Elastic network interfaces (ENIs) enable the deployment of high-availability clusters and facilitate cost-effective failover and fine-grained network management. You can modify, detach, and delete ENIs through the ECS console or OpenAPI.
Modify ENI attributes
You can modify the attributes of an ENI to meet your business needs. For a secondary ENI, you can change its name, description, and associated security groups. For the primary ENI, you can only change the name and description. To modify the security groups associated with the primary ENI, you must update the security groups associated with the ECS instance to which the ENI is bound.
Notes
Consider the following when replacing security groups associated with an ENI:
-
Security group rules for the security groups associated with an ECS instance apply to the primary ENI bound to the instance. To replace the security groups for the primary ENI, update the security groups for the ECS instance to which it is bound. For more information, see Add, remove, or replace security groups for an instance.
A secondary ENI must be associated with at least one security group. Each secondary ENI of an ECS instance can be associated with a limited number of security groups. For more information, see the Security group limits section of the "Limits" topic.
The secondary ENIs of an ECS instance and the security groups to which you want to add the secondary ENIs must use the same network type. If the secondary ENIs of the ECS instance and the security groups use the VPC network type, they must belong to the same VPC.
A secondary ENI can be added only to security groups that are of the same type (basic or advanced). For more information, see Basic security groups and advanced security groups.
Procedure
To modify the names, descriptions, and security groups associated with primary and secondary ENIs, use the ECS console or call an API operation.
Modify in the console
Log on to the ECS console.
In the left-side navigation pane, choose .
In the top navigation bar, select the region and resource group to which the resource belongs.
-
Click the ID of the ENI you want to modify to access the ENI details page.
-
ENI Name: Click the
icon and follow the on-screen instructions to set a new ENI name. -
Description: Click the
icon and follow the on-screen instructions to modify the ENI description. -
Replace Security Groups: Click Replace Security Groups. In the Replace Security Groups dialog box, select new security groups to add or remove the ENI from existing security groups. At least one security group must be retained.
-
Modify through API
-
Call the ModifyNetworkInterfaceAttribute operation to change the name, description, and associated security groups of an ENI. For more information, see ModifyNetworkInterfaceAttribute.
-
After successful modification, call DescribeNetworkInterfaceAttribute to query the attributes of the target ENI specified by NetworkInterfaceId.
Detach ENI
You can detach secondary ENIs that are not needed from your instance.
Conditions
-
The primary ENI is released with the instance and cannot be detached.
-
The instance to which the ENI is bound must be in the Stopped or Running state.
Some instance types do not support hot swapping. Detach secondary ENIs only when the instance is in the Stopped state.
-
If your secondary ENI has eRDMA capability enabled (ENI Type is identified as Secondary ENI (elastic RDMA Interface)), ensure no applications are using eRDMA before detaching. Otherwise, the eRDMA kernel cannot be properly detached because the user-mode process has not ended.
-
Remotely connect to the Linux instance.
For more information, see Log on to a Linux instance by using the SSH protocol in Workbench.
-
Run the following command to view the reference count of the eRDMA kernel module.
lsmod | grep erdma-
If 0 is returned, no action is required.
-
If a non-zero value is returned, eRDMA is being used by applications. Stop the applications using eRDMA.
-
-
Query and stop the applications using eRDMA until the reference count of the eRDMA kernel module reaches 0.
Example command:
-
Procedure
Detach through the console
-
Log on to the ECS console.
-
In the left-side navigation pane, select .
-
At the top of the left side of the page, select the resource group and region to which the target resource belongs.
-
Find the target secondary ENI in the Bound state. In the Actions column, click Detach From Instance.
-
In the Detach From Instance dialog box, confirm the information and click OK.
Refresh the list. When the status of the ENI changes to Pending, the ENI is successfully detached from the instance.
Detach through API
You can call DetachNetworkInterface to detach an ENI from an instance. Specify the NetworkInterfaceId of the target ENI and the InstanceId of the instance.
After detaching an ENI from an instance, you can attach it to another existing ECS instance in the same VPC and zone. You can also reuse the network configuration and ENI features by selecting an ENI in the Pending state in the same VPC and zone as the primary or secondary ENI when creating an instance.
For more information about attaching ENIs, see Attach an ENI to an instance.
Classify and manage ENIs
As the number of cloud resources grows, management complexity increases. To better manage your resources, use tags to categorize and label resources with common characteristics, such as ENIs that belong to the same organization or serve the same purpose.
Tags facilitate the easy retrieval and management of resources and enable fine-grained resource management. For more information about tags, supported resources, and limits, see Tags and Tag limits.
Procedure
Log on to the ECS console.
In the left-side navigation pane, choose .
In the top navigation bar, select the region and resource group to which the resource belongs.
Locate the desired ENI. In the Tags column, hover your mouse over the
icon and take one of the following actions:If the ENI has no associated tags, click Bind .
If the ENI already has tags, click Edit .
In the Edit Tags dialog box, you can select existing tags or enter new tag keys and values. Then, click OK .
Delete ENI
If an ENI is no longer required, you can delete it after detaching to prevent unnecessary resource consumption.
Prerequisites
-
The ENI must be in the Pending state to be deleted.
The primary ENI cannot be detached from the instance but is released with the instance.
-
If the secondary ENI is attached to an ECS instance, detach it first. For more information, see Detach ENI.
Notes
-
If the Release With Instance feature is enabled for an ENI, it will be deleted when the instance is released, provided it is not detached from the instance.
-
Deleting an ENI automatically releases all private IP addresses on it and removes it from all joined security groups.
-
The Elastic IP Address (EIP) associated with the ENI will not be released upon deletion of the ENI. If the EIP is no longer needed, release it separately to stop incurring charges. For instructions, see release pay-as-you-go EIP instance.
Procedure
Delete through the console
-
Log on to the ECS console.
-
In the left-side navigation pane, select .
-
At the top of the left side of the page, select the resource group and region to which the target resource belongs.
-
Locate the target ENI in the Pending state. In the Actions column, select
> Delete. -
In the confirmation dialog box, click OK.
Refresh the list. If the ENI no longer appears, it has been successfully deleted.
Delete through API
Call DeleteNetworkInterface to delete an ENI. Specify the NetworkInterfaceId of the target ENI.