This article explains how you can configure multiple private IPs on a single ENI and map multiple EIPs to a private IP using NAT Gateway's DNAT configuration.

By Vikram Godse, Solutions Architect

Initially each Alibaba Cloud Elastic Network Interface (ENI) could have only a single Private IP Assigned to it. One could assign multiple Network Cards to an instance depending on the Instance type. However, we have a new functionality that will allow assigning of Multiple Private IP's to one ENI. In addition, we can use the NAT Gateway to Map an Elastic IP to every Private IP that is assigned to an ENI. This allows having multiple EIP's assigned to an Elastic Compute Service (ECS) Instance in NAT Mode.

Introduction

A common requirement when building a cloud environment is to have multiple Elastic IPs (EIPs) assigned to a single ECS Instance. This document explains how you can configure this Multi-EIP to ENI mapping for an ECS Instance using NAT Gateway's DNAT configuration.

For the purpose of this document:



We have deployed an "ecs.g5.4xlarge" instance that can have up to three additional Network Interfaces. The OS is Centos 7. We have configured CPANEL on the instance to show EIP availability. We have deployed a NAT Gateway.

Prerequisites

An Alibaba Cloud account. If you don't have one already, visit the Free Trial page to sign up for a free account. An instance that can support multiple Network Cards (such as ecs.g5.4xlarge). NAT Gateway. Access to the ECS API/CLI.

Assign a Private IP to an ENI

The following CLI command will assign multiple private IPs to a single ENI

aliyuncli ecs AssignPrivateIpAddresses --AccessKeyId xxxxxxxxxxxxxxxxxx --AccessKeySecret nnnnnnnnnnnnnnnnnnnnn --NetworkInterfaceId eni-d7o0bbec73w53nxctkaz --SecondaryPrivateIpAddressCount 8

Once the IP Addresses are assigned to the Interface. These need to be activated from the Operating System, CentOS in this case. Use the following command to activate the Private IP Addresses

ifconfig eth0:1 172.16.0.118 netmask 255.255.255.0 up

Activate all the IP's and you should see them in the OS when you run the ifconfig command

Configure NAT Gateway

Set up a NAT Instance and purchase Bandwidth. One bandwidth package can assign up to 50 Public IP Addresses. However this is a soft limit and can be increased.

Now configure DNAT to map each Public IP to a corresponding Private IP as follows

The following is a summary of the Network Interfaces, the Private IPs and the Public IPs mapped to them

Test Private IP Activation

The following instance is available in the London Region where we have assigned the Private IPs.

Test EIP Availability in CPANEL/WHM (Web Hosting Manager)

CPANEL supports configuration of EIP configuration in a 1:1 NAT Mode.

CPANEL is configured on the instance. However in CPANEL we can only see the Public NAT IP of the Primary Interfaces eth0, eth1, eth2, eth3 but not of the virtual interfaces eth0:1, eth0:2, eth0:3 etc.

For virtual interfaces configured via the ECS instance's OK, we can run a command like this one:

ifconfig eth0:1 172.16.0.118 netmask 255.255.255.0 up

If you try to access the CPANEL console with the NAT IP of the Virtual Interface, it works. However CPANEL is unable to see the Public NAT IPs assigned to the virtual interfaces automatically.

To allow CPANEL to see all the NAT Public IPs, in CPANEL there is file called /var/cpanel/cpnat where you can configure the NAT IPs mapping to the Public IPs as follows:

Once the cpnat file is updated, the updated NAT Public IP's can now be seen in the CPANEL interface. Click on "Validate" to confirm the routing: a "tick mark" shows that the mapping is valid (as below):

Conclusion

In this document we have shown how to configure multiple EIPs to map to one or more private IP addresses using NAT Gateway.

Thus we can now map multiple Private IP addresses to one ENI (network interface) and using the NAT Gateway we can then map multiple Public IPs to the corresponding Private IPs of our ENIs, and these Public IPs can then be seen from within CPANEL.

Some limitations to be aware of:



The number of Private IP Addresses that can be assigned to an ENI currently is limited 20 and is dependent on the instance type. The NAT IP Bandwidth Package allows assigning only up to 50 IP Addresses. Internet bandwidth is limited to 1 Gbps.

Further Reading