Concept:
An Elastic Network
Interface (ENI) in AWS is basically a virtual network card.
It represents a network connection for an EC2 instance, with its own:
- Private IP address (primary and secondary)
- Public IP address (if applicable)
- MAC address (Media Access Control)
- Security Groups
- Subnet
- Description and tags
Key points about ENIs:
- twtech can attach or detach an ENI
to/from EC2 instances on the fly (in the same Availability Zone).
- ENIs are super useful for high availability, failover,
or moving network interfaces between instances.
- A primary ENI is created by default when twtech
launches an EC2.
- twtech can create additional ENIs manually and
attach multiple ENIs to a single EC2 (depending on instance type limits).
- Trunk interfaces
can be used with ENIs for high-scale networking setups (like with
containers).
Common use cases:
- Network appliances
(e.g., firewalls, load balancers)
- Failover scenarios
(move ENI to standby instance)
- Separation of traffic
(different ENIs for front-end and back-end traffic)
- Multi-homed instances
(connect to different subnets/VPCs via routing tricks)
Insights:
• it is the Logical component in a VPC that represents a
virtual network card.
• The ENI can have the following attributes.
• It has one Primary private IPv4 and one or more
secondary IPv4.
• it has one Elastic IP (IPv4)
per private IPv4.
• it has one Public IPv4 and
One or more security groups.
• it has a MAC (Media
Access Control) address.
• twtech may create
ENI independently and attach them on the fly (move them) on EC2 instances for
failover. (Failover is when a system
automatically switches to a backup or standby
system when the main system fails or goes down)
• It is bound to a specific availability zone (AZ).
Project:
Go to aws ec2 services
For this project twtech is Launching two instances: twtech-db-servers
Select one of the instance to configure the network
interface:
Edit nwtework settings:
Select
a security group or create one:
Verify on ec2 console that the instances are created:
Verify that the instances are created with ENI ( elastic network interfaces) attached
Insights:
Each interface contains:
One Public IPv4 address, one Private IPv4 address and one Private
IPv4 DNS
Each instance has a distinct network interface.
The network interfaces are attached to instances because
they are created with the instance.
However,
they can be managed with the following
actions.
How twtech creates a
new Elastic Network Interface (ENI)and attach to
an existing instance:
Assign a name to the ENI: twtech-db-server1-ENI
Very
import:
Select the subnet that corresponds to instance AZ that the instance would be attached later to.
Also select the interface type:
Attach a security group to the ENI:
Add a tag and Create network interface:
Status is still available. ENI still needs to be attached to an instance to get
it to use:
From:
Choose an instance to attach the ENI to:
To:
Now
the status of the ENI has change to: IN-USE:
The ENI can be detached from one instance and attached
to another instance.
How twtech detaches ENI from one instance and attach it to another
instance:
Status of ENI changes back to: Available:
Now, twtech can attach the detached ENI to another instance in the same AZ.
Successfully, twtech has detached ENI from one instance and
attached it to another instance in the same AZ.
Status goes back to:
in-sue
twtech-insights:
What would happen if the instances are terminated.
The ENI that were created with the instances would be
automatically detached, and deleted.
However, the ENI that was create and attached to instance would
stay: available.
NB: it may take a
couple of minutes to be fully detached and delete
From:
To:
https://aws.amazon.com/blogs/aws/new-elastic-network-interfaces-in-the-virtual-private-cloud/
No comments:
Post a Comment