Network Interface
The KakaoCloud network interface is a virtual network card that allows resources within a VPC to connect logically and communicate. Users can create, modify, and delete network interfaces, connect them to instances within the same availability zone, or detach a secondary (non-primary) network interface already connected.
- Multi-network interface support will be added soon.
- Multi-IP per network interface support will be added soon.
Components
A network interface consists of the following components:
- Primary private IPv4 address within the VPC’s IPv4 range
- Secondary private IPv4 addresses within the VPC’s IPv4 range
- One public IP address per private IPv4 address
- One or more security groups
- MAC address
Concepts
The following concepts are essential for understanding network interfaces:
1. Primary Network Interface
The primary network interface is created by default when an instance is created. Every instance must be connected to a primary network interface, which cannot be detached from the instance.
2. Secondary Network Interface
Any additional network interface attached to an instance is referred to as a secondary network interface. The maximum number of network interfaces that can be attached varies depending on the instance family and size. Secondary network interfaces can be freely added or detached as long as they do not exceed the maximum number.
3. Primary or Secondary Private IPv4 Addresses for a Network Interface
Each network interface is assigned a primary private IPv4 address within the VPC subnet CIDR range. Additional secondary private IPv4 addresses can also be allocated as needed.
4. Public IPv4 Address for a Network Interface
A public IP address can be associated with one private IPv4 address of a network interface. The network interface with an attached public IP can communicate externally via the internet gateway until the public IP is detached.
5. Source/Destination Check
Each network interface can have source/destination checks enabled or disabled. This setting is enabled by default. If the connected instance performs NAT, routing, or firewall functions, this setting should be disabled.
6. Security Group
Security groups can be assigned to network interfaces. All instance types, except Bare Metal, must have at least one security group configured. For more information, refer to Security Groups.
Attach network interface
Consider the following when attaching a network interface:
- Only network interfaces within the same availability zone as the instance can be selected for attachment.
- Secondary network interfaces can be detached from a running instance, but the primary network interface cannot be detached under any circumstances.
- When connecting a network interface to an instance, the instance status must be either
ActiveorStopped. - Manually assigned private IPv4 addresses can be configured for a network interface if it matches the CIDR range of the VPC subnet to which the instance is attached.
- Attaching multiple network interfaces within the same subnet to a single instance may result in asymmetric routing issues. In such cases, requests and responses may traverse different paths, causing firewall packet blocking. It is recommended to connect multiple network interfaces to separate subnets.
- The number of network interfaces that can be attached to an instance depends on the instance family and size.
- Except for the bonding feature on Bare Metal instances, connecting multiple network interfaces does not increase network bandwidth.
- When using multiple network interfaces, static routing configurations on the instance may be necessary for proper functionality.