Enable enhanced networking with ENA on your EC2 instances - Amazon Elastic Compute Cloud

Enable enhanced networking with ENA on your EC2 instances

Amazon EC2 provides enhanced networking capabilities through the Elastic Network Adapter (ENA). To use enhanced networking, you must use an AMI that includes the required ENA driver or manually install it. Then you can enable ENA support on your instance.

To review release notes or install instructions for an ENA driver, see the tab that matches your instance operating system platform.

Linux

You can review the following documentation on GitHub:

Windows

You can review the following documentation from the Manage device drivers section of this guide:

For Nitro-based instances, enhanced networking capabilities vary by the Nitro version that the instance type implements.

To review network specifications for your instance, choose the instance family link for your instance type. If you're not sure which instance family applies, see Naming conventions in the Amazon EC2 Instance Types guide.

Prerequisites for enhanced networking with ENA

To prepare for enhanced networking using the ENA, set up your instance as follows:

  • Launch a Nitro-based instance.

  • Ensure that the instance has internet connectivity.

  • If you have important data on the instance that you want to preserve, you should back that data up now by creating an AMI from your instance. Updating the ENA kernel driver and enabling the enaSupport attribute might render incompatible instances or operating systems unreachable. If you have a recent backup, your data will still be retained if this happens.

  • Linux instances – Launch the instance using a supported version of the Linux kernel and a supported distribution, so that ENA enhanced networking is enabled for your instance automatically. For more information, see ENA Linux Kernel Driver Release Notes.

  • Windows instances – If the instance is running Windows Server 2008 R2 SP1, ensure that is has the SHA-2 code signing support update.

  • Use AWS CloudShell from the AWS Management Console, or install and configure the AWS CLI or the AWS Tools for Windows PowerShell on any computer you choose, preferably your local desktop or laptop. For more information, see Access Amazon EC2 or the AWS CloudShell User Guide. Enhanced networking cannot be managed from the Amazon EC2 console.

Test whether enhanced networking is enabled

You can test whether enhanced networking is enabled in your instances or your AMIs.

Instance attribute

To check whether an instance has the enhanced networking enaSupport attribute set, use one of the following commands. If the attribute is set, the response is true.

  • describe-instances (AWS CLI)

    aws ec2 describe-instances --instance-ids instance_id --query "Reservations[].Instances[].EnaSupport"
  • Get-EC2Instance (Tools for Windows PowerShell)

    (Get-EC2Instance -InstanceId instance-id).Instances.EnaSupport
Image attribute

To check whether an AMI has the enhanced networking enaSupport attribute set, use one of the following commands. If the attribute is set, the response is true.

  • describe-images (AWS CLI)

    aws ec2 describe-images --image-id ami_id --query "Images[].EnaSupport"
  • Get-EC2Image (Tools for Windows PowerShell)

    (Get-EC2Image -ImageId ami_id).EnaSupport
Linux network interface driver

Use the following command to verify that the ena kernel driver is being used on a particular interface, substituting the interface name that you want to check. If you are using a single interface (default), this is eth0. If your Linux distribution supports predictable network names, this could be a name like ens5. For more information, expand the section for RHEL, SUSE, and CentOS in Enable enhanced networking on your instance.

In the following example, the ena kernel driver is not loaded, because the listed driver is vif.

[ec2-user ~]$ ethtool -i eth0 driver: vif version: firmware-version: bus-info: vif-0 supports-statistics: yes supports-test: no supports-eeprom-access: no supports-register-dump: no supports-priv-flags: no

In this example, the ena kernel driver is loaded and at the minimum recommended version. This instance has enhanced networking properly configured.

[ec2-user ~]$ ethtool -i eth0 driver: ena version: 1.5.0g firmware-version: expansion-rom-version: bus-info: 0000:00:05.0 supports-statistics: yes supports-test: no supports-eeprom-access: no supports-register-dump: no supports-priv-flags: no

Enable enhanced networking on your instance

The procedure that you use depends on the operating system of the instance.

Amazon Linux 2 and the latest versions of the Amazon Linux AMI include the kernel driver required for enhanced networking with ENA installed and have ENA support enabled. Therefore, if you launch an instance with an HVM version of Amazon Linux on a supported instance type, enhanced networking is already enabled for your instance. For more information, see Test whether enhanced networking is enabled.

If you launched your instance using an older Amazon Linux AMI and it does not have enhanced networking enabled already, use the following procedure to enable enhanced networking.

To enable enhanced networking on Amazon Linux AMI
  1. Connect to your instance.

  2. From the instance, run the following command to update your instance with the latest kernel drivers, including ena:

    [ec2-user ~]$ sudo yum update
  3. From your local computer, reboot your instance using the Amazon EC2 console or one of the following commands: reboot-instances (AWS CLI) or Restart-EC2Instance (AWS Tools for Windows PowerShell).

  4. Connect to your instance again and verify that the ena kernel driver is installed and at the minimum recommended version using the modinfo ena command from Test whether enhanced networking is enabled.

  5. [EBS-backed instance] From your local computer, stop the instance using the Amazon EC2 console or one of the following commands: stop-instances (AWS CLI) or Stop-EC2Instance (AWS Tools for Windows PowerShell).

    [Instance store-backed instance] You can't stop the instance to modify the attribute. Instead, proceed to this procedure: To enable enhanced networking on Amazon Linux AMI (instance store-backed instances).

  6. From your local computer, enable the enhanced networking attribute using one of the following commands:

  7. (Optional) Create an AMI from the instance, as described in Create an Amazon EBS-backed AMI. The AMI inherits the enhanced networking enaSupport attribute from the instance. Therefore, you can use this AMI to launch another instance with enhanced networking enabled by default.

  8. From your local computer, start the instance using the Amazon EC2 console or one of the following commands: start-instances (AWS CLI) or Start-EC2Instance (AWS Tools for Windows PowerShell).

  9. Connect to your instance and verify that the ena kernel driver is installed and loaded on your network interface using the ethtool -i ethn command from Test whether enhanced networking is enabled.

    If you are unable to connect to your instance after enabling enhanced networking, see Troubleshoot the ENA kernel driver on Linux.

To enable enhanced networking on Amazon Linux AMI (instance store-backed instances)

Follow the previous procedure until the step where you stop the instance. Create a new AMI as described in Create an instance store-backed AMI, making sure to enable the enhanced networking attribute when you register the AMI.

  • register-image (AWS CLI)

    aws ec2 register-image --ena-support ...
  • Register-EC2Image (AWS Tools for Windows PowerShell)

    Register-EC2Image -EnaSupport $true ...

The latest Ubuntu HVM AMIs include the kernel driver required for enhanced networking with ENA installed and have ENA support enabled. Therefore, if you launch an instance with the latest Ubuntu HVM AMI on a supported instance type, enhanced networking is already enabled for your instance. For more information, see Test whether enhanced networking is enabled.

If you launched your instance using an older AMI and it does not have enhanced networking enabled already, you can install the linux-aws kernel package to get the latest enhanced networking drivers and update the required attribute.

To install the linux-aws kernel package (Ubuntu 16.04 or later)

Ubuntu 16.04 and 18.04 ship with the Ubuntu custom kernel (linux-aws kernel package). To use a different kernel, contact Support.

To install the linux-aws kernel package (Ubuntu Trusty 14.04)
  1. Connect to your instance.

  2. Update the package cache and packages.

    ubuntu:~$ sudo apt-get update && sudo apt-get upgrade -y linux-aws
    Important

    If during the update process you are prompted to install grub, use /dev/xvda to install grub onto, and then choose to keep the current version of /boot/grub/menu.lst.

  3. [EBS-backed instance] From your local computer, stop the instance using the Amazon EC2 console or one of the following commands: stop-instances (AWS CLI) or Stop-EC2Instance (AWS Tools for Windows PowerShell).

    [Instance store-backed instance] You can't stop the instance to modify the attribute. Instead, proceed to this procedure: To enable enhanced networking on Ubuntu (instance store-backed instances).

  4. From your local computer, enable the enhanced networking attribute using one of the following commands:

  5. (Optional) Create an AMI from the instance, as described in Create an Amazon EBS-backed AMI. The AMI inherits the enhanced networking enaSupport attribute from the instance. Therefore, you can use this AMI to launch another instance with enhanced networking enabled by default.

  6. From your local computer, start the instance using the Amazon EC2 console or one of the following commands: start-instances (AWS CLI) or Start-EC2Instance (AWS Tools for Windows PowerShell).

To enable enhanced networking on Ubuntu (instance store-backed instances)

Follow the previous procedure until the step where you stop the instance. Create a new AMI as described in Create an instance store-backed AMI, making sure to enable the enhanced networking attribute when you register the AMI.

  • register-image (AWS CLI)

    aws ec2 register-image --ena-support ...
  • Register-EC2Image (AWS Tools for Windows PowerShell)

    Register-EC2Image -EnaSupport $true ...

The latest AMIs for Red Hat Enterprise Linux, SUSE Linux Enterprise Server, and CentOS include the kernel driver required for enhanced networking with ENA and have ENA support enabled. Therefore, if you launch an instance with the latest AMI on a supported instance type, enhanced networking is already enabled for your instance. For more information, see Test whether enhanced networking is enabled.

The following procedure provides the general steps for enabling enhanced networking on a Linux distribution other than Amazon Linux AMI or Ubuntu. For more information, such as detailed syntax for commands, file locations, or package and tool support, see the documentation for your Linux distribution.

To enable enhanced networking on Linux
  1. Connect to your instance.

  2. Clone the source code for the ena kernel driver on your instance from GitHub at https://github.com/amzn/amzn-drivers. (SUSE Linux Enterprise Server 12 SP2 and later include ENA 2.02 by default, so you are not required to download and compile the ENA driver. For SUSE Linux Enterprise Server 12 SP2 and later, you should file a request to add the driver version you want to the stock kernel).

    git clone https://github.com/amzn/amzn-drivers
  3. Compile and install the ena kernel driver on your instance. These steps depend on the Linux distribution. For more information about compiling the kernel driver on Red Hat Enterprise Linux, see How do I install the latest ENS driver for enhanced network support on an Amazon EC2 instance that runs RHEL?

  4. Run the sudo depmod command to update kernel driver dependencies.

  5. Update initramfs on your instance to ensure that the new kernel driver loads at boot time. For example, if your distribution supports dracut, you can use the following command.

    dracut -f -v
  6. Determine if your system uses predictable network interface names by default. Systems that use systemd or udev versions 197 or greater can rename Ethernet devices and they do not guarantee that a single network interface will be named eth0. This behavior can cause problems connecting to your instance. For more information and to see other configuration options, see Predictable Network Interface Names on the freedesktop.org website.

    1. You can check the systemd or udev versions on RPM-based systems with the following command.

      rpm -qa | grep -e '^systemd-[0-9]\+\|^udev-[0-9]\+' systemd-208-11.el7_0.2.x86_64

      In the above Red Hat Enterprise Linux 7 example, the systemd version is 208, so predictable network interface names must be disabled.

    2. Disable predictable network interface names by adding the net.ifnames=0 option to the GRUB_CMDLINE_LINUX line in /etc/default/grub.

      sudo sed -i '/^GRUB\_CMDLINE\_LINUX/s/\"$/\ net\.ifnames\=0\"/' /etc/default/grub
    3. Rebuild the grub configuration file.

      sudo grub2-mkconfig -o /boot/grub2/grub.cfg
  7. [EBS-backed instance] From your local computer, stop the instance using the Amazon EC2 console or one of the following commands: stop-instances (AWS CLI), Stop-EC2Instance (AWS Tools for Windows PowerShell).

    [Instance store-backed instance] You can't stop the instance to modify the attribute. Instead, proceed to this procedure: To enable enhanced networking on Linux (instance store–backed instances).

  8. From your local computer, enable the enhanced networking enaSupport attribute using one of the following commands:

  9. (Optional) Create an AMI from the instance, as described in Create an Amazon EBS-backed AMI. The AMI inherits the enhanced networking enaSupport attribute from the instance. Therefore, you can use this AMI to launch another instance with enhanced networking enabled by default.

    If your instance operating system contains an /etc/udev/rules.d/70-persistent-net.rules file, you must delete it before creating the AMI. This file contains the MAC address for the Ethernet adapter of the original instance. If another instance boots with this file, the operating system will be unable to find the device and eth0 might fail, causing boot issues. This file is regenerated at the next boot cycle, and any instances launched from the AMI create their own version of the file.

  10. From your local computer, start the instance using the Amazon EC2 console or one of the following commands: start-instances (AWS CLI) or Start-EC2Instance (AWS Tools for Windows PowerShell).

  11. (Optional) Connect to your instance and verify that the kernel driver is installed.

    If you are unable to connect to your instance after enabling enhanced networking, see Troubleshoot the ENA kernel driver on Linux.

To enable enhanced networking on Linux (instance store–backed instances)

Follow the previous procedure until the step where you stop the instance. Create a new AMI as described in Create an instance store-backed AMI, making sure to enable the enhanced networking attribute when you register the AMI.

This method is for testing and feedback purposes only. It is not intended for use with production deployments. For production deployments, see Ubuntu.

Important

Using DKMS voids the support agreement for your subscription. It should not be used for production deployments.

To enable enhanced networking with ENA on Ubuntu (EBS-backed instances)
  1. Follow steps 1 and 2 in Ubuntu.

  2. Install the build-essential packages to compile the kernel driver and the dkms package so that your ena kernel driver is rebuilt every time your kernel is updated.

    ubuntu:~$ sudo apt-get install -y build-essential dkms
  3. Clone the source for the ena kernel driver on your instance from GitHub at https://github.com/amzn/amzn-drivers.

    ubuntu:~$ git clone https://github.com/amzn/amzn-drivers
  4. Move the amzn-drivers package to the /usr/src/ directory so DKMS can find it and build it for each kernel update. Append the version number (you can find the current version number in the release notes) of the source code to the directory name. For example, version 1.0.0 is shown in the following example.

    ubuntu:~$ sudo mv amzn-drivers /usr/src/amzn-drivers-1.0.0
  5. Create the DKMS configuration file with the following values, substituting your version of ena.

    Create the file.

    ubuntu:~$ sudo touch /usr/src/amzn-drivers-1.0.0/dkms.conf

    Edit the file and add the following values.

    ubuntu:~$ sudo vim /usr/src/amzn-drivers-1.0.0/dkms.conf PACKAGE_NAME="ena" PACKAGE_VERSION="1.0.0" CLEAN="make -C kernel/linux/ena clean" MAKE="make -C kernel/linux/ena/ BUILD_KERNEL=${kernelver}" BUILT_MODULE_NAME[0]="ena" BUILT_MODULE_LOCATION="kernel/linux/ena" DEST_MODULE_LOCATION[0]="/updates" DEST_MODULE_NAME[0]="ena" AUTOINSTALL="yes"
  6. Add, build, and install the ena kernel driver on your instance using DKMS.

    Add the kernel driver to DKMS.

    ubuntu:~$ sudo dkms add -m amzn-drivers -v 1.0.0

    Build the kernel driver using the dkms command.

    ubuntu:~$ sudo dkms build -m amzn-drivers -v 1.0.0

    Install the kernel driver using dkms.

    ubuntu:~$ sudo dkms install -m amzn-drivers -v 1.0.0
  7. Rebuild initramfs so the correct kernel driver is loaded at boot time.

    ubuntu:~$ sudo update-initramfs -u -k all
  8. Verify that the ena kernel driver is installed using the modinfo ena command from Test whether enhanced networking is enabled.

    ubuntu:~$ modinfo ena filename: /lib/modules/3.13.0-74-generic/updates/dkms/ena.ko version: 1.0.0 license: GPL description: Elastic Network Adapter (ENA) author: Amazon.com, Inc. or its affiliates srcversion: 9693C876C54CA64AE48F0CA alias: pci:v00001D0Fd0000EC21sv*sd*bc*sc*i* alias: pci:v00001D0Fd0000EC20sv*sd*bc*sc*i* alias: pci:v00001D0Fd00001EC2sv*sd*bc*sc*i* alias: pci:v00001D0Fd00000EC2sv*sd*bc*sc*i* depends: vermagic: 3.13.0-74-generic SMP mod_unload modversions parm: debug:Debug level (0=none,...,16=all) (int) parm: push_mode:Descriptor / header push mode (0=automatic,1=disable,3=enable) 0 - Automatically choose according to device capability (default) 1 - Don't push anything to device memory 3 - Push descriptors and header buffer to device memory (int) parm: enable_wd:Enable keepalive watchdog (0=disable,1=enable,default=1) (int) parm: enable_missing_tx_detection:Enable missing Tx completions. (default=1) (int) parm: numa_node_override_array:Numa node override map (array of int) parm: numa_node_override:Enable/Disable numa node override (0=disable) (int)
  9. Continue with Step 3 in Ubuntu.

If you launched your instance and it does not have enhanced networking enabled already, you must download and install the required network adapter driver on your instance, and then set the enaSupport instance attribute to activate enhanced networking.

To enable enhanced networking
  1. Connect to your instance and log in as the local administrator.

  2. [Windows Server 2016 and 2019 only] Run the following EC2Launch PowerShell script to configure the instance after the driver is installed.

    PS C:\> C:\ProgramData\Amazon\EC2-Windows\Launch\Scripts\InitializeInstance.ps1 -Schedule
  3. From the instance, install the driver as follows:

    1. Download the latest driver to the instance.

    2. Extract the zip archive.

    3. Install the driver by running the install.ps1 PowerShell script.

      Note

      If you get an execution policy error, set the policy to Unrestricted (by default it is set to Restricted or RemoteSigned). In a command line, run Set-ExecutionPolicy -ExecutionPolicy Unrestricted, and then run the install.ps1 PowerShell script again.

  4. From your local computer, stop the instance using the Amazon EC2 console or one of the following commands: stop-instances (AWS CLI) or Stop-EC2Instance (AWS Tools for Windows PowerShell).

  5. Enable ENA support on your instance as follows:

    1. From your local computer, check the EC2 instance ENA support attribute on your instance by running one of the following commands. If the attribute is not enabled, the output will be "[]" or blank. EnaSupport is set to false by default.

      • describe-instances (AWS CLI)

        aws ec2 describe-instances --instance-ids instance_id --query "Reservations[].Instances[].EnaSupport"
      • Get-EC2Instance (Tools for Windows PowerShell)

        (Get-EC2Instance -InstanceId instance-id).Instances.EnaSupport
    2. To enable ENA support, run one of the following commands:

      If you encounter problems when you restart the instance, you can also disable ENA support using one of the following commands:

    3. Verify that the attribute has been set to true using describe-instances or Get-EC2Instance as shown previously. You should now see the following output:

      [ true ]
  6. From your local computer, start the instance using the Amazon EC2 console or one of the following commands: start-instances (AWS CLI) or Start-EC2Instance (AWS Tools for Windows PowerShell).

  7. On the instance, validate that the ENA driver is installed and enabled as follows:

    1. Right-click the network icon and choose Open Network and Sharing Center.

    2. Choose the Ethernet adapter (for example, Ethernet 2).

    3. Choose Details. For Network Connection Details, check that Description is Amazon Elastic Network Adapter.

  8. (Optional) Create an AMI from the instance. The AMI inherits the enaSupport attribute from the instance. Therefore, you can use this AMI to launch another instance with ENA enabled by default.