AWS EC2 Ubuntu 18.04 secondary IP with Netplan

To add an extra Elastic IP (EIP) to an EC2 instance, it’s necessary to associate a secondary private IP address to it first. This tutorial explains how to configure multiple private IPs on a single network interface (ENI) with netplan on Ubuntu 18.04.

Note: NetPlan is a new network configuration tool introduced in Ubuntu 17.10

Adding a second private IP on EC2 Ubuntu 18.04 LTS instance

There should be already a netplan DHCP config for a primary private IP address /etc/netplan/50-cloud-init.yaml containing:

# This file is generated from information provided by
# the datasource.  Changes to it will not persist across an instance.
# To disable cloud-init's network configuration capabilities, write a file
# /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following:
# network: {config: disabled}
    version: 2
            dhcp4: true
                macaddress: 12:36:43:cd:65:da
            set-name: eth0

Create a new config /etc/netplan/60-secondary-ip.yaml with the following content:

    version: 2
    renderer: networkd

Where is primary private IP acquired by DHCP and is secondary private IP assigned manually to the EC2 instance (multiple addresses are allowed). Put the DHCP IP ahead of the secondary IP.

Then apply the new netplan config, with automatic rollback:

netplan try

If everything’s alright, then hit Enter to apply the config to the running system.

7 thoughts on “AWS EC2 Ubuntu 18.04 secondary IP with Netplan”

    • Hey George, thanks for the feedback. In the example, the network interface is eth0, and you might need to change it according to your system network interface naming.

  1. This solution assumes that the primary ip address (assigned by DHCP) is known, Is there any way to have the primary address assigned by DHCP and the secondary one set to static, without knowledge of what the primary address is?

    • You can skip the line with primary IP, it’ll be assigned anyway, but Ubuntu will see it as a secondary IP in this case

  2. Thank you, definitely working, just one thing though. Oddly enough, my network interface is shown as eth0 in the AWS console, but when reading `/etc/netplan/50-cloud-init.yaml`, it was showing ens5. I used therefore ens5 to configure `/etc/netplan/60-secondary-ip.yaml` and it worked like a charm.

  3. Just what I needed. Followed your example, it worked well.
    Just to expand a bit, I was stuck on how to assign multiple elastic IPs to the same instance.
    Here it is soup-to-nuts:

    1) Login on the EC2 console -> Network & Security -> Network Interfaces
    2) Your one interface should be listed, select it, then Actions -> Manage IP Addresses
    3) Next screen, you need to expland the interface by clicking on the arrow to see existing ‘private’ addresses, e.g. not routable on the internet
    4) You should see one private address already associated with your instance.
    Think of it this way, aws gives you a public elastic IP that works on the internet. Internally they route that traffic to your private IP on your instance.
    5) Click on the box “Assign new IP address” — this is a little wierd, a box will pop up with ‘Auto-assign’ — DON’t CHANGE ANYTHING, go to the bottom of the page and click ‘Save’
    6) To confirm, repeat the steps starting at 1 and you should see your new private IP, but it won’t be associated with a Public IP address yet (DON’T MAKE ANY CHANGE).
    7) Back to the EC2 console -> Network & Security -> Elastic IPs
    8) Click on “Allocated Elastic IP address”
    9) On the new screen, leave the default selection “Amazon’s pool of IPv4…”,
    Click “Allocate”
    10) A new screen will appear with the address show, at the top click
    on “Associate this Elastic IP address”
    11) New screen will popup “Associate Elastic IP address” –
    for the ‘Resource Type’, select ‘Network interface’.
    In “Network interface” click in the empty box, and your interface should appear, select it.
    In “Private IP address”, click in the empty box and select the new private ip.
    12) Whew! Almost there. If you go back to “Network & Security” -> “Elastic IPs” you should see the new IP, and if you scroll the window to the right, you’ll see a column “Private IP Address”, it should agree.
    13) Now we need to tell Ubuntu to expect traffic over this new interface. Before
    doing the netplan changes, you can test it on the command line. Replace the with your private IP address.

    sudo ip addr add dev eth0

    14) Ask ubuntu to show you it’s using the new address:

    ip address show dev eth0

    2: eth0: mtu 9001 qdisc mq state UP group default qlen 1000
    link/ether 02:88:c0:c8:08:96 brd ff:ff:ff:ff:ff:ff
    inet brd scope global dynamic eth0
    valid_lft 1800sec preferred_lft 1800sec
    inet brd scope global secondary eth0
    valid_lft forever preferred_lft forever

    15) From a remote system, you should be able to SSH to the new public elastic IP and reach your instance.
    16) As outlined above, make the netplan changes to survive a reboot.

Comments are closed.