Elastic Network Interface

A flexible, secure and highly reliable elastic interface for network access that enables seamless migration among multiple Cloud Virtual Machine (CVM) servers

Overview

Tencent Cloud Elastic Network Interface (ENI) is an elastic interface for network access that binds Cloud Virtual Machine (CVM) servers on a Virtual Private Cloud (VPC) for seamless migration among multiple CVM servers. Multiple ENIs can be bound to one CVM server to create a highly available network. Further, multiple private IPs can be bound to one ENI to enable a single-server multi-IP deployment.

Benefits

Elasticity

ENI supports migration among CVM servers, helping you achieve a low-cost, high-availability solution. For example, one ENI can be used as the network interface for critical services, and if the CVM instance providing these services fails, its ENI can be connected to another pre-configured healthy instance for quick service recovery.

High Reliability

ENI supports high-reliability cluster deployment based on multiple network interfaces where key components of the system architecture must ensure high system availability through multi-server hot backup. ENI and private IP that support flexible binding and unbinding can be used to configure a Keepalived-based disaster recovery solution, achieving high reliability of key components.

Security

ENI supports the creation of multiple security policies for the network. One ENI can be used to handle external communication by configuring a security group policy to manage access from the Internet to the server, and another to manage internal communication by assigning to it multiple IPs of different VPC subnets and configuring different security group policies for the subnets so as to create a management network.

Isolation

Multiple ENIs of different subnets can be configured for the CVM server with each subnet having its own network routes to isolate the traffic of public and private networks.

Flexibility

Multiple ENIs can be configured for one single CVM server with each ENI having multiple private IPs. For example, multiple ENIs can be deployed for a mid-layer web server to build a dual-host scheme; master and slave IP addresses can be assigned to ENI for quick migration in case of instance failure.

Features

ENI features multi-network interface support, flexible migration and multi-IP support.
Multi-network Interface Support

In addition to the primary ENI automatically generated during creation of a CVM server, multiple auxiliary ENIs can be bound to the CVM server. These ENIs can belong to different subnets in the same VPC or availability zone. Each one supports the configuration of an individual security group, and separate routing and forwarding policies can be configured for the subnets where the ENIs resides.

Scenarios

Network Isolation

Network deployment of crucial businesses generally requires isolation among private, public and administrative networks. Data security and network isolation can be ensured through different routing and security group policies. Three ENIs on different subnets can be bound to the CVM server to achieve such isolation.
• In other words, three auxiliary ENIs on three different subnets can be configured for the server in VPC, and the three subnets are used for data transfer on the private network, service offering on the public network and administration on the private network.
• Each ENI can be bound with different security group policies for differentiated security policy control of different networks, ensuring security of the server and private network.
• Each subnet can be configured with different routing tables, allowing each ENI to have its own routing policy. For example, if the route of the data transfer subnet on the private network is set to point to private traffic such as Direct Connect gateway, VPN gateway or VPC Peering Connection, and the route of the subnet where the public ENI resides is set to point to public traffic such as NAT gateway or public gateway, the private and public networks can be isolated from each other.
• Different network ACL policies can be configured for the private, public and management networks to implement a 3-layer security policy control for subnets.

High-reliability Application Deployment

Key components of the system architecture must ensure high system availability through multi-server hot backup. Tencent Cloud provides ENI and private IP that support flexible binding and unbinding which can be used to configure a Keepalived-based disaster recovery solution to achieve high availability of key components.
• Two or more CVM servers can be purchased in the same subnet or different subnets (in the same availability zone) as disaster recovery units of the key components.
• API-based IP scheduling for multiple CVM servers can be made possible through CVM's Keepalived notification mechanism to achieve high multi-server availability.
• The flexible migration capabilities of ENI can be leveraged to migrate the ENI of a faulty CVM server to the backup server, enabling cluster-based disaster recovery.