All Products
Search

This Product

    Elastic Compute Service:IP prefixes

    Document Center

    Elastic Compute Service:IP prefixes

    Last Updated:Nov 25, 2024

    Elastic network interfaces (ENIs) support the IP prefix feature. IP prefixes are ranges of private IPv4 or IPv6 addresses in CIDR notation. You can automatically or manually assign one or more IP prefixes to a primary or secondary ENI. You can also manually unassign one or more IP prefixes from an ENI. This topic describes the benefits and limits of the IP prefix feature and how to use the feature.

    Benefits

    The IP prefix feature provides the following benefits:

    • IP addresses can be managed in a more efficient manner.

    • IP addresses can be assigned to or unassigned from Elastic Compute Service (ECS) instances in a more efficient manner, and more IP addresses can be allocated to ECS instances.

    • Individual nodes can be assigned more IP addresses in a container network that is built based on multiple IP addresses. This makes CIDR blocks easier to manage.

    Limits

    Take note of the following limits when you use the IP prefix feature:

    • Region

      The IP prefix feature is available only in the Singapore, US (Silicon Valley), US (Virginia), Philippines (Manila), Germany (Frankfurt), UK (London), Malaysia (Kuala Lumpur), Thailand (Bangkok), Indonesia (Jakarta), Japan (Tokyo), South Korea (Seoul), UAE (Dubai), SAU (Riyadh - Partner Region), China (Qingdao), China (Beijing), China (Hangzhou), China (Shenzhen), China (Shanghai), China (Hong Kong), China (Hohhot), China (Chengdu), China (Heyuan), China (Ulanqab), and China (Guangzhou) regions.

    • Scope

      The IP address prefix that you assign must be within the CIDR block of the vSwitch where your ENI resides. For more information, see the Add a reserved CIDR block section of the "Create and manage a vSwitch" topic.

    • IP addresses

      Take note of the following limits when you assign an IP prefix:

      • The subnet mask that you can specify for IPv4 prefixes is /28.

      • The subnet mask that you can specify for IPv6 prefixes is /80.

      • The IP prefix that you want to assign must be a standard CIDR block.

      • The IP prefix that you want to assign is in the reserved CIDR block of a vSwitch and does not overlap with other IP prefixes or IP addresses of existing resources in the vSwitch.

    • Number of IP prefixes

      • You can assign up to 9 IP prefixes to an available ENI in the ECS console and up to 49 IP prefixes by calling the AssignPrivateIpAddresses operation.

      • The number of IP prefixes that you can assign to an ENI in the InUse state varies based on the instance type. Each IP prefix that you assign to an ENI is considered as an IP address. Example:

        • You can assign up to six private IPv4 addresses to a single ENI of an ecs.g7.large instance. Each ENI that is associated with the instance has a primary private IPv4 address. If an ENI that is associated with the instance does not have a secondary private IPv4 address, you can assign up to five IP prefixes to the ENI. For each extra secondary private IPv4 address assigned to an ENI, you can assign one less IPv4 prefix to the ENI.

        • You can assign up to six IPv6 addresses to a single ENI of an ecs.g7.large instance. If an ENI that is associated with the instance does not have an IPv6 address, you can assign up to six IPv6 prefixes to the ENI.

          For each extra IPv6 address assigned to an ENI, you can assign one less IPv6 prefix to the ENI.

        For more information, see the columns related to the number of IP addresses per ENI in Overview of instance families.

    • Security group

      The IP prefixes that you assign to an ENI are counted against the IP address quota of the associated security group. The number of private IP addresses in a security group in a virtual private cloud (VPC) varies based on the security group type.

      • By default, a basic security group can contain up to 2,000 private IP addresses. If no other IP addresses exist in the security group, the security group can be assigned up to 2,000 IP prefixes.

      • The number of private IP addresses that an advanced security group can contain is 65,536. If no other IP addresses exist in the security group, the security group can be assigned up to 65,536 IP prefixes.

      For more information, see Basic security groups and advanced security groups.

    Use IP prefixes

    Assign IP prefixes to ENIs

    • Scenario 1: Assign an IP prefix to an existing ENI

      Use the ECS console

      On the Elastic Network Interfaces page of the ECS console, enter the IPv4 prefix that you want to assign. If you do not specify a value, an IPv4 prefix is automatically assigned. For more information, see Assign secondary private IP addresses.

      Note

      • After the IP prefix is assigned, you can configure secondary IP addresses on the associated ECS instance. For information about how to configure an IPv4 address, see Assign secondary private IP addresses. For information about how to configure an IPv6 address, see Configure an IPv6 address for an ECS instance.

      • After you bind an ENI to which an IP prefix is assigned to an ECS instance, specific images cannot automatically identify IP addresses on secondary ENIs. In this case, you must configure ENIs on the ECS instance. For more information, see Configure a secondary ENI.

      Call API operations

      • Manually assign IP prefixes

        • Call the AssignPrivateIpAddresses operation and specify the Ipv4Prefix.N parameter to assign one or more IPv4 prefixes to an ENI. Valid values of N: 1 to 10.

        • Call the AssignIpv6Addresses operation and specify the Ipv6Prefix.N parameter to assign one or more IPv6 prefixes to an ENI. Valid values of N: 1 to 10.

      • Automatically assign IP prefixes

        • Call the AssignPrivateIpAddresses operation and specify the Ipv4PrefixCount parameter to allow the system to assign a specific number of IPv4 prefixes to an ENI. Valid values: 1 to 10.

        • Call the AssignIpv6Addresses operation and specify the Ipv6PrefixCount parameter to allow the system to assign a specific number of IPv6 prefixes to an ENI. Valid values: 1 to 10.

    • Scenario 2: Assign IP prefixes when you create an ENI

      Use the ECS console

      When you create an ENI, select Specify IPv4 Prefix for the Secondary Private IPv4 Address parameter and enter the IPv4 prefix that you want to assign on the Create ENI page.

      Note

      • After the IP prefix is assigned, you can bind the ENI that is in the Available state to an ECS instance. Then, you can configure secondary IP addresses on the ECS instance. For information about how to configure an IPv4 address, see Assign secondary private IP addresses. For information about how to configure an IPv6 address, see Configure an IPv6 address for an ECS instance.

      • After you bind an ENI to which an IP prefix is assigned to an ECS instance, specific images cannot automatically identify IP addresses on secondary ENIs. In this case, you must configure ENIs on the ECS instance. For more information, see Configure a secondary ENI.

      Call API operations

      Call the CreateNetworkInterface operation and specify the corresponding parameter to assign IP prefixes.

      • Specify the Ipv4Prefix.N or Ipv6Prefix.N parameter to assign IPv4 or IPv6 prefixes.

      • Specify the Ipv4PrefixCount or Ipv6PrefixCount parameter to allow the system to assign a specific number of IPv4 or IPv6 prefixes.

    View the IP prefixes of ENIs

    Use the ECS console

    1. Log on to the ECS console.

    2. In the left-side navigation pane, choose Network & Security > Elastic Network Interfaces.

    3. In the top navigation bar, select the region and resource group to which the resource belongs. 地域

    4. On the Elastic Network Interfaces page, find the ENI that you want to manage and click Manage ENI IP Addresses in the Operation column to view the IP prefixes of the ENI.

      image.png

    Call API operations

    Unassign IP prefixes from ENIs

    You can unassign one or more IP prefixes after you assign the IP prefixes. Then, you can assign the unassigned IP prefixes to other resources.

    Use the ECS console

    You can unassign IP prefixes on the Elastic Network Interfaces page in the ECS console. For more information, see Assign secondary private IP addresses.

    Call API operations

    • Call the UnassignPrivateIpAddresses operation and specify the Ipv4Prefix parameter to unassign one or more IPv4 prefixes.

    • Call the UnassignIpv6Addresses operation and specify the Ipv6Prefix parameter to unassign one or more IPv6 prefixes.

    References

    • For information about how to modify the security group rules of an ECS instance, see Modify a security group rule.

    • You can configure event notifications in EventBridge or CloudMonitor to receive notifications about IP address events. After an IP prefix is assigned to or unassigned from an ENI, you receive a notification for the assignment or unassignment by email or DingTalk chatbot. You can obtain information about the IP prefix, such as the associated ENI ID and secondary private IP prefix, and specify the operations that you want to be automatically performed in response to the notification. For more information, see ECS events and Subscribe to ECS system event notifications.