AWS Ubuntu Instance does not configure the second NIC

AWS Ubuntu EC2 Instance does not configure the second network interface

An AWS Ubuntu image will only have one network interface online although two were specified in the blueprint..

Overview

For specifics on why this occurs in AWS you can visit this AWS Knowledge Center Article for further details and resolutions across versions.

An example blueprint of an Ubuntu 18.04 image containing two Nics:

vm.nics.external-network

vm.nics.internal-network

#
# Demo Blueprint that configures a Network and launches an Instance
# Version
---
variables:
  admin_username:
    description: The username for the administrative user.
    type: string
    default: adminuser
  admin_public_key:
    description: The OpenSSH Public Key to use for administrative access.
    type: string

location:
  region:
      demo-region:
        country: USA
        area: northwest
  folder:
    multi-cloud:
      region: demo-region

networking:
  network:
    demo-network:
      range: 
        - 10.0.0.0/16
        - 10.100.0.0/16
      public: true
  subnet:
    demo-internal-subnet:
      range: 10.0.0.0/24
      network: demo-network
      firewall: demo-internal-firewall
    demo-external-subnet:
      range: 10.100.0.0/24
      network: demo-network
      firewall: demo-external-firewall
      public: true
  protocol:
    ssh:
      ports:
        - port: 22
          proto: tcp
    http:
      ports:
        - port: 443
          proto: tcp
    https:
      ports: 
        - port: 80
          proto: tcp

  firewall:
    demo-internal-firewall:
      rules:
        - protocols: ssh
        to: self
    demo-external-firewall:
      rules:
        - protocols: ssh
        to: self
        - protocols: http
        to: self
        - protocols: https
        to: self



compute:
  image:
    bionic:
      publisher: Canonical
      product: UbuntuServer
      sku: 18.04-LTS
      venue:
        aws:
          # if provisioning fails due to image not found, go to:
          # https://cloud-images.ubuntu.com/locator/ec2/
          # and search for "bionic amd64 ebs us-west-2"
          image_id: ami-04bb0cc469b2b81cc
  vm:
    demo-instance:
      cores: 1
      memory: 2 gb
      count: 1
      image: bionic
      configure:
        admin:
          username: (( admin_username ))
          public_key: (( admin_public_key ))
      disks:
        data:
          size: 128 GB
          tags:
            demo: multi-cloud
      nics:
        external-network: #Provides first discovered NIC external IP access to NAT server 
          ips:
            - private:
                type: dynamic
              public:
                type: static
          firewall: demo-external-firewall
          subnet: demo-external-subnet
        internal-network: 
          ips:
            - private:
                type: dynamic
          firewall: demo-internal-firewall
          subnet: demo-internal-subnet
      tags:
        demo: multi-cloud

When inspecting the VMs network via an SSH session we can see there is only one network interface online. ifconfig -a does not return an IP for the second Nic.

ifconfig -a

ens5: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 9001
        inet 10.100.0.213 netmask 255.255.255.0 broadcast 10.100.0.255
        inet6 fe80::cdd:2aff:fe16:231d prefixlen 64 scopeid 0x20<link>
        ether 0e:dd:2a:16:23:1d txqueuelen 1000 (Ethernet)
        RX packets 2052 bytes 952648 (952.6 KB)
        RX errors 0 dropped 0 overruns 0 frame 0
        TX packets 1843 bytes 224428 (224.4 KB)
        TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

ens6: flags=4098<BROADCAST,MULTICAST> mtu 1500
        ether 0e:a6:a9:e6:e2:47 txqueuelen 1000 (Ethernet)
        RX packets 0 bytes 0 (0.0 B)
        RX errors 0 dropped 0 overruns 0 frame 0
        TX packets 0 bytes 0 (0.0 B)
        TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
        inet 127.0.0.1 netmask 255.0.0.0
        inet6 ::1 prefixlen 128 scopeid 0x10<host>
        loop txqueuelen 1000 (Local Loopback)
        RX packets 245 bytes 21283 (21.2 KB)
        RX errors 0 dropped 0 overruns 0 frame 0
        TX packets 245 bytes 21283 (21.2 KB)
        TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

Running the ip address command shows the network interface named ens6 is state DOWN

ip address

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever

2: ens5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc mq state UP group default qlen 1000
    link/ether 0e:dd:2a:16:23:1d brd ff:ff:ff:ff:ff:ff
    inet 10.100.0.213/24 brd 10.100.0.255 scope global dynamic ens5
       valid_lft 2412sec preferred_lft 2412sec
    inet6 fe80::cdd:2aff:fe16:231d/64 scope link
       valid_lft forever preferred_lft forever

3: ens6: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 0e:a6:a9:e6:e2:47 brd ff:ff:ff:ff:ff:ff

Resolution

Solution 1

Using a different AWS Linux image such as the Amazon Linux 2 AMI does not present this issue

Solution 2

Following the AWS knowledge center article for Ubuntu 18.0.4

1. Obtain the IP address for the affected secondary Network Interface in the amazon console under EC2 -> Network Interfaces:

1. SSH into your deployed Ubuntu instance with your SSH key

ssh <admin_username>@<ip>

1. Create a configuration file for the interface

sudo vi /etc/netplan/51-eth1.yaml

you can issue a :set paste in vi before copying the yaml contents to ensure proper formatting.

1. Add the following lines to the 51-eth1.yaml file with the obtained secondary IP,default gateway and subnet outlined in the blueprint.

If the adapter name is not eth1 in your instance as in this example, ensure the name is correct in /etc/netplan/51-eth1.yaml

ens6

10.0.0.47/24

10.0.0.1

network:
  version: 2
  renderer: networkd
  ethernets:
    ens6:
      addresses:
        - 10.0.0.47/24

      dhcp4: no
      routes:
       - to: 0.0.0.0/0
         via: 10.0.0.1 # Default gateway
         table: 1000
       - to: 10.0.0.27
         via: 0.0.0.0
         scope: link
         table: 1000
      routing-policy:
        - from: 10.0.0.27
          table: 1000

1. Apply the network configuration:

sudo netplan --debug apply

1. Verify network now shows two active Nics in your instance:

ifconfig

ens5: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 9001
        inet 10.100.0.213 netmask 255.255.255.0 broadcast 10.100.0.255
        inet6 fe80::cdd:2aff:fe16:231d prefixlen 64 scopeid 0x20<link>
        ether 0e:dd:2a:16:23:1d txqueuelen 1000 (Ethernet)
        RX packets 6503 bytes 1343810 (1.3 MB)
        RX errors 0 dropped 0 overruns 0 frame 0
        TX packets 2995 bytes 468603 (468.6 KB)
        TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

ens6: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
        inet 10.0.0.47 netmask 255.255.255.0 broadcast 10.0.0.255
        inet6 fe80::ca6:a9ff:fee6:e247 prefixlen 64 scopeid 0x20<link>
        ether 0e:a6:a9:e6:e2:47 txqueuelen 1000 (Ethernet)
        RX packets 1 bytes 42 (42.0 B)
        RX errors 0 dropped 0 overruns 0 frame 0
        TX packets 9 bytes 698 (698.0 B)
        TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
       inet 127.0.0.1 netmask 255.0.0.0
       inet6 ::1 prefixlen 128 scopeid 0x10<host>
       loop txqueuelen 1000 (Local Loopback)
       RX packets 301 bytes 26379 (26.3 KB)
       RX errors 0 dropped 0 overruns 0 frame 0
       TX packets 301 bytes 26379 (26.3 KB)
       TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

ip addr

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever

2: ens5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc mq state UP group default qlen 1000
    link/ether 0e:dd:2a:16:23:1d brd ff:ff:ff:ff:ff:ff
    inet 10.100.0.213/24 brd 10.100.0.255 scope global dynamic ens5
       valid_lft 2918sec preferred_lft 2918sec
    inet6 fe80::cdd:2aff:fe16:231d/64 scope link
       valid_lft forever preferred_lft forever

3: ens6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 0e:a6:a9:e6:e2:47 brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.47/24 brd 10.0.0.255 scope global ens6
       valid_lft forever preferred_lft forever
    inet6 fe80::ca6:a9ff:fee6:e247/64 scope link
       valid_lft forever preferred_lft forever