Updated on 2024-10-25 GMT+08:00

Creating a Supplementary Network Interface

Scenarios

If the number of network interfaces attached to an instance exceeds the upper limit, you can attach supplementary network interfaces to the network interfaces, including the primary and extended network interfaces, of the instance. This helps you set up flexible and highly available networks.

Notes and Constraints

  • Supplementary network interfaces must be in the same VPC as the network interface they are attached to, but can be in different subnets and security groups.
  • After supplementary network interfaces are created, you need to create VLAN subinterfaces on the network interface of the instance and configure corresponding rules by referring to Configuring a Supplementary Network Interface.

Creating a Supplementary Network Interface

  1. Go to the supplementary network interface list page.
  2. In the upper right corner of the page, click Create Supplementary Network Interface.
  3. Configure the parameters based on Table 1.
    Table 1 Parameter descriptions

    Parameter

    Description

    Example Value

    Region

    Region where the supplementary network interface is to be created. Select the region nearest to you to ensure the lowest latency possible.

    EU-Dublin

    Network Interface

    Network interface that the supplementary network interface you want to attach to.

    Select an elastic network interface from the drop-down list.

    --(172.16.0.145)

    VPC

    VPC that the supplementary network interface belongs to. You do not need to set this parameter.

    vpc-A

    Subnet

    Subnet where the supplementary network interface is to be created.

    subnet-A01

    Quantity

    Number of supplementary network interfaces to be created.

    1

    Private IP Address

    Whether to assign a private IPv4 address or IPv6 address to the supplementary network interface. There are two options:
    • Private IPv4 network: a private IPv4 address will be assigned. This option is selected by default and cannot be deselected.
    • IPv6 network (Public and private network traffic): a private IPv6 address will be assigned. Both private and public IPv6 networks are supported.

      IPv6 is shown only when IPv6 is enabled for the subnet of the supplementary network interface.

    IPv4

    IPv4 Address

    How a private IPv4 address will be assigned to the supplementary network interface. There are two options:
    • Automatically assign IP address: The system assigns an IP address from the subnet.
    • Manually specify IP address: You can specify an IP address.

      If you select Manually specify IP address, enter a private IPv4 address.

    Automatically assign IP address

    IPv6 Address

    How a IPv6 address will be assigned to the supplementary network interface if IPv6 network (Public and private network traffic) is selected for Private IP Address.

    There are two options:
    • Automatically assign IP address: The system assigns an IP address from the subnet.
    • Manually specify IP address: You can specify an IP address.

      If you select Manually specify IP address, enter a IPv6 address.

    Automatically assign IP address

    Security Group

    Security group that the supplementary network interface will be associated with.

    sg-001

    Description

    (Optional) Description of the supplementary network interface.

    The description can contain a maximum of 255 characters and cannot contain angle brackets (< or >).

    -

  4. Click Create Now.

    To use a supplementary network interface, you need to create a VLAN subinterface by referring to Configuring a Supplementary Network Interface.

Configuring a Supplementary Network Interface

After a supplementary network interface is created, you need to create a VLAN subinterface and configure a private IP address and default routes for the supplementary network interface.

Before doing so, you need to obtain:

  • The information described in Table 2 when you configure supplementary network interfaces for a Linux ECS.
  • The information described in Table 2 and Table 3 when you configure supplementary network interfaces for a Windows ECS.
    Table 2 Information about a supplement network interface and subnet

    Item

    How to Obtain

    VLAN ID

    1. In the supplementary network interface list, click the private IP address of the target supplementary network interface.

      The Summary page is displayed.

    2. On the displayed page, check and record the following information:
      • VLAN ID
      • MAC address
      • Private IP address

    MAC address

    Private IP address

    Subnet mask

    1. In the Network Information on the Summary page, click the name of the subnet where the supplementary network interface is created.

      The Summary page of the subnet is displayed.

    2. On the displayed page, check and record the following information:
      • Subnet mask: subnet mask of the IPv4 CIDR block. For example, if the IPv4 CIDR block is 192.168.0.0/24, the mask is 24.
      • Subnet gateway: In the Gateway and DNS Information area, check the gateway address.

    Gateway address

    Table 3 Information about the network interface and subnet to which the supplementary network interface belongs

    Item

    How to Obtain

    MAC address

    1. In the ECS list, click the name of the ECS attached to the network interface.

      The Summary page is displayed.

    2. Switch to the Network Interface tab and click to check and record the following information:
      • MAC address
      • Private IP address

    Private IP address

    Subnet mask

    1. In the network interface list, click the private IP address of the target network interface.

      The Summary page is displayed.

    2. In the Network Information area, click the name of the subnet where the network interface is created.

      The Summary page of the subnet is displayed.

    3. On the displayed page, check and record the following information:
      • Subnet mask: subnet mask of the IPv4 CIDR block. For example, if the IPv4 CIDR block is 192.168.0.0/24, the mask is 24.
      • Subnet gateway: In the Gateway and DNS Information area, check the gateway address.

    Gateway address

The following describes how to create a VLAN subinterface on the network interface of a Linux ECS. CentOS 7.8 is used as an example. In this example, the information about the supplementary network interface and subnet is as follows:
  • VLAN ID: 1937
  • MAC address: fa:16:3e:6d:c5:5a
  • Private IP address: 192.168.0.149
  • Subnet mask: 24
  • Subnet gateway address: 192.168.0.1

This example describes how to configure the supplementary network interface for the primary network interface of an ECS. If you want to do the same thing for the extended network interface of the ECS, follow the similar steps.

  1. Log in to the ECS.

  2. Run the following command to check and record the network interface name of the ECS:

    ifconfig

    Information similar to the following is displayed. In this example, the network interface name is eth0.
    [root@ecs-subeni-linux ~]# ifconfig
    eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
            inet 192.168.0.125  netmask 255.255.255.0  broadcast 192.168.0.255
            inet6 fe80::f816:3eff:fe6d:c542  prefixlen 64  scopeid 0x20<link>
            ether fa:16:3e:6d:c5:42  txqueuelen 1000  (Ethernet)
            RX packets 78131  bytes 111604802 (106.4 MiB)
            RX errors 0  dropped 0  overruns 0  frame 0
            TX packets 8686  bytes 1422159 (1.3 MiB)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
    ...
  3. Run the following command to create a VLAN subinterface on a network interface:

    ip link add link network-interface-name name VLAN-subinterface-name type vlan id VLAN-ID-of-the-supplementary-network-interface

    Variables in the preceding command are as follows:
    • Network interface name: the network interface name queried in 2. In this example, the name is eth0.
    • VLAN subinterface name: Name the subinterface in the format of network-interface-name.VLAN-ID-of-the-supplementary-network-interface. In this example, the VLAN subinterface name is eth0.1937.
    • VLAN ID of the supplementary network interface: In this example, the ID is 1937.

    Example command:

    ip link add link eth0 name eth0.1937 type vlan id 1937

  4. Run the following command to create a namespace:

    ip netns add namespace-name

    Namespace name: Name it in the format of nssupplementary-network-interface-VLAN-D. In this example, the name is ns1937.

    Example command:

    ip netns add ns1937

  5. Run the following command to add a VLAN subinterface to a namespace:

    ip link set VLAN-subinterface-name netns namespace-name

    Example command:

    ip link set eth0.1937 netns ns1937

  6. Run the following command to change the MAC address of the VLAN subinterface to that of the supplementary network interface:

    ip netns exec namespace-name ifconfig VLAN-subinterface-name hw ether MAC-address-of-the-supplementary-network-interface

    Example command:

    ip netns exec ns1937 ifconfig eth0.1937 hw ether fa:16:3e:6d:c5:5a

  7. Run the following command to enable the VLAN subinterface:

    ip netns exec namespace-name ifconfig VLAN-subinterface-name up

    Example command:

    ip netns exec ns1937 ifconfig eth0.1937 up

  8. Run the following command to configure a private IP address for the VLAN subinterface:

    ip netns exec namespace-name ip addr add private-IP-address dev VLAN-subinterface-name

    Private IP address: private IP address of the supplementary network interface/subnet mask. In this example, the value is 192.168.0.149/24.

    Example command:

    ip netns exec ns1937 ip addr add 192.168.0.149/24 dev eth0.1937

  9. Run the following command to configure the default route for the VLAN subinterface:

    ip netns exec namespace-name ip route add default via gateway-address-of-the-subnet-where-the-supplementary-network-interface-is-created

    Example command:

    ip netns exec ns1937 ip route add default via 192.168.0.1

  10. Check whether the supplementary network interface has worked.
    1. Run the following command to verify the connectivity between network interface eth0 and the test ECS:

      ping private-IP-address-of-the-test-ECS

      Plan the same VPC and security group for the test ECS and the ECS with network interface eth0 attached. This allows the two ECSs to communicate with each other by default.

      Example command:

      ping 192.168.0.133

      If information similar to the following is displayed, the two ECSs can communicate with each other.
      [root@ecs-subeni-linux ~]# ping 192.168.0.133
      PING 192.168.0.133 (192.168.0.133) 56(84) bytes of data.
      64 bytes from 192.168.0.133: icmp_seq=1 ttl=64 time=0.302 ms
      64 bytes from 192.168.0.133: icmp_seq=2 ttl=64 time=0.262 ms
      ...
      --- 192.168.0.133 ping statistics ---
      2 packets transmitted, 2 received, 0% packet loss, time 999ms
      rtt min/avg/max/mdev = 0.262/0.282/0.302/0.020 ms
    2. Run the following command to verify the connectivity between the supplementary network interface of eth0 and the test ECS:

      ip netns exec namespace-name ping private-IP-address-of-the-test-ECS

      Plan the same VPC and security group for the test ECS and the ECS with the supplementary network interface attached. This allows the two ECSs to communicate with each other by default.

      Example command:

      ip netns exec ns1937 ping 192.168.0.133

      If information similar to the following is displayed, the two ECSs can communicate with each other. This means the supplementary network interface has worked.

      [root@ecs-subeni-linux ~]# ip netns exec ns1937 ping 192.168.0.133
      PING 192.168.0.133 (192.168.0.133) 56(84) bytes of data.
      64 bytes from 192.168.0.133: icmp_seq=1 ttl=64 time=0.420 ms
      64 bytes from 192.168.0.133: icmp_seq=2 ttl=64 time=0.233 ms
      ...
      --- 192.168.0.133 ping statistics ---
      2 packets transmitted, 2 received, 0% packet loss, time 999ms
      rtt min/avg/max/mdev = 0.233/0.326/0.420/0.095 ms
  1. (Optional) Remotely log in to the ECS using the private IP address of the supplementary network interface attached to the ECS.
    1. Add an inbound rule to allow traffic over SSH port 22 to the security group associated with the supplementary network interface.
      For details, see Adding a Security Group Rule.
      Table 4 A security group rule that allows traffic over SSH port 22

      Direction

      Priority

      Action

      Type

      Protocol & Port

      Source

      Inbound

      1

      Allow

      IPv4

      TCP: 22

      Set the IP address based service requirements. For example, to remotely log in to the ECS from a local PC, set the source to the IP address of the local PC.

    2. Run the following command to check whether port 22 in the namespace is listened on:

      ip netns exec namespace-name netstat -antp | grep 22

      Example command:

      ip netns exec ns1937 netstat -antp | grep 22
      • If the command output is empty, port 22 in the namespace is not listened on. Go to 11.c.
      • If information similar to the following is displayed, port 22 is listened on. No further action is required.
        [root@ecs-subeni-linux ~]# ip netns exec ns1937 netstat -antp | grep 22
        tcp        0      0 0.0.0.0:22        0.0.0.0:*        LISTEN      2797/sshd           
        tcp6       0      0 :::22            :::*             LISTEN      2979/sshd
    3. Run the following command to start the SSH service and enable listening port 22:

      ip netns exec namespace-name /sbin/sshd

      Example command:

      ip netns exec ns1937 /sbin/sshd

    4. Run the following command to check whether port 22 in the namespace is listened on:

      ip netns exec namespace-name netstat -antp | grep 22

      Example command:

      ip netns exec ns1937 netstat -antp | grep 22

      If information similar to the following is displayed, port 22 is listened on:
      [root@ecs-subeni-linux ~]# ip netns exec ns1937 netstat -antp | grep 22
      tcp        0      0 0.0.0.0:22        0.0.0.0:*        LISTEN      2797/sshd           
      tcp6       0      0 :::22            :::*             LISTEN      2979/sshd
The following describes how to create a VLAN subinterface on the network interface of a Windows ECS. Windows Server 2019 Standard 64bit is used as an example. In this example, the information about the supplementary network interface, primary network interface, and subnet is as follows:
  • Supplementary network interface
    • VLAN ID: 1229
    • MAC address: fa:16:3e:6d:c5:db
    • Private IP address: 192.168.0.22
    • Subnet mask: 24 (255.255.255.0)
    • Subnet gateway address: 192.168.0.1
  • Primary network interface
    • MAC address: fa:16:3e:6d:c5:d5
    • Private IP address: 192.168.0.16
    • Subnet mask: 24 (255.255.255.0)
    • Subnet gateway address: 192.168.0.1

    This example describes how to configure the supplementary network interface for the primary network interface of an ECS. If you want to do the same thing for the extended network interface of the ECS, follow the similar steps.

  1. Log in to the ECS.

  2. Enter Windows PowerShell in the search box in the lower left corner of the desktop and press Enter.
  3. On the displayed window, run the following command to query the Ethernet adapter information of the network interface:

    ipconfig

    Information similar to the following is displayed. In this example, the Ethernet adapter name is tap7888b905-ee.

  4. Create a bond group.
    1. Run the following command to create a bond group for the user-defined VLAN:

      New-NetLbfoTeam -Name bond-group-name -TeamMembers "Ethernet-adapter-name-of-the-network-interface" -TeamingMode SwitchIndependent -LoadBalancingAlgorithm IPAddresses -Confirm:$false

      Variables in the preceding command are as follows:

      • Bond group name: the bond group name of the user-defined VLAN. In this example, the bond group name is Team1.
      • Ethernet adapter name of network interface: information queried in 3. In this example, the name is tap7888b905-ee.

      Example command:

      New-NetLbfoTeam -Name Team1 -TeamMembers "tap7888b905-ee" -TeamingMode SwitchIndependent -LoadBalancingAlgorithm IPAddresses -Confirm:$false

      Information similar to the following is displayed.

    2. Run the following commands to query the bond group you have created:

      Get-NetLbfoTeamMember

      Information similar to the following is displayed.

      Get-NetAdapter

      Information similar to the following is displayed:

  5. Configure a user-defined VLAN network.
    1. Run the following command to create a VLAN subinterface:

      Add-NetLbfoTeamNIC -Team "bond-group-name" -VlanID VLAN-ID-of-the-supplementary-network-interface -Confirm:$false

      Example command:

      Add-NetLbfoTeamNIC -Team "Team1" -VlanID 2242 -Confirm:$false

      Information similar to the following is displayed:

    2. Run the following command to open the Network Connections page:

      ncpa.cpl

      On the displayed page, Team1 is the bond group created in 4.a, and Team1 – VLAN 2242 is the VLAN subinterface created in 5.a.

  6. Configure the network for the network interface.
    1. On the Network Connections page, double-click Team1.

      The Team1 Status page is displayed.

    2. On the Team1 Status page, click Properties.

      The Team1 Properties page is displayed.

    3. On the Team1 Properties page, click Configure....

      The Microsoft Network Adapter Multiplexor Driver Properties page is displayed.

    4. On the Microsoft Network Adapter Multiplexor Driver Properties page, choose the Advanced tab, click MAC Address, enter the MAC address of the network interface, and click OK.

      When entering the MAC address, remove the colons (:) and use the uppercase letters. For example, if the MAC address of the network interface is fa:16:3e:6d:c5:d5, enter FA163E6DC5D5.

    5. Return to the Team1 Properties page, double-click Internet Protocol Version 4 (TCP/IPv4).

      The Internet Protocol Version 4 (TCP/IPv4) Properties page is displayed.

    6. On the Internet Protocol Version 4 (TCP/IPv4) Properties page, configure the network information of the network interface and click OK.
      • Select Use the following IP address:.
      • IP address: Enter the private IP address of the network interface. In this example, the private IP address is 192.168.0.16.
      • Subnet mask: Enter the mask of the subnet where the network interface is created. In this example, the mask is 255.255.255.0.
      • Default gateway: Enter the gateway of the subnet where the network interface is created. In this example, the gateway is 192.168.0.1.

    7. On the Team1 Properties page, click OK to save the settings.

    8. Return to the Team1 Status page and click Details....
      On the Network Connection Details page, check whether the following information is correctly configured:
      • Physical Address: MAC address of the network interface.
      • IPv4 Address: the private IP address of the network interface.
      • IPv4 Subnet Mask: the mask of the subnet where the network interface is created.
      • IPv4 Default Gateway: the gateway of the subnet where the network interface is created.

    9. Check the settings and click Close.

      The Network Connections page is displayed.

  7. Configure the network for the supplementary network interface.
    1. On the Network Connections page, double-click Team1 - VLAN 2242.

      The Team1 - VLAN 2242 Status page is displayed.

    2. On the Team1 - VLAN 2242 Status page, click Properties.

      The Team1 - VLAN 2242 Properties page is displayed.

    3. On the Team1 - VLAN 2242 Properties page, click Configure....

      The Microsoft Network Adapter Multiplexor Driver #2 Properties page is displayed.

    4. On the Microsoft Network Adapter Multiplexor Driver #2 Properties page, choose the Advanced tab, click MAC Address, enter the MAC address of the supplementary network interface, and click OK.

      When entering the MAC address, remove the colons (:) and use the uppercase letters. For example, if the MAC address of the supplementary network interface is fa:16:3e:6d:c5:db, enter FA163E6DC5DB.

    5. Return to the Team1 - VLAN 2242 Properties page, double-click Internet Protocol Version 4 (TCP/IPv4).

      The Internet Protocol Version 4 (TCP/IPv4) Properties page is displayed.

    6. On the Internet Protocol Version 4 (TCP/IPv4) Properties page, configure the network information of the supplementary network interface and click OK.
      • Select Use the following IP address:.
      • IP address: Enter the private IP address of the supplementary network interface. In this example, the private IP address is 192.168.0.22.
      • Subnet mask: Enter the mask of the subnet where the supplementary network interface is created. In this example, the mask is 255.255.255.0.
      • Default gateway: Enter the gateway of the subnet where the supplementary network interface is created. In this example, the gateway is 192.168.0.1.

      If the following warning is displayed, click Yes to close the dialog box.

    7. On the Team1 - VLAN 2242 Properties page, click OK to save the settings.

    8. Return to the Team1 - VLAN 2242 Status page and click Details....
      On the Network Connection Details page, check whether the following information is correctly configured:
      • Physical Address: MAC address of the supplementary network interface.
      • IPv4 Address: the private IP address of the supplementary network interface.
      • IPv4 Subnet Mask: the mask of the subnet where the supplementary network interface is created.
      • IPv4 Default Gateway: the gateway of the subnet where the supplementary network interface is created.

    9. Check the settings and click Close.
  8. On the Windows PowerShell CLI page, check whether the network interface and supplementary network interface are connected to the test ECS.
    1. Run the following command to verify the connectivity between network interface eth0 and the test ECS:

      Ping private-IP-address-of-the-test-ECS -S private-IP-address-of-the-network-interface

      Plan the same VPC and security group for the test ECS and the ECS with network interface eth0 attached. This allows the two ECSs to communicate with each other by default.

      Example command:

      Ping 192.168.0.133 -S 192.168.0.16

      If information similar to the following is displayed, the two ECSs can communicate with each other.

    2. Run the following command to verify the connectivity between the supplementary network interface of eth0 and the test ECS:

      Ping private-IP-address-of-the-test-ECS -S private-IP-address-of-the-supplementary-network-interface

      Plan the same VPC and security group for the test ECS and the ECS with the supplementary network interface attached. This allows the two ECSs to communicate with each other by default.

      Example command:

      Ping 192.168.0.133 -S 192.168.0.22

      If information similar to the following is displayed, the two ECSs can communicate with each other.