Tencent Cloud Elastic Network Interface (ENI) is an elastic interface for network access that binds Cloud Virtual Machine (CVM) servers on a Virtual Private Cloud (VPC) for seamless migration among multiple CVM servers. Multiple ENIs can be bound to one CVM server to create a highly available network. In addition, multiple private IPs can be bound to one ENI to enable a single-server multi-IP deployment.
Elastic Network Interface
A flexible, secure and highly reliable elastic interface for network access
Overview
Benefits
Elasticity
ENI supports migration among CVM servers, helping you achieve a low-cost, high-availability solution. For example, one ENI can be used as the network interface for critical services, and if the CVM instance providing these services fails, its ENI can be connected to another pre-configured healthy instance for quick service recovery.
High Reliability
ENI supports high-reliability cluster deployment based on multiple network interfaces in which key components of the system architecture must ensure high system availability through multi-server hot backup. You can use ENI and private IPs that support flexible binding and unbinding to configure a Keepalived-based disaster recovery solution to ensure the high reliability of key components.
Security
ENI supports the creation of multiple security policies for the network. One ENI can be used to handle external communication by configuring a security group policy to manage access from the Internet to the server, and another ENI can be used to manage internal communication by assigning to it multiple IPs of different VPC subnets and configuring different security group policies for the subnets to create a management network.
Isolation
Multiple ENIs of different subnets can be configured for the CVM server, with each subnet having its own network routes to isolate the traffic of public and private networks.
Flexibility
Multiple ENIs can be configured for one single CVM server, with each ENI having multiple private IPs. For example, multiple ENIs can be deployed for a mid-layer web server to build a dual-host solution. In case of instance failure, you can assign primary and secondary IP addresses to ENI for quick migration.
Features
Multi-network Interface Support
In addition to the primary ENI automatically generated during the creation of a CVM server, multiple auxiliary ENIs can be bound to the CVM server. These ENIs can belong to different subnets in the same VPC or availability zone. Each one supports the configuration of an individual security group, and separate routing and forwarding policies can be configured for the subnets where the ENIs reside.
Flexible Migration
ENI can be freely migrated among CVM servers in the same VPC or availability zone. When the ENI is unbounded from the server, the private IP, elastic public IP and security group policy are retained, eliminating the need for re-association after migration.
Multi-IP Support
Depending on the specs of the CVM server, an ENI can be bound with up to 30 private IPs, each of which can also be bound with individual elastic public IPs. One single server can open up multiple identical ports through multiple elastic public IPs. The binding relationship between the ENI and the private and public IPs does not change as the ENI is unbound from the server.
Independent Routing and Forwarding
One CVM server can be bound to multiple ENIs in different subnets in the same VPC or availability zone, and separate routing and forwarding policies can be configured for the subnets to achieve network isolation. You can set a routing policy for the server to redirect the network traffic of specified destinations to different ENIs.
Scenarios
Network Isolation
High-reliability Application Deployment
The network deployment of crucial businesses generally requires isolation among private, public and administrative networks. Data security and network isolation can be ensured through different routing and security group policies. Three ENIs on different subnets can be bound to the CVM server to achieve such an isolation.
• In other words, three auxiliary ENIs on three different subnets can be configured for the server in VPC, and the three subnets are used for data transfer on the private network, service offering on the public network and administration on the private network.
• Each ENI can be bound with different security group policies for differentiated security policy control of different networks, ensuring the security of the server and the private network.
• Each subnet can be configured with different routing tables, allowing each ENI to have its own routing policy. For example, if the route of the data transfer subnet on the private network is set to point to private traffic such as Direct Connect gateway, VPN gateway or VPC Peering Connection, and the route of the subnet where the public ENI resides is set to point to public traffic such as NAT gateway or public gateway, then the private and public networks can be isolated from each other.
• Different network ACL policies can be configured for the private, public and management networks to implement a 3-layer security policy control for subnets.
Key components of the system architecture must ensure high system availability through multi-server hot backup. Tencent Cloud provides ENI and private IPs that support flexible binding and unbinding, which can be used to configure a Keepalived-based disaster recovery solution to achieve high availability of key components.
• Two or more CVM servers can be purchased in the same subnet or different subnets (in the same availability zone) as disaster recovery units of the key components.
• API-based IP scheduling for multiple CVM servers can be made possible through CVM's Keepalived notification mechanism to achieve high multi-server availability.
• The flexible migration capabilities of ENI can be leveraged to migrate the ENI of a faulty CVM server to the backup server, enabling cluster-based disaster recovery.
Pricing
You can use ENI free of charge and only pay for other Tencent Cloud resources involved. For example, if you use ENI with EIPs, you would only pay for EIPs. For more information about EIP pricing, see Elastic IP Billing.