Understanding AWS Elastic Network Interface (ENI)
In the AWS environment, ENIs offer many features and benefits. They enable you to assign multiple private IP addresses to your instances. Additionally, ENIs can be attached or detached from instances on the fly, providing flexibility in managing your infrastructure. This article dives deep into ENIs—what they are and how they work—and provides a hands-on demo on how to create and attach an ENI.
What is an Elastic Network Interface (ENI)?
An Elastic Network Interface (ENI) is a virtual network card that you can attach to instances that you launch in the same Availability Zone. You can create, attach, detach, and manage ENIs independently of EC2 instances.
When you move a network interface from one instance to another, network traffic is redirected from the original example to the new instance.
Key ENI attributes:
Primary Private IP Address: Each ENI must have a primary private IP, which cannot be removed.
Secondary Private IP Addresses: Optionally, ENIs can have multiple secondary private IPs for handling different workloads.
Elastic IP Addresses: You can associate an Elastic IP (EIP) with the ENI’s primary or secondary private IP, allowing external access.
MAC Address: Each ENI comes with its own unique MAC address.
Security Groups: ENIs can have one or more security groups that define inbound and outbound traffic rules.
Attachment to Subnet: ENIs must belong to a specific subnet within a VPC.
Let us look at the types of ENI Configurations
Primary ENI (Default): Each EC2 instance has a primary ENI by default, which is created when the instance is launched. This primary ENI is tied to the instance for its entire lifecycle and cannot be detached.
Secondary ENI (Additional): Secondary ENIs can be created and attached to instances. These are useful when an EC2 instance requires multiple network interfaces. For instance, a web server that must handle traffic from multiple subnets.
Detached ENI: An ENI can be detached from one instance and reattached to another. This capability allows you to transfer the network configuration of one EC2 instance to another without network downtime, an advantage in failover scenarios.
Here are some of the benefits of using Elastic Network Interfaces
High availability: ENIs are highly available. If one ENI fails, another ENI will automatically take its place.
Scalability: ENIs are scalable. You can easily add or remove ENIs from your EC2 instances as needed.
Flexibility: ENIs can be used to connect to a variety of AWS services and networks.
Let’s dive into the Demo.
Step 1: Launch Two EC2 Instances:
For this demo, make sure you have two EC2 instances up and running. I have two instances running server1 and server2.
Step 2: Check Network Interfaces:
Go to Instances under the EC2 dashboard.
Select each instance, and go to the Networking tab.
Scroll down to check the Network Interfaces section to see the attached ENIs. For server1 we can see the ENI. Each instance has an ENI with a primary private IPv4.
Repeating the same for server 2 we can see the ENI.
For the above ENIs, we can observe no Elastic IPs attached, which demonstrates you can attach an Elastic IP address to the ENIs.
You can also view the ENIs by selecting Network Interfaces on the left side of the EC2 dashboard.
Step 3 we will now create a new ENI:
Click Create network interface.
Set Description
Select a Subnet (same AZ as instances, e.g., us-east-1a).
Enable Auto-assign private IPv4.
Attach a Security group then click Create network interface.
Step 4: Attaching new ENI to an Instance:
Select the newly created ENI.
Click Actions > Attach.
Choose VPC and instance to attach it to from the drop-down buttons. (e.g., the first instance).
Confirm attachment.
Check the instance’s Networking tab to see the new ENI. We can see the demo ENI under Network Interfaces.
Step 5: Network Failover demostration:
Detach the new ENI from the first instance.
Click Actions > Detach (use force detach if necessary).
Attach the ENI to the second instance. Click actions then select Attach.
Check the second instance’s Networking tab to see the new ENI.
Step 6: Terminate Instances and Observe ENIs
Terminate both instances.
Check Network Interfaces.
The ENIs created with the instances will be deleted.
The manually created ENI will remain as can be shown.
Manually delete the newly created ENI to clean up.
Key Points:
ENI: Virtual network card providing network connectivity.
Flexibility: Attach/detach ENIs between instances for failover.
High Availability: Move ENIs between instances for minimal downtime.
Persistence: Manually created ENIs persist after instance termination.
Conclusion
Understanding how ENIs function and how to implement them is crucial for optimizing AWS network configurations. ENIs can improve the fault tolerance of your network setup. For instance, if you attach an ENI to a backup EC2 instance, the backup instance can take over immediately in case the primary instance fails.
Thanks for reading and stay tuned for more.
If you have any questions concerning this article or have an AWS project that requires our assistance, please reach out to us by leaving a comment below or email us at [email protected].
Thank you!