Enhanced Networking with Elastic Network Adapter (ENA) is the default and recommended way to get high-performance network throughput on modern EC2 instances, but it’s not always enabled by default, especially on older AMIs.
Let’s see it in action. Imagine you have an EC2 instance and you want to see its network interface.
aws ec2 describe-instances --instance-ids i-0123456789abcdef0 --query 'Reservations[*].Instances[*].NetworkInterfaces[*].{InterfaceId:NetworkInterfaceId,DeviceNumber:DeviceNumber,AttachmentId:AttachmentId,SubnetId:SubnetId,VpcId:VpcId,Description:Description,Status:Status,MacAddress:MacAddress}' --output table
This will show you your instance’s network interfaces. Now, let’s check if ENA is enabled on a specific interface. We’ll need the NetworkInterfaceId from the previous command.
aws ec2 describe-network-interfaces --network-interface-ids eni-0abcdef1234567890 --query 'NetworkInterfaces[*].{InterfaceId:NetworkInterfaceId,Attachment:Attachment.AttachmentId,ENAInfo:EnaSupport}' --output json
The crucial part here is EnaSupport. If it shows "ENA", you’re good to go. If it shows "DISABLED", you need to enable it.
The problem ENA solves is the bottleneck that traditional network interfaces (like e1000) created for high-throughput applications. These older interfaces were limited by their driver model and hardware capabilities, capping out at speeds far below what modern network hardware and EC2 instance types can offer. ENA bypasses many of these limitations by providing a more direct path between the instance’s network traffic and the physical network, allowing for significantly higher packet rates and lower latency. This is essential for workloads like distributed databases, high-performance computing, big data analytics, and network appliances.
Internally, ENA works by providing a highly optimized network driver. This driver leverages features like single-root I/O virtualization (SR-IOV) and multi-queue packet buffering. SR-IOV allows the virtual machine to bypass the hypervisor for network I/O, reducing overhead. Multi-queue buffering means the network interface can handle multiple streams of traffic concurrently, preventing a single queue from becoming a bottleneck. The ENA driver also integrates closely with the EC2 network fabric, allowing for intelligent traffic steering and load balancing.
To enable ENA on an existing instance where it’s not already active, you’ll typically need to modify the network interface attachment. This is done using the AWS CLI. First, you need to detach and reattach the network interface. Crucially, this will cause a brief network interruption.
First, find the AttachmentId for the network interface you want to modify. You can get this from the describe-instances or describe-network-interfaces commands. Let’s assume it’s eni-attach-0abcdef1234567890.
aws ec2 detach-network-interface --attachment-id eni-attach-0abcdef1234567890
You’ll need to wait for the interface to be detached. You can check its status:
aws ec2 describe-network-interfaces --network-interface-ids eni-0abcdef1234567890 --query 'NetworkInterfaces[*].Status'
Wait until it shows available. Then, reattach it with ENA enabled. You’ll need the InstanceId and the DeviceNumber of the network interface.
aws ec2 attach-network-interface --instance-id i-0123456789abcdef0 --network-interface-id eni-0abcdef1234567890 --device-index 0
After reattachment, you need to ensure the ENA driver is installed and loaded in your instance’s operating system. For Linux, this often involves installing the ena package. For example, on Amazon Linux 2:
sudo yum install ena -y
sudo modprobe ena
On Ubuntu, it might be:
sudo apt update
sudo apt install ethtool
sudo ethtool -i eth0 # Check if ENA driver is loaded
If the driver isn’t automatically loaded, you might need to reboot the instance or manually load the module. The ethtool command is your friend here for inspecting driver details.
The EnaSupport attribute on the network interface is managed by the EC2 service itself. When you create a new instance from an ENA-enabled AMI, ENA is usually enabled by default. For older AMIs or instances launched without ENA support, you’re essentially telling EC2 to provision the network interface with ENA capabilities upon reattachment. The system then ensures that the underlying hardware and virtualized environment are configured to expose ENA functionality to the instance.
One aspect often overlooked is that while ENA provides the capability for higher throughput, the actual performance also depends on the instance type. Not all instance types support ENA, and even when ENA is enabled, the maximum throughput is dictated by the instance’s network bandwidth specification. For example, a t3.micro instance might have ENA enabled, but its network performance will be limited to 5 Gbps, whereas a c5.xlarge can achieve up to 10 Gbps with ENA. Always consult the EC2 instance type documentation to understand the expected network performance.
Once ENA is enabled and the driver is loaded, you should see a significant increase in network performance. You can test this using tools like iperf3 between instances.
The next hurdle you’ll likely encounter is optimizing TCP/IP settings for high-speed networks, as default Linux kernel parameters might not be tuned for the increased packet rates ENA enables.