Tencent Cloud Elastic Network Interface (ENI) is an elastic interface for network access that binds Cloud Virtual Machine (CVM) servers on a Virtual Private Cloud (VPC) for seamless migration among multiple CVM servers. Multiple ENIs can be bound to one CVM server to create a highly available network. Further, multiple private IPs can be bound to one ENI to enable a single-server multi-IP deployment.
ENI supports migration among CVM servers, helping you achieve a low-cost, high-availability solution. For example, one ENI can be used as the network interface for critical services, and if the CVM instance providing these services fails, its ENI can be connected to another pre-configured healthy instance for quick service recovery.
ENI supports high-reliability cluster deployment based on multiple network interfaces where key components of the system architecture must ensure high system availability through multi-server hot backup. ENI and private IP that support flexible binding and unbinding can be used to configure a Keepalived-based disaster recovery solution, achieving high reliability of key components.
ENI supports the creation of multiple security policies for the network. One ENI can be used to handle external communication by configuring a security group policy to manage access from the Internet to the server, and another to manage internal communication by assigning to it multiple IPs of different VPC subnets and configuring different security group policies for the subnets so as to create a management network.
Multiple ENIs of different subnets can be configured for the CVM server with each subnet having its own network routes to isolate the traffic of public and private networks.
Multiple ENIs can be configured for one single CVM server with each ENI having multiple private IPs. For example, multiple ENIs can be deployed for a mid-layer web server to build a dual-host scheme; master and slave IP addresses can be assigned to ENI for quick migration in case of instance failure.
In addition to the primary ENI automatically generated during creation of a CVM server, multiple auxiliary ENIs can be bound to the CVM server. These ENIs can belong to different subnets in the same VPC or availability zone. Each one supports the configuration of an individual security group, and separate routing and forwarding policies can be configured for the subnets where the ENIs resides.
ENI can be freely migrated among CVM servers in the same VPC or availability zone. When the ENI is unbounded from the server, the private IP, elastic public IP and security group policy are retained, eliminating the need for re-association after migration.
Depending on the specs of the CVM server, an ENI can be bound with up to 30 private IPs, each of which can also be bound with individual elastic public IPs. One single server can open up multiple identical ports through multiple elastic public IPs. The binding relationship between the ENI and the private and public IPs does not change as the ENI is unbound from the server.
One CVM server can be bound to multiple ENIs in different subnets in the same VPC or availability zone, and separate routing and forwarding policies can be configured for the subnets to achieve network isolation. A routing policy can be set for the server to redirect the network traffic of specified destinations to different ENIs.
Network deployment of crucial businesses generally requires isolation among private, public and administrative networks. Data security and network isolation can be ensured through different routing and security group policies. Three ENIs on different subnets can be bound to the CVM server to achieve such isolation.
• In other words, three auxiliary ENIs on three different subnets can be configured for the server in VPC, and the three subnets are used for data transfer on the private network, service offering on the public network and administration on the private network.
• Each ENI can be bound with different security group policies for differentiated security policy control of different networks, ensuring security of the server and private network.
• Each subnet can be configured with different routing tables, allowing each ENI to have its own routing policy. For example, if the route of the data transfer subnet on the private network is set to point to private traffic such as Direct Connect gateway, VPN gateway or VPC Peering Connection, and the route of the subnet where the public ENI resides is set to point to public traffic such as NAT gateway or public gateway, the private and public networks can be isolated from each other.
• Different network ACL policies can be configured for the private, public and management networks to implement a 3-layer security policy control for subnets.
Key components of the system architecture must ensure high system availability through multi-server hot backup. Tencent Cloud provides ENI and private IP that support flexible binding and unbinding which can be used to configure a Keepalived-based disaster recovery solution to achieve high availability of key components.
• Two or more CVM servers can be purchased in the same subnet or different subnets (in the same availability zone) as disaster recovery units of the key components.
• API-based IP scheduling for multiple CVM servers can be made possible through CVM's Keepalived notification mechanism to achieve high multi-server availability.
• The flexible migration capabilities of ENI can be leveraged to migrate the ENI of a faulty CVM server to the backup server, enabling cluster-based disaster recovery.
Free of charge. For more information about the prices of VPC services, please see VPC Pricing doc.