth1  # Specify the name of the ENI that you want to configure. 
iface eth1 inet dhcp
        Note

        The eth0 primary ENI is configured in the same configuration file in which the eth1 secondary ENI is configured. You must add information about the primary ENI to the configuration file.

      3. Run one of the following commands to restart the network service:

        • Ubuntu 14.04:

          sudo service networking restart

        • Ubuntu 16.04 and Debian:

          sudo systemctl restart networking

        The configurations of the secondary ENI take effect regardless of whether the following alert notification appears. You can run the ip address show command to check whether the IP address of the secondary ENI is recognized.warning

    • Ubuntu 18.04, 20.04, 22.04, and 24.04

      Note

      By default, Ubuntu 20.04, 22.04, and 24.04 support automatic configuration for associated secondary ENIs. If the automatic configuration is failed, refer to the following steps for manual configuration.

      1. Run the following command to open the configuration file of the secondary ENI: 

        2. vi /etc/netplan/eth1-netcfg.yaml

      2. Press the I key to enter Insert mode and add information about the secondary ENI to the configuration file. Press the Esc key to exit Insert mode and enter :wq to save and close the configuration file.

        Note

        When you modify the configuration file, take note of the following items:

        • The configuration file is in the YAML format. Follow the YAML syntax rules when you modify the configuration file.

        • Use spaces for indentation in YAML files. Tabs are not supported.

        • To prevent formatting issues, we recommend that you copy information from the default /etc/netplan/99-netcfg.yaml configuration file.

        Sample information about the secondary ENI:

        network:
  version: 2
  renderer: networkd
  ethernets:
    eth1:
      dhcp4: yes
      dhcp6: no

      3. Run the following command for the changes to the configuration file to take effect: 

        4. netplan apply

    SUSE or openSUSE

    If your instance runs SUSE or openSUSE, you must modify the configuration file of the secondary ENI.

    1. Run the following command to open the configuration file of the secondary ENI: 

      vi /etc/sysconfig/network/ifcfg-eth1

    2. Press the I key to enter Insert mode and add information about the secondary ENI to the configuration file. Press the Esc key to exit Insert mode and enter :wq to save and close the configuration file.

      In the following example, the IP address assignment method is set to Dynamic Host Configuration Protocol (DHCP):

      BOOTPROTO='dhcp4'
STARTMODE='auto'
USERCONTROL='no'

    3. Run one of the following commands to restart the network service:

      • Versions earlier than SUSE Linux Enterprise Server 12 and openSUSE 13.2:

        sudo service network restart

      • SUSE Linux Enterprise Server 12 or later, and openSUSE 13.2 or later:

        sudo systemctl restart network

    (Conditionally required) Step 4: Configure routes

    You can run the route -n command to query the current route information. If no routes are configured for the secondary ENI or if the existing routes do not meet your business requirements, you can configure route tables and rules for the secondary ENI as described in this topic. The route tables and rules help implement routing policies to forward traffic by using specific gateways. This allows you to control and manage network traffic in a finer-grained manner.

    Plan the default route based on your requirements. In this example, the sample values listed in the following table are used.

    Secondary ENI attribute

    Sample value

    ENI name

    eth1

    Primary private IP address

    192.168.**.*2

    Gateway address

    192.168.**.253

    metric

    1001

    Configure routes for a secondary ENI on an instance that runs Alibaba Cloud Linux 2 or CentOS 7

    1. Run the following command to query the route information: 

      route -n

      Sample command outputs:

      • The following command output contains only the route information of the eth0 primary ENI. No routes are configured for the eth1 secondary ENI. You must perform subsequent operations to configure routes for the secondary ENI.main-eni-route

      • The following command output contains the route information of the eth0 primary ENI and the eth1 secondary ENI. You do not need to perform subsequent operations to configure routes for the secondary ENI. If the configured routes do not meet your business requirements, you can modify the route configurations.both-eni-route

    2. Run the following commands to configure the default route: 

      ip -4 route add default via 192.168.**.253 dev eth1 metric 1001 && \
ip -4 route add default via 192.168.**.253 dev eth1 table 1001 && \
ip -4 rule add from 192.168.**.*2 lookup 1001
      Note

      You can run the preceding commands to configure the default route for the eth1 secondary ENI, create a route table, and then attach a routing policy to the table. In this example, a route table named table 1001 is created. We recommend that the name of the route table is the same as the metric value in the default route of the ENI. 192.168.**.253 is the gateway address and 192.168.*.*2 is the primary private IP address of the eth1 secondary ENI. Replace the parameter values with actual values.

    3. Run the following commands to query the created route table and routing policy: 

      ip route list table 1001 && \
ip rule list

      The following command output indicates that the route table and routing policy are created.view-route-policy

    4. Configure routes to automatically update on instance startup.

      After you configure routes for the eth1 secondary ENI, you must configure the routes to automatically update on instance startup. Otherwise, the routes become invalid when the instance is restarted.

      1. Run the following command to open the /etc/rc.local file: 

        vim /etc/rc.local

      2. Press the I key to enter Insert mode, add the following content, press the Esc key to exit Insert mode, and then enter :wq to save and close the file. 

        ip -4 route add default via 192.168.**.253 dev eth1 metric 1001
ip -4 route add default via 192.168.**.253 dev eth1 table 1001
ip -4 rule add from 192.168.**.*2 lookup 1001

      3. Run the following command to grant execute permissions on the /etc/rc.local file: 

        sudo chmod +x /etc/rc.local

    Configure routes for a secondary ENI on an instance that runs CentOS 8

    1. Run the following command to query the route information: 

      route -n

      The following command output contains the route information of the eth0 primary ENI and the eth1 secondary ENI.centos8-route

    2. Create a script that is used to configure routes.

      1. Run the following command to create and open the /home/route.sh file: 

        vi /home/route.sh

      2. Press the I key to enter Insert mode, add the following content, press the Esc key to exit Insert mode, and then enter :wq to save and close the file.

        Note

        The following sample script provides an example on how to create a route table and attach a routing policy to the route table for the eth1 secondary ENI. In this example, a route table named table 1001 is created, 192.168.**.253 is the gateway address, and 192.168.*.*2 is the primary private IP address of the eth1 secondary ENI. 

        #!/bin/bash

i=0
while true; do
        /usr/sbin/ip -4 route add default via 192.168.**.253 dev eth1 table 1001
        if [ $? -eq 0 ]; then
                break
    fi
        sleep 3
        let i++
        if [ $i -gt 10 ]; then
                exit -1
        fi
done

i=0
while true; do
        /usr/sbin/ip -4 rule add from 192.168.**.*2 lookup 1001
        if [ $? -eq 0 ]; then
                break
    fi
        sleep 3
        let i++
        if [ $i -gt 10 ]; then
                exit -1
        fi
done

    3. Run the following command to configure the default route: 

      sh /home/route.sh

    4. Run the following commands to query the created route table and routing policy: 

      ip route list table 1001 && \
ip rule list

      The following figure shows a sample command output. view-route-policy

    5. Configure routes to automatically update on instance startup.

      After you perform the preceding steps to configure routes for the eth1 secondary ENI, you must perform the following steps to configure the routes to automatically update on instance startup. Otherwise, the routes become invalid after the instance is restarted.

      1. Run the following command to open the /etc/rc.local file: 

        vim /etc/rc.local

      2. Press the I key to enter Insert mode, add the following content, press the Esc key to exit Insert mode, and then enter :wq to save and close the file. 

        sh /home/route.sh

      3. Run the following command to grant execute permissions on the /etc/rc.local file: 

        sudo chmod +x /etc/rc.local