AWS

How to configure multiple AWS EC2 Elastic Network Interface ENI in Linux instance

AWS EC2 instance by-default will have one ENI with private / public IP address .In some cases need 2 or more separate IP address for high availability solutions, multiple web deployments or to separate the management ,administration and public traffic .In AWS we can create additional ENI NIC and can attach to instance .

Elastic Network Interface (ENI) properties:

Every instance in a VPC has a default network interface, called the primary network interface(eth0).You cannot detach a primary network interface from an instance.

The maximum number of network interfaces that you can use varies by instance type. You can refer the AWS Link http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html#AvailableIpPerENI

You can create a network interface (eth1 ,eth2)  attach it to an instance, detach it from an instance, and attach it to another instance in the same availability zone.When you move a network interface from one instance to another, network traffic is redirected to the new instance.You can detach secondary (ethN) network interfaces when the instance is running or stopped .

You can attach a network interface to an instance when it’s running (hot attach), when it’s stopped (warm attach), or when the instance is being launched (cold attach).

A warm or hot attach of an additional network interface may require you to manually bring up the second interface, configure the private IPv4 address, and modify the route table accordingly.

Additional interface maintains its private IP addresses, Elastic IP addresses, and MAC address . This feature is useful when you are going with hardware based license where MAC address should not change. (with MAC address based) .

You can allocate multiple private and Elastic IP address (based on Instance type) for additional NIC card .

You can assign static and dhcp IP addresses to ENI.

You have to attach security group for additional ENI separately . Its not mean that it will work with based on sg attached to instance.

You can associate an IPv6 CIDR block with your VPC and subnet, and assign one or more IPv6 addresses from the subnet range to a network interface.

I hope this basics will help , now will see the main objective.

How to configure additional Elastic Network interface in same subnet in Linux:

When you are adding additional ENI , you have to manually configure route, rules,default gateway  in EC2 linux instances.Cent OS,Redhat Linux,Suse Linux,Ubuntu etc..

Amazon Linux AMIs may contain additional scripts installed by AWS, known as ec2-net-utils. These scripts optionally automate the configuration of your network interfaces. These scripts are available for Amazon Linux only.

For example we have taken 1 cent os and 1 Redhat Linux (web server) instances. Lets assign additional NIC card in the same subnet.

Existing NIC card information:

In EC2 Dashboard Left Navigation Panel click “Network Interfaces

Click “Create Network Interface” to create additional ENI

Enter the subnet details. ENI can not span across different zones.

Private IP address can leave it blank to assign automatically by aws from the specified subnet

Select the Security group  and click create

New ENI  “centos ENI2″created in zone a.Stauts shows as “Available”

Centos server existing NIC card information – From the OS:

Now lets atttach the new ENI
select the network interface and click “attach

Select the instance and click attach

After attachment status changed to “In-use”

In instance description now showing 2nd NIC card with IP address 172.31.24.3

Now eth1 detected within OS automatically . But ip address not shows. we need to define within OS .

In /etc/sysconfig/network-secripts/ifcfg-eth0 copy and make a new file name as /etc/sysconfig/network-secripts/ifcfg-eth1  and edit the IP details as mentioned below. You can mention static or DHCP also.

Now enter the command “ifup eth1” if config files are correct eth1 NIC card will get IP address . This is persistent across reboot .

Normally if you add the second NIC card the server will respond with any one IP address from outside . So you have to enter separate route and rules for each NIC card as below .

In /etc/sysconfig/network-scripts create 2 files
route-eth0
route-eth1

Edit the route files with following entries . In this entries we are defining each NIC card default gateway with IP address and tables.
so each interface now easily identify gatway IP , device without any conflict .

172.31.16.0 is a CIDR of default VPC in us-west-2a . You can use any allowed range CIDR

In /etc/sysconfig/network-scripts create 2 files
rule-eth0
rule-eth1

Now all the required configuration files are created. It will persistent across reboot also.restart the network service .

systemctl restart network.service

Now try to ping another “web server ” with both IP address.Able to get response from both IP.

Perform stop and start test also from console.

You can easily attach Elastic public  IP address to the 2nd ENI eth1 also.

Good Luck!

Tagged

Leave a Reply

Your email address will not be published. Required fields are marked *