Updating a virtual network interface
If you need to make changes to a virtual network interface, you can update it by using the UI, CLI, API, or Terraform.
Updating a virtual network interface in the UI
To update an existing virtual network interface, follow these steps.
-
From your browser, open the IBM Cloud console and log in to your account.
-
Select the Navigation Menu , then click Infrastructure > Network > Virtual network interfaces.
-
Click the name of the virtual network interface in the Virtual network interfaces for VPC table.
-
In the Overview view of the Details page, you can click the Edit icon to edit the name of the virtual network interface.
-
Select the switch for Infrastructure NAT to the wanted state.
- Enabled includes one floating IP address, and supports virtual servers, bare metal servers, and file shares.
- Disabled supports multiple floating IP addresses only on bare metal servers. Virtual servers and file shares as virtual network interface targets are not supported.
-
Select the switch for Allow IP spoofing to the wanted state. IP spoofing supports only virtual server instances and bare metal servers. File shares are not supported.
-
Select the switch to enable or disable auto release for this virtual network interface.
Auto release cannot be enabled without a target device.
-
Click the Edit icon to edit the protocol state filtering mode, then select a radio button to change the mode.
- Auto (default): Filtering is enabled or disabled based on the virtual network interface's target resource:
- Bare metal server (Disabled)
- Virtual server instance (Enabled)
- Enabled: Forces TCP connections to align with the RFC793 standard and any packets to be allowed by corresponding security group rules and network ACLs.
- Disabled: Permits packets to be allowed only by corresponding security group rules and network ACLs.
- Auto (default): Filtering is enabled or disabled based on the virtual network interface's target resource:
-
In the Attached resources section, use the Display resource list menu to view the security groups or secondary IPs attached to the virtual network interface.
- Clicking Manage attached resources in the Attached resources section takes you to the Attached resources tab.
-
To create devices or attach existing devices, follow the links in the Target device details section.
-
In the Floating IPs section, click Attach to reserve a new floating IP or attach an existing floating IP.
If a floating IP is attached, the virtual network interface is accepted as a file share mount target. If infrastructure NAT is enabled, at most one floating IP can be attached.
-
In the Attached resources tab, view secondary IPs and security groups that are already attached, or create secondary IPs or security groups to attach to your virtual network interface.
Updating a virtual network interface from the CLI
Before you begin, set up your CLI environment.
export IBMCLOUD_IS_FEATURE_VNI_ENABLE_PROTOCOL_STATE_FILTERING=true
To update a virtual network interface from the CLI, enter the following command:
ibmcloud is virtual-network-interface-update VIRTUAL_NETWORK_INTERFACE --name NEW_NAME [--allow-ip-spoofing false | true] [--auto-delete false | true] [--enable-infrastructure-nat false | true] [--protocol-state-filtering-mode auto | disabled | enabled] [--output JSON] [-q, --quiet]
Where:
VIRTUAL_NETWORK_INTERFACE
- ID or name of the virtual network interface.
--name
- New name of the virtual network interface.
--allow-ip-spoofing
- Indicates whether source IP spoofing is allowed on this interface. If
false
, source IP spoofing is prevented on this interface. Iftrue
, source IP spoofing is allowed on this interface. One of:false
,true
. --auto-delete
- Indicates whether this virtual network interface will be automatically deleted when target is deleted. Must be
false
if the virtual network interface is unbound. One of:false
,true
. --enable-infrastructure-nat
- If
true
, the VPC infrastructure performs any needed NAT operations. Iffalse
, packets are passed unchanged to/from the network interface, allowing the workload to perform any needed NAT operations. One of:false
,true
. --protocol-state-filtering-mode
- The status of the protocol state filtering mode. One of
auto
,enabled
,disabled
. * Auto (default): Filtering is enabled or disabled based on the virtual network interface's target resource. * Bare metal server (Disabled) * Virtual server instance (Enabled) * File share mount (Enabled) * Enabled: Forces the TCP connections to align with the RFC793 standard and any packets to be allowed by corresponding security group rules and network ACLs. * Disabled: Permits packets to be allowed only by corresponding security group rules and network ACLs. --output
- Specify output format, only JSON is supported. One of:
JSON
. -q, --quiet
- Suppress verbose output.
Command examples
ibmcloud is virtual-network-interface-update 72251a2e-d6c5-42b4-97b0-b5f8e8d1f479 --name new-vni
ibmcloud is virtual-network-interface-update new-vni --name new-share
ibmcloud is virtual-network-interface-update 7208-8918786e-5958-42fc-9e4b-410c5a58b164 --name cli-vni-1 --allow-ip-spoofing false --auto-delete false --enable-infrastructure-nat false --protocol-state-filtering-mode auto
ibmcloud is virtual-network-interface-update cli-vni-1 --name cli-vni-2 --allow-ip-spoofing false --auto-delete true --enable-infrastructure-nat false --protocol-state-filtering-mode disabled
Updating a virtual network interface with the API
To update a virtual network interface with the API, follow these steps:
-
Set up your API environment with the right variables.
-
Store any additional variables to be used in the API commands; for example:
version
(string): The API version, in formatYYYY-MM-DD
.virtual_network_interface_id
(string): The virtual network interface identifier.
-
When all variables are initiated, update the virtual network interface:
curl -X PATCH \ "$vpc_api_endpoint/v1/virtual_network_interfaces/$virtual_network_interface_id?version=$version&generation=2" \ -H "Authorization: Bearer $iam_token" \ -d '{ "name": "my-virtual-network-interface", "primary_ip": { "address": "10.0.0.5" }, "protocol_state_filtering_mode": "disabled", "security_groups": [ { "id": "be5df5ca-12a0-494b-907e-aa6ec2bfa271" }, { "id": "032e1387-71ba-4e83-b268-a53edf94af19" } ], "subnet": { "id": "032e1387-71ba-4e83-b268-a53edf94af19" } }'
Updating a virtual network interface with Terraform
The following example updates a virtual network interface by using Terraform:
resource "ibm_is_virtual_network_interface" "my_virtual_network_interface_instance" {
allow_ip_spoofing = true
auto_delete = false
enable_infrastructure_nat = true
name = "my-virtual-network-interface-2"
subnet = ibm_is_subnet.my_subnet.id
protocol_state_filtering_mode = "auto"
}