AWS Elastic Network Interface (ENI)
Elastic Network Interface (ENI)
-
An Elastic Network Interface (ENI) is a virtual network interface that you can attach to an Amazon EC2 instance in your Virtual Private Cloud (VPC). ENIs are fundamental building blocks for your networking setup in AWS and offer flexibility in managing network configurations for your instances.
-
It is a logical networking component in the VPC that represents a virtual network card
-
You can only attach a network interface to instances in the same AZ
-
When you move a network interface from one instance to another, network traffic is redirected from the original instance to the new instance
-
Key features:
- Multiple ENIs per Instance: Each EC2 instance can have multiple ENIs attached, allowing for complex networking configurations.
- Persistent Attributes: Attributes like private IP addresses, security groups, and MAC addresses associated with an ENI persist independently of the lifecycle of the EC2 instance it’s attached to.
- Mobility: ENIs can be detached from one instance and attached to another within the same Availability Zone (AZ), facilitating failover and maintenance without changing network configurations.
-
Network Interface Concepts:
- Primary network interface: Each instance has a default network interface, called the primary network interface. You can't detach a primary network interface from an instance.
- Secondary network interfaces: You can create and attach secondary network interface to the instance
- IPv4 addresses for network interfaces: When you launch an EC2 instance into an IPv4-only or dual stack subnet, the instance receives a primary private IP address from the IPv4 address range of the subnet. You can also specify additional private IPv4 addresses, known as secondary private IPv4 addresses. Unlike primary private IP addresses, secondary private IP addresses can be reassigned from one instance to another.
- Elastic IP addresses for network interfaces: You can associate one Elastic IP address with each private IPv4 address. If you disassociate an Elastic IP address from a network interface, you can release it or associate it with a different instance.
-
How to differentiate primary and secondary ENIs:
- Primary ENI:
- Device index: 0
- Automatically created when you launch an EC2 instance.
- Cannot be detached while the instance is running.
- Associated with the instance’s primary private IPv4 address.
- Holds the instance’s public IPv4 address (if assigned).
- Contains essential attributes such as the MAC address and security groups.
- Secondary ENI
- Device index: 1 and above
- Can be attached or detached from the instance while it is running (depending on the instance type and configuration).
- Used for additional network interfaces, such as for management, monitoring, or application traffic.
- Each can have its own set of private IPv4 addresses, security groups, and other network configurations.
- Primary ENI:
-
Use secondary ENI for failover: ![[secondary_eni_failover.png]]