An Elastic IP is an IP address you can assign to one or several instances in addition to its regular IP address. There are several uses for this new feature:

  1. Fixed IP address: the IP address is not attached to a specific instance and can be attached to a different instance at will.
  2. Multiple IP addresses: an instance can receive an arbitrary number of elastic IP (useful for TLS without SNI).
  3. High availability: the IP address can be moved to another instance in case of failure of the first instance.

Reserving IP addresses

The first step is to reserve an IP address. This can be done through the portal. In the Compute tab, choose the IP Addresses tab. You should see the following screen:

IP addresses empty screen

Ensure you select the right availability zone and press the Add button. After a few seconds, the reserved IP address appears in your account:

One IP address allocated

You can reserve as many IP addresses as you want. You will be billed for each IP address reserved. Once you don’t need an IP address anymore, use the Delete icon to release it.

To see more details, click on the Edit icon. From here, you can modify the reverse DNS entry for the IP, associate the instances and see the currently assigned instances. We’ll explore this part of the interface in the following sections.

Details of a reserved IP address

Assigning an IP address

The second step is to assign the IP address to an instance. There are two ways to do that. The first way is to go the IP Addresses tab, locate your IP address and click on the Edit icon. Then, choose the appropriate instance in the drop-down menu:

Assigning an IP address to an instance

The second way is to go to the details of your instance. You should find a section Additional IP addresses with a drop-down menu to select the IP address you want to use with this instance:

Assigning an IP address to an instance

Configuring the instance to use the IP address

While the traffic targeted at this IP address is now directed to the specified instance, you need to configure the new address directly on your instance as well. Currently, we’ll cover only Debian/Ubuntu and CentOS.

Debian/Ubuntu

In /etc/network/interfaces.d/eip.cfg, add the following snippet:

auto lo:1
iface lo:1 inet static
    address 159.100.241.235/32

Then, use ifup lo:1 to enable the IP. It will also be enabled automatically on boot. From here, you should be able to ping your instance and any service authorized in the associated security group should be reachable with this EIP as well.

If you need to add an additional IP, use lo:2, lo:3, etc.

CentOS

Create a /etc/sysconfig/network-scripts/ifcfg-lo:1 file with the following content:

DEVICE=lo:1
IPADDR=159.100.241.235
NETMASK=255.255.255.255
ONBOOT=yes
NAME=lo1

Then, use ifup lo:1 to enable the IP. It will also be enabled automatically on boot. You should be able to ping the IP address and any service authorized in the associated security group should be reachable with this EIP as well.

If you need to add an additional IP, use lo:2, lo:3, etc.

CoreOS

Create the configuration file for loopback interface ‘/etc/systemd/network/loopback-alias.network’, with the following content:

[Match]
Name=lo

[Network]

[Address]
Label=lo:1
Address=172.16.253.10/32

Ensure that systemd-networkd is enable: sudo systemctl enable systemd-networkd.service

To apply the configuration, run sudo systemctl restart systemd-networkd to restart. It will also be enabled automatically on boot. You should be able to ping the IP address and any service authorized in the associated security group should be reachable with this EIP as well.

You can add multiple loopback Address blocks.

Other Linux

You can manually add the IP address on any Linux instance with the following command:

ip addr add 159.100.241.235/32 dev lo

But it will be lost if you reboot the instance.

OpenBSD

Configure your Elastic IP with this single command:

echo inet 159.100.241.235/32 > /dev/hostname.lo1

You can reconfigure your network on the fly with

sh /etc/netstart

Windows

As a first step, we need to install a special driver. For this, open a command line and execute the following command:

hdwwiz

You should get the Add Hardware wizard:

Windows: add hardware

Click on Next. On the next screen, choose the second option:

Windows: add hardware

Click on Next. On the next screen, choose Network adapters:

Windows: add hardware

Click on Next. On the next screen, choose Microsoft in the left list, then Microsoft KM-TEST Loopback Adapter in the right list:

Windows: add hardware

Click on Next, then on Install.

Open a command-line and execute ipconfig /all. You should find an interface named Ethernet 2 whose description is Microsoft KM-TEST Loopback. Let’s rename it:

netsh interface set interface name="Ethernet 2" newname="Loopback"

You only need to execute those steps once per instance.

To add the EIP, you now need to type the following command:

netsh interface ip add address Loopback 159.100.241.235 255.255.255.255

Use the same command when you need to add additional IPs.

Using the API

All the steps described above can be done with the API. Notably, the following API requests can be used:

Examples

Let’s examine some use cases.

Fixed IP address

The first use case is to use a fixed IP address you can move from one instance to another. Typically, you are upgrading your web server to a new instance and you want to switch the IP address from the old instance to the new one without relying on DNS. This is also known as blue-green deployment.

First, you need to follow those steps to use an EIP with the current instance (unless the current instance is already using an EIP):

  1. Reserve a EIP address
  2. Assign the EIP address to the current instance
  3. Configure the EIP address inside the current instance
  4. Update your DNS configuration to use the EIP address
  5. Wait a bit for the DNS to catch the change

Now, when your new server is ready to take over, follow these steps:

  1. Configure the EIP address inside the new instance (this has currently no effect, the traffic still goes to the old instance)
  2. Assign the EIP address to the new instance (the new instance may or may not receive traffic)
  3. Unassign the EIP address from the old instance (the old instance will stop receiving traffic and the new one will receive traffic)
  4. Unconfigure the EIP address from inside the old instance

Multiple IP addresses

The second use case is the need to use several IP addresses on the same machine. This can be needed if you want to use multiple TLS certificates or run several instances of the same service.

Here are the steps:

  1. Reserve several EIP addresses
  2. Assign the EIP addresses to the target instance
  3. Configure the EIP addresses inside the target instance (first one on lo:1, second one on lo:2, etc.)

High availability

The third use case is to setup an highly available service. When an instance fails, you can quickly transfer traffic to the remaining instances.

Here are the steps:

  1. Reserve a EIP address
  2. Assign the EIP address to each instance of a group
  3. Configure the EIP address inside each instance

From here, only one of the instance will receive traffic. If you stop this instance or unassign the IP address from this instance, another instance will automatically take over the traffic.

This use case needs some automation to really be efficient. You could use your monitoring system to remove the IP address from failed instances using the API. Have a look at our “HAProxy Elastic IP Automatic failover” blog post for an example.

Fixed source IP address

In the configuration samples, the elastic IP address is set up as an additional IP address for your instance: the original IP address still works and is used for outgoing connections. You should not remove the original IP address as the elastic IP address won’t work without it. Moreover, if you have to move the elastic IP to another instance, the original instance won’t be accessible anymore.

There are some cases where you would want to use the elastic IP as a source IP address (for example, if you run an SMTP server). The easiest way to achieve this is to configure the elastic IP address directly in your software configuration. For instance, with Postfix, you can add the following line in /etc/postfix/main.cf:

smtp_bind_address = 159.100.241.235

Most software have a similar setting for outgoing connections. Search for the bind keyword in the documentation.