IBM Cloud Docs
Updating a virtual network interface

Updating a virtual network interface

If you need to make changes to a virtual network interface, you can update it by using the UI, CLI, API, or Terraform.

Updating a virtual network interface in the UI

To update an existing virtual network interface, follow these steps.

  1. From your browser, open the IBM Cloud console and log in to your account.

  2. Select the Navigation Menu Navigation Menu icon, then click Infrastructure > Network > Virtual network interfaces.

  3. Click the name of the virtual network interface in the Virtual network interfaces for VPC table.

  4. In the Overview view of the Details page, you can click the Edit icon Edit icon to edit the name of the virtual network interface.

  5. Select the switch for Infrastructure NAT to the wanted state.

    • Enabled includes one floating IP address, and supports virtual servers, bare metal servers, and file shares.
    • Disabled supports multiple floating IP addresses only on bare metal servers. Virtual servers and file shares as virtual network interface targets are not supported.

  6. Select the switch for Allow IP spoofing to the wanted state. IP spoofing supports only virtual server instances and bare metal servers. File shares are not supported.

  7. Select the switch to enable or disable auto release for this virtual network interface.

    Auto release cannot be enabled without a target device.

  8. Click the Edit icon Edit icon to edit the protocol state filtering mode, then select a radio button to change the mode.

    • Auto (default): Filtering is enabled or disabled based on the virtual network interface's target resource:
      • Bare metal server (Disabled)
      • Virtual server instance (Enabled)
    • Enabled: Forces TCP connections to align with the RFC793 standard and any packets to be allowed by corresponding security group rules and network ACLs.
    • Disabled: Permits packets to be allowed only by corresponding security group rules and network ACLs.

  9. In the Attached resources section, use the Display resource list menu to view the security groups or secondary IPs attached to the virtual network interface.

    • Clicking Manage attached resources in the Attached resources section takes you to the Attached resources tab.

  10. To create devices or attach existing devices, follow the links in the Target device details section.

  11. In the Floating IPs section, click Attach to reserve a new floating IP or attach an existing floating IP.

    If a floating IP is attached, the virtual network interface is accepted as a file share mount target. If infrastructure NAT is enabled, at most one floating IP can be attached.

  12. In the Attached resources tab, view secondary IPs and security groups that are already attached, or create secondary IPs or security groups to attach to your virtual network interface.

Updating a virtual network interface from the CLI

Before you begin, set up your CLI environment.

export IBMCLOUD_IS_FEATURE_VNI_ENABLE_PROTOCOL_STATE_FILTERING=true

To update a virtual network interface from the CLI, enter the following command:

ibmcloud is virtual-network-interface-update VIRTUAL_NETWORK_INTERFACE --name NEW_NAME [--allow-ip-spoofing false | true] [--auto-delete false | true] [--enable-infrastructure-nat false | true] [--protocol-state-filtering-mode auto | disabled | enabled] [--output JSON] [-q, --quiet]

Where:

VIRTUAL_NETWORK_INTERFACE
ID or name of the virtual network interface.
--name
New name of the virtual network interface.
--allow-ip-spoofing
Indicates whether source IP spoofing is allowed on this interface. If false, source IP spoofing is prevented on this interface. If true, source IP spoofing is allowed on this interface. One of: false, true.
--auto-delete
Indicates whether this virtual network interface will be automatically deleted when target is deleted. Must be false if the virtual network interface is unbound. One of: false, true.
--enable-infrastructure-nat
If true, the VPC infrastructure performs any needed NAT operations. If false, packets are passed unchanged to/from the network interface, allowing the workload to perform any needed NAT operations. One of: false, true.
--protocol-state-filtering-mode
The status of the protocol state filtering mode. One of auto, enabled, disabled. * Auto (default): Filtering is enabled or disabled based on the virtual network interface's target resource. * Bare metal server (Disabled) * Virtual server instance (Enabled) * File share mount (Enabled) * Enabled: Forces the TCP connections to align with the RFC793 standard and any packets to be allowed by corresponding security group rules and network ACLs. * Disabled: Permits packets to be allowed only by corresponding security group rules and network ACLs.
--output
Specify output format, only JSON is supported. One of: JSON.
-q, --quiet
Suppress verbose output.

Command examples

  • ibmcloud is virtual-network-interface-update 72251a2e-d6c5-42b4-97b0-b5f8e8d1f479 --name new-vni
  • ibmcloud is virtual-network-interface-update new-vni --name new-share
  • ibmcloud is virtual-network-interface-update 7208-8918786e-5958-42fc-9e4b-410c5a58b164 --name cli-vni-1 --allow-ip-spoofing false --auto-delete false --enable-infrastructure-nat false --protocol-state-filtering-mode auto
  • ibmcloud is virtual-network-interface-update cli-vni-1 --name cli-vni-2 --allow-ip-spoofing false --auto-delete true --enable-infrastructure-nat false --protocol-state-filtering-mode disabled

Updating a virtual network interface with the API

To update a virtual network interface with the API, follow these steps:

  1. Set up your API environment with the right variables.

  2. Store any additional variables to be used in the API commands; for example:

    • version (string): The API version, in format YYYY-MM-DD.
    • virtual_network_interface_id (string): The virtual network interface identifier.

  3. When all variables are initiated, update the virtual network interface:

    curl -X PATCH \
    "$vpc_api_endpoint/v1/virtual_network_interfaces/$virtual_network_interface_id?version=$version&generation=2" \
    -H "Authorization: Bearer $iam_token" \
    -d '{
          "name": "my-virtual-network-interface",
          "primary_ip": {
            "address": "10.0.0.5"
          },
          "protocol_state_filtering_mode": "disabled",
          "security_groups": [
            {
              "id": "be5df5ca-12a0-494b-907e-aa6ec2bfa271"
            },
            {
              "id": "032e1387-71ba-4e83-b268-a53edf94af19"
            }
          ],
          "subnet": {
            "id": "032e1387-71ba-4e83-b268-a53edf94af19"
          }
    }'

Updating a virtual network interface with Terraform

The following example updates a virtual network interface by using Terraform:

resource "ibm_is_virtual_network_interface" "my_virtual_network_interface_instance" {
  allow_ip_spoofing = true
  auto_delete = false
  enable_infrastructure_nat = true
  name = "my-virtual-network-interface-2"
  subnet = ibm_is_subnet.my_subnet.id
  protocol_state_filtering_mode = "auto"
}