Network interfaces
In this article:
Network interfaces#
Networks are being attached to instances via network interfaces. Network interface can be created either in the subnet or in the virtual switch.
Network interface created in subnet:
has a private IP-address from the CIDR block of subnet IP addresses;
can be used as gateway at route creation in route tables;
has a MAC address, which is automatically allocated by the cloud;
cannot be detached from / attached to an instance if it is a primary network device.
Network interface created in a virtual switch:
has no addressing;
scan’t be used as gateway at route creation in route tables;
has a MAC address, which is automatically allocated by the cloud;
can be detached from an instance if it is not a primary network interface.
Network interface creation#
To create an interface, go to the Interfaces section and click Create.
In the dialog window for creating a network interface, select a network. If the selected network is a subnet, then the following options to assign Private IP are available:
auto assign — automatically assign random IP-address from the CIDR block of subnet IP addresses;
custom address — specified by user, must be from the CIDR block of subnet IP addresses.
You can also set the Name tag value and interface description. If you need to set additional tags, continue to the next step by clicking Add tags. If the Name tag has not been set, you can do this by clicking Add Name tag. To assign an arbitrary tag, click Add tag. Specify the tag key and value.
When all parameters are set, click Create.
Attach/detach network interface#
To attach a network interface, select it in the table and click Attach. In the dialog window that opens, select the instance you want to attach it to and click Attach again.
To detach a network interface, select it in the table and click Detach. In the dialog window, confirm the action by clicking Detach again.
Note
For more information about interface features and restrictions, please see Attach/detach network interfaces.
Network interface deletion#
If you want the network interface to be automatically deleted with the instance, go to the interface page and select Delete with the instance on the Information tab.
Note
To delete a network interface, you must first detach it from the instance.
Note
Deleting a network interface releases the associated Private and Elastic IP addresses.
To delete a network interface, go to the respective section, select the desired interface in the resource table and click Delete. You can delete several interfaces simultaneously. You can also delete a particular interface on its page in the Information tab.
Operations with interfaces#
Changing an Elastic IP#
To assign an available Elastic IP to a network interface of an instance in your VPC or release an Elastic IP assigned to a network interface, click the edit icon on the Information tab near the Elastic IP item on the interface page and select the desired IP address from the list.
To change the associated Elastic IP, go to the interface page and specify the new Elastic IP on the Information tab.
Attention
You can only associate/disassociate an Elastic IP if the network interface is created in a subnet.
Changing the network interface description#
To change the description of a network interface, go to the interface page and enter a new description on the Information tab.
Note
Only ASCII symbols are permitted to be used in the description.
Changing security groups#
To change the list of security groups associated with a network interface, go to the network interface page and click Change security groups on the Security group tab. Select one or more security groups from the list and confirm the action.
Attention
This can be done only if the network interface was created in a subnet.
Note
If source/destination check (source-dest-check) is disabled on the selected interface and at least one of the added security groups is a source in the inbound rules of this or any other group, then you cannot associate such security groups with the network interface.
Change the Source/destination check (source-dest-check) attribute#
This function is enabled by default for all newly created interfaces in subnets. When source-dest-check is enabled for an interface, every IP packet passing through this interface must be sent from or targeted to the IP address of this interface.
If you need to setup routing or NAT on the instance, you must disable source-dest-check on its network interface.
To change source-dest-check, go to the network interface page. In the Information tab, select the desired interface operation mode (Enabled/Disabled) for the Source/dest. check parameter.
Note
If a network interface is associated with a security group and this group is listed as a source in an inbound rule of any security group, including itself. You cannot disable source-dest-check for the network interface.
Network interface information#
For general information about the available network interfaces, see the Network Interfaces section. To view a summary table of all network interfaces in the project, select All VPC in the VPC filter. To display network interfaces from a particular VPC, select the desired VPC in the filter.
To view detailed information about a particular network interface, go to the Network Interfaces section and select the desired interface from the list. To facilitate the interface search, select its relevant VPC in the VPC filter or use the table search.
Once you have selected the desired network interface, click its ID. In addition to information about the interface itself, the network interface page contains information about the security groups and tags assigned to it.
The Information tab displays the interface data, details of its attachment to the instance, addresses (MAC address, Private IP, and Elastic IP), logical placement information (VPC, Availability Zone, and Subnet), and the number of associated security groups. Here, you can also attach or detach the interface or delete it.
In the Security groups tab, you can view the IDs, names, and descriptions of associated security groups. Here, you can also change security groups associated with the interface.
In the Tags tab, you can view tags assigned to the network interface. You can add or change tags of the network interface.