Multiple EC2 Network Interfaces on Red Hat / CentOS 7
If you’re not running Amazon Linux with the built in network interface management tools, adding multiple ENIs on the same subnet can be a confusing experience. We use this sometimes to run multiple elastic IPs on separate network interfaces so we can bind to them separately.
We worked through this with Amazon support recently and thought we should share a quick overview of how to do this on Red Hat / CentOS 7.
1. Force your default gateway to be eth0
Edit /etc/sysconfig/network and add:
GATEWAYDEV=eth0
Not doing this left the default gateway of the main routing table set to the last interface to be configured, which caused some strange behavior.
2. Configure each additional interface you’ve added
In /etc/sysconfig/network-scripts, create an ifcfg-ethX for each new interface.
Modify:
1. The DEVICE name to match the ENI.
DEVICE="eth1" BOOTPROTO="dhcp" ONBOOT="yes" TYPE="Ethernet" USERCTL="yes" PEERDNS="yes" IPV6INIT="no" PERSISTENT_DHCLIENT="1"
3. Add a custom route for each additional interface
Again in /etc/sysconfig/network-scripts, create a route-ethX file for each interface.
Modify:
1. The device name
2. Increment the table number
3. The gateway to your VPC subnet’s gateway.
4. Change the source IP to the assigned internal network address of the ENI.
default via 10.0.0.1 dev eth1 table 2 10.0.0.0/24 dev eth1 src 10.0.0.10 table 2
4. Add a custom rule for each additional interface
Also in /etc/sysconfig/network-scripts, create a rule-ethX for each interface.
Modify:
1. Increment the table number to match route-ethX
2. Change the IP to the assigned internal network address of the ENI.
from 10.0.0.10/32 table 2
Restart the network service and you should be up and running. You can confirm with “ip rule”:
# ip rule 0: from all lookup local 32764: from 10.0.0.10 lookup 3 32765: from 10.0.0.11 lookup 2 32766: from all lookup main 32767: from all lookup default
Note that Amazon suggested a custom route and rule for eth0, but we found allowing eth0 to use the default main routing table not only worked but was more flexible.
March 8, 2016 @ 2:57 am
Hi, thanks for the useful article, I am trying to configure 2 ENIs on one instance, each ENI has multiple private IP addresses associated with it. Could you please explain a bit what the correct settings are for the route files?
default via 10.0.0.1 dev eth1 table 2
10.0.0.0/24 dev eth1 src 10.0.0.10 table 2
is 10.0.0.1 the gateway here?
what is 10.0.0.0/24? The address(s) that belong to the ENI?
what is 10.0.0.10?
Also, if I have 2 ENIs each with 8 ips how many route files do I need?
Thanks in advance
March 9, 2016 @ 7:22 am
Hi Russell,
10.0.0.1 is the VPC gateway.
10.0.0.0/24 is the subnet netmask.
10.0.0.10 is the IP address of the additional ENI.
I’m afraid I haven’t extended this to multiple IPs per additional ENI yet. I would suspect you’d simply need to extend the route-ethX config to make sure those IPs were routed *out* of the correct interface.
January 13, 2017 @ 10:07 pm
Late is better than never, right?
You can simply set the “from” in your IP rules to be the CIDR of the subnet that said interface is located within 🙂
August 27, 2018 @ 11:08 am
Hi Russell, Shan
My VPC cidr is 10.0.0.0/26. So will my VPC gateway be 10.0.0.1 by default?
Is the subnet mask equals to the IPV4 CIDR of the subnet in which the ENI is launched ?
Do we have to mention IPV4 CIDR of the subnet in which the ENI is launched in “from ” of rule-ethx ?
I followed all the steps mentioned above but still when i do iprule after restarting the network service , I see only the below –
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
Please help me out here. I don’t know where I am messing it up.
[ASK] server - Configuring multiple ENIs on an EC2 instance | Some Piece of Information
March 8, 2016 @ 6:01 am
[…] have been following this tutorial but can’t work out how to extend it to configure multiple IPs per interface. Also there seems […]
May 9, 2016 @ 1:30 am
Hi there,
Great article, thanks. Are you able to show the output of “ip rule” command please? Also can you show us the output of rule-eth0/route-eth0 and rule-eth1/route-eth1 for example?
Many thanks
Wayne
May 11, 2016 @ 9:15 am
Hi Wayne,
I’ve added the output of “ip rule” above. The sample contents of the rule/route files are already in #3 and #4 above.
December 26, 2016 @ 9:24 am
I a lot of trouble getting eth1 to work, but this article solved everything!
A few comments :
1. I didn’t have to set GATEWAYDEV. If I run into problem I’ll try and set it.
2. I had NetworkManager running on some the my instances, which made things just not work. So I erased it and stopped it.
I don’t know if it helps, but I had NetworkManager running for some reason.
March 2, 2017 @ 3:30 am
This solution seems to be working if both NICs eth0 and eth1 are UP and with assigned IPs. A few issues…
– I can get an IP in eth0 but eth1 is unable to get an IP. tcpdump shows that the DHCP server gives back an IP, but eth1 cannot bring up?
– since route- and rule- can only be set with an IP how’s this set automatically from from DHCP?
Any ideas?
May 23, 2018 @ 6:29 pm
As Klaus mentioned, NetworkManager breaks this – the interface rules files (rule-ethX) will be ignored.
To keep this from happening without disabling NetworkManager, in the device config files ifcfg-ethX (step 2), add the following line:
NM_CONTROLLED=”no”
Tip: assign multiple IP addresses to an EC2 instance - Cloud Insidr
June 10, 2018 @ 6:33 pm
[…] instance on EC2 can have one or more network interfaces (depending on instance type) with one or more IPs […]
What to note: Assigning Multiple IPs’ to an Instance – Learn [Solve IT]
May 16, 2020 @ 6:59 am
[…] INFO: AWS announced sometime between 2012 and 2014 that a single ENI can have multiple EIPs assigned to it. This answer, and the question, are no longer relevant as a result.– https://aws.amazon.com/premiumsupport/knowledge-center/attach-second-eni-auto-scaling/– https://www.internetstaff.com/multiple-ec2-network-interfaces-on-red-hat-centos-7/ […]
May 31, 2020 @ 4:44 am
Has anyone tried this solution recently?
I have tried this on a Centos 7.7.1908 (Core) and see these issues.
– Once changes are made network service won’t restart ( network.service: control process exited, code=exited status Failed to start
LSB: Bring up/down networking. Subject: Unit network.service has failed — Defined-By: systemd
– After rebooting the server, I can connect using secondary ENI but Primary stops working.
Here’s the output of IP Addr show command:
eth0: mtu 9001 qdisc mq state UP group default qlen 1000
link/ether 0a:75:67:dc:86:d8 brd ff:ff:ff:ff:ff:ff
inet 172.27.70.133/26 brd 172.27.70.191 scope global dynamic eth0
valid_lft 2635sec preferred_lft 2635sec
inet6 fe80::875:67ff:fedc:86d8/64 scope link
valid_lft forever preferred_lft forever
: eth1: mtu 9001 qdisc mq state UP group default qlen 1000
link/ether 0a:d7:2a:17:2c:f0 brd ff:ff:ff:ff:ff:ff
inet 172.27.70.176/26 brd 172.27.70.191 scope global dynamic eth1
valid_lft 2794sec preferred_lft 2794sec
inet6 fe80::8d7:2aff:fe17:2cf0/64 scope link
valid_lft forever preferred_lft forever
Any ideas how to get around this?
Thanks
March 9, 2021 @ 3:57 am
Hi Zafar,
I got the same result as you, after rebooting the server, I can connect using secondary ENI but Primary stops working.
For ifcfg-eth1, I copied the eth0 and changed the HWADDR only.
BOOTPROTO=dhcp
DEVICE=eth1
HWADDR=0a:17:86:08:db:a8
ONBOOT=yes
TYPE=Ethernet
USERCTL=no
For rule-eth1, do it need another record like below except the from record?
to 172.28.4.20/32 table 2
Thanks.
February 4, 2021 @ 9:44 am
It helps me fixing my issue, thanks much!!
March 9, 2021 @ 4:00 am
Hi Wei,
I am glad that it’s working for you.
If you can give me some help that would be great.
This is my email: hejiachang100@gmail.com
Thanks.
Assigning Multiple IPs’ to an Instance – TechGeekArchive
October 11, 2021 @ 7:05 am
[…] INFO: AWS announced sometime between 2012 and 2014 that a single ENI can have multiple EIPs assigned to it. This answer, and the question, are no longer relevant as a result.– https://aws.amazon.com/premiumsupport/knowledge-center/attach-second-eni-auto-scaling/– https://www.internetstaff.com/multiple-ec2-network-interfaces-on-red-hat-centos-7/ […]
January 24, 2022 @ 11:03 am
Hi,
How can this be automated using cloud-init functionality. I see that Oracle Enterprise Linuz 7.X does not require this manual configuration and cloud init creates all the files (ifcfg-eth1, route-eth1, rule-eth1) but these are not getting created in CentOS7
Resolved: Server not accessible on eth1 (additional network interface) CentOS 7 on AWS EC2 - Resolved Problem
April 6, 2022 @ 10:23 am
[…] no one but this guy at: https://www.internetstaff.com/multiple-ec2-network-interfaces-on-red-hat-centos-7/ helped me. For preserving information if the link becomes invalid in future, here is the fruitful […]
Resolved: VirtualHost fails with multiple interfaces - Resolved Problem
April 7, 2022 @ 3:30 am
[…] to serve multiple websites, but for some reason it just returns the main document root. I followed this tutorial to get multiple interfaces working. What is wrong: The website should show […]