Enable enhanced networking with the Elastic Network Adapter (ENA) on Windows instances - Amazon Elastic Compute Cloud

Enable enhanced networking with the Elastic Network Adapter (ENA) on Windows instances

Amazon EC2 provides enhanced networking capabilities through the Elastic Network Adapter (ENA). To use enhanced networking, you must install the required ENA module and enable ENA support.

Requirements

To prepare for enhanced networking using the ENA, set up your instance as follows:

  • Launch an instance based on the Nitro system.

  • If the instance is running Windows Server 2008 R2 SP1, ensure that is has the SHA-2 code signing support update.

  • Ensure that the instance has internet connectivity.

  • Use AWS CloudShell from the AWS Management Console, or install and configure the AWS CLI or the AWS Tools for Windows PowerShell on any computer you choose, preferably your local desktop or laptop. For more information, see Access Amazon EC2 or the AWS CloudShell User Guide. Enhanced networking cannot be managed from the Amazon EC2 console.

  • If you have important data on the instance that you want to preserve, you should back that data up now by creating an AMI from your instance. Updating kernels and kernel modules, as well as enabling the enaSupport attribute, might render incompatible instances or operating systems unreachable. If you have a recent backup, your data will still be retained if this happens.

Enhanced networking performance

The following documentation provides a summary of the network performance for the instance types that support ENA enhanced networking:

Test whether enhanced networking is enabled

To test whether enhanced networking is already enabled, verify that the driver is installed on your instance and that the enaSupport attribute is set.

Instance attribute (enaSupport)

To check whether an instance has the enhanced networking enaSupport attribute set, use one of the following commands. If the attribute is set, the response is true.

  • describe-instances (AWS CLI/AWS CloudShell)

    aws ec2 describe-instances --instance-ids instance_id --query "Reservations[].Instances[].EnaSupport"
  • Get-EC2Instance (Tools for Windows PowerShell)

    (Get-EC2Instance -InstanceId instance-id).Instances.EnaSupport
Image attribute (enaSupport)

To check whether an AMI has the enhanced networking enaSupport attribute set, use one of the following commands. If the attribute is set, the response is true.

  • describe-images (AWS CLI/AWS CloudShell)

    aws ec2 describe-images --image-id ami_id --query "Images[].EnaSupport"
  • Get-EC2Image (Tools for Windows PowerShell)

    (Get-EC2Image -ImageId ami_id).EnaSupport

Enable enhanced networking on Windows

If you launched your instance and it does not have enhanced networking enabled already, you must download and install the required network adapter driver on your instance, and then set the enaSupport instance attribute to activate enhanced networking. You can only enable this attribute on supported instance types and only if the ENA driver is installed. For more information, see Enhanced networking support.

To enable enhanced networking
  1. Connect to your instance and log in as the local administrator.

  2. [Windows Server 2016 and 2019 only] Run the following EC2Launch PowerShell script to configure the instance after the driver is installed.

    PS C:\> C:\ProgramData\Amazon\EC2-Windows\Launch\Scripts\InitializeInstance.ps1 -Schedule
  3. From the instance, install the driver as follows:

    1. Download the latest driver to the instance.

    2. Extract the zip archive.

    3. Install the driver by running the install.ps1 PowerShell script.

      Note

      If you get an execution policy error, set the policy to Unrestricted (by default it is set to Restricted or RemoteSigned). In a command line, run Set-ExecutionPolicy -ExecutionPolicy Unrestricted, and then run the install.ps1 PowerShell script again.

  4. From your local computer, stop the instance using the Amazon EC2 console or one of the following commands: stop-instances (AWS CLI/AWS CloudShell), Stop-EC2Instance (AWS Tools for Windows PowerShell). If your instance is managed by AWS OpsWorks, you should stop the instance in the AWS OpsWorks console so that the instance state remains in sync.

  5. Enable ENA support on your instance as follows:

    1. From your local computer, check the EC2 instance ENA support attribute on your instance by running one of the following commands. If the attribute is not enabled, the output will be "[]" or blank. EnaSupport is set to false by default.

      • describe-instances (AWS CLI/AWS CloudShell)

        aws ec2 describe-instances --instance-ids instance_id --query "Reservations[].Instances[].EnaSupport"
      • Get-EC2Instance (Tools for Windows PowerShell)

        (Get-EC2Instance -InstanceId instance-id).Instances.EnaSupport
    2. To enable ENA support, run one of the following commands:

      • modify-instance-attribute (AWS CLI/AWS CloudShell)

        aws ec2 modify-instance-attribute --instance-id instance_id --ena-support
      • Edit-EC2InstanceAttribute (AWS Tools for Windows PowerShell)

        Edit-EC2InstanceAttribute -InstanceId instance_id -EnaSupport $true

      If you encounter problems when you restart the instance, you can also disable ENA support using one of the following commands:

      • modify-instance-attribute (AWS CLI/AWS CloudShell)

        aws ec2 modify-instance-attribute --instance-id instance_id --no-ena-support
      • Edit-EC2InstanceAttribute (AWS Tools for Windows PowerShell)

        Edit-EC2InstanceAttribute -InstanceId instance_id -EnaSupport $false
    3. Verify that the attribute has been set to true using describe-instances or Get-EC2Instance as shown previously. You should now see the following output:

      [ true ]
  6. From your local computer, start the instance using the Amazon EC2 console or one of the following commands: start-instances (AWS CLI/AWS CloudShell), Start-EC2Instance (AWS Tools for Windows PowerShell). If your instance is managed by AWS OpsWorks, you should start the instance using the AWS OpsWorks console so that the instance state remains in sync.

  7. On the instance, validate that the ENA driver is installed and enabled as follows:

    1. Right-click the network icon and choose Open Network and Sharing Center.

    2. Choose the Ethernet adapter (for example, Ethernet 2).

    3. Choose Details. For Network Connection Details, check that Description is Amazon Elastic Network Adapter.

  8. (Optional) Create an AMI from the instance. The AMI inherits the enaSupport attribute from the instance. Therefore, you can use this AMI to launch another instance with ENA enabled by default. For more information, see Create a custom Windows AMI.

Install or upgrade Elastic Network Adapter (ENA) driver

If your instance isn't based on one of the latest Windows Amazon Machine Images (AMIs) that Amazon provides, use the following procedure to install the current ENA driver on your instance. You should perform this update at a time when it’s convenient to reboot your instance. If the install script doesn’t automatically reboot your instance, we recommend that you reboot the instance as the final step.

If you use an instance store volume to store data while the instance is running, that data is erased when you stop the instance. Before you stop your instance, verify that you've copied any data that you need from your instance store volumes to persistent storage, such as Amazon EBS or Amazon S3.

Prerequisites

To install or upgrade the ENA driver, your Windows instance must meet the following prerequisites:

  • Have PowerShell version 3.0 or later installed

Step 1: Back up your data

We recommend that you create a backup AMI, in case you're not able to roll back your changes through the Device Manager. To create a backup AMI with the AWS Management Console, follow these steps:

  1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

  2. In the navigation pane, choose Instances.

  3. Select the instance that requires the driver upgrade, and choose Stop instance from the Instance state menu.

  4. After the instance is stopped, select the instance again. To create your backup, choose Image and templates from the Actions menu, then choose Create image.

  5. To restart your instance, choose Start instance from the Instance state menu.

Step 2: Install or upgrade your ENA driver

You can install or upgrade your ENA driver with AWS Systems Manager Distributor, or with PowerShell cmdlets. For further instructions, select the tab that matches the method that you want to use.

Systems Manager Distributor

You can use the Systems Manager Distributor feature to deploy packages to your Systems Manager managed nodes. With Systems Manager Distributor, you can install the ENA driver package once, or with scheduled updates. For more information about how to install the ENA driver package (AwsEnaNetworkDriver) with Systems Manager Distributor, see Install or update packages in the AWS Systems Manager User Guide.

PowerShell

This section covers how to download and install ENA driver packages on your instance with PowerShell cmdlets.

Option 1: Download and extract the latest version
  1. Connect to your instance and log in as the local administrator.

  2. Use the invoke-webrequest cmdlet to download the latest driver package:

    PS C:\> invoke-webrequest https://ec2-windows-drivers-downloads.s3.amazonaws.com/ENA/Latest/AwsEnaNetworkDriver.zip -outfile $env:USERPROFILE\AwsEnaNetworkDriver.zip
    Note

    Alternatively, you can download the latest driver package from a browser window on your instance.

  3. Use the expand-archive cmdlet to extract the zip archive that you downloaded to your instance:

    PS C:\> expand-archive $env:userprofile\AwsEnaNetworkDriver.zip -DestinationPath $env:userprofile\AwsEnaNetworkDriver
Option 2: Download and extract a specific version
  1. Connect to your instance and log in as the local administrator.

  2. Download the ENA driver package for the specific version you want from the version link in the Amazon ENA driver versions table.

  3. Extract the zip archive to your instance.

Install the ENA driver with PowerShell

The install steps are the same whether you've downloaded the latest driver or a specific version. To install the ENA driver, follow these steps.

  1. To install the driver, run the install.ps1 PowerShell script from the AwsEnaNetworkDriver directory on your instance. If you get an error, make sure that you’re using PowerShell 3.0 or later.

  2. If the installer doesn’t automatically reboot your instance, run the Restart-Computer PowerShell cmdlet.

    PS C:\> Restart-Computer

Step 3 (optional): Verify the ENA driver version after installation

To ensure that the ENA driver package was successfully installed on your instance, you can verify the new version as follows:

  1. Connect to your instance and log in as the local administrator.

  2. To open the Windows Device Manager, enter devmgmt.msc in the Run box.

  3. Choose OK. This opens the Device Manager window.

  4. Select the arrow to the left of Network adapters to expand the list.

  5. Choose the name, or open the context menu for the Amazon Elastic Network Adapter, and then choose Properties. This opens the Amazon Elastic Network Adapter Properties dialog.

    Note

    ENA adapters all use the same driver. If you have multiple ENA adapters, you can select any one of them to update the driver for all of the ENA adapters.

  6. To verify the current version that's installed, open the Driver tab and check the Driver Version. If the current version doesn't match your target version, see Troubleshoot the Elastic Network Adapter (ENA) Windows driver.

Roll back an ENA driver installation

If anything goes wrong with the installation, you might need to roll back the driver. Follow these steps to roll back to the previous version of the ENA driver that was installed on your instance.

  1. Connect to your instance and log in as the local administrator.

  2. To open the Windows Device Manager, enter devmgmt.msc in the Run box.

  3. Choose OK. This opens the Device Manager window.

  4. Select the arrow to the left of Network adapters to expand the list.

  5. Choose the name, or open the context menu for the Amazon Elastic Network Adapter, and then choose Properties. This opens the Amazon Elastic Network Adapter Properties dialog.

    Note

    ENA adapters all use the same driver. If you have multiple ENA adapters, you can select any one of them to update the driver for all of the ENA adapters.

  6. To roll back the driver, open the Driver tab and choose Roll Back Driver. This opens the Driver Package rollback window.

    Note

    If the Driver tab doesn't show the Roll Back Driver action, or if the action is unavailable, it means that the Driver Store on your instance doesn't contain the previously installed driver package. To troubleshoot this issue, see Troubleshooting scenarios, and expand the Unexpected ENA driver version installed section. For more information about the device driver package selection process, see How Windows selects a driver package for a device on the Microsoft documentation website.

Amazon ENA driver versions

Windows AMIs include the Amazon ENA driver to enable enhanced networking.

The following table shows the corresponding ENA driver version to download for each Windows Server version.

Windows Server version ENA driver version

Windows Server 2022

2.4.0 and later

Windows Server 2019

latest

Windows Server 2016 latest
Windows Server 2012 R2 2.6.0 and earlier
Windows Server 2012 2.6.0 and earlier
Windows Server 2008 R2 2.2.3 and earlier

The following table summarizes the changes for each release.

Driver version Details Release date

2.6.0

New Features

  • Adds the following network performance metrics for instance types that support ENA Express.

    • ena_srd_mode

    • ena_srd_tx_pkts

    • ena_srd_eligible_tx_pkts

    • ena_srd_rx_pkts

    • ena_srd_resource_utilization

  • Adds conntrack_allowance_available network performance metric for Nitro based instance types.

  • Adds new adapter reset reason due to detection of RX data corruption.

  • Updates driver logging infrastructure.

Bug Fixes

  • Prevents adapter reset in the event that CPU starvation causes a network performance metrics update to fail.

  • Prevents false detection of an interruption to the device heartbeat.

  • Fixes driver installation script to support downgrade operation.

  • Fixes the receive error count statistic.

June 20, 2023

2.5.0

Announcement

ENA Windows driver version 2.5.0 has been rolled back due to failure to initialize on the Windows domain controller. Windows Client and Windows Server are unaffected.

February 17, 2023

2.4.0

New Features

  • Adds support for Windows Server 2022.

  • Removes support for Windows Server 2008 R2.

  • Sets Low Latency Queuing (LLQ) to always on to improve performance on sixth generation Amazon EC2 instances.

Bug Fix

  • Fixes a failure to publish network performance metrics to the Performance Counters for Windows (PCW) system.

  • Fixes a memory leak during the registry key reading operation.

  • Prevents an infinite reset loop in the event of an unrecoverable error during the adapter reset process.

April 28, 2022

2.2.4

Announcement

ENA Windows driver version 2.2.4 has been rolled back due to potential performance degradation on the sixth generation EC2 instances. We recommend that you downgrade the driver, using one of the following methods:

  • Install the previous version
    1. Download the previous version package from the link in this table (version 2.2.3).

    2. Run the install.ps1 PowerShell installation script.

    For more details for pre- and post-installation steps see Enable enhanced networking on Windows.

    Use Amazon EC2 Systems Manager for a bulk update
    • Perform a bulk update via SSM document AWS-ConfigureAWSPackage, with the following parameters:

      • Name: AwsEnaNetworkDriver

      • Version: 2.2.3

October 26, 2021

2.2.3

New Feature

  • Adds support for new Nitro cards with up to 400 Gbps instance networking.

Bug Fix

  • Fixes race condition between system time change and system time query by the ENA driver, which causes false-positive detection of HW unresponsiveness.

Windows ENA driver version 2.2.3 is the final version that supports Windows Server 2008 R2. Currently available instance types that use ENA will continue to be supported on Windows Server 2008 R2, and the drivers are available by download. No future instance types will support Windows Server 2008 R2, and you cannot launch, import, or migrate Windows Server 2008 R2 images to future instance types.

March 25, 2021

2.2.2

New Feature

  • Adds support to query network adapter performance metrics with CloudWatch and the Performance Counters for Windows consumers.

Bug Fix

  • Fixes performance issues on bare metal instances.

December 21, 2020

2.2.1

New Feature

  • Adds a method to allow the host to query the Elastic Network Adapter for network performance metrics.

October 1, 2020

2.2.0

New Features

  • Adds support for next generation hardware types.

  • Improves instance start time after resuming from stop-hibernate, and eliminates false positive ENA error messages.

Performance Optimizations

  • Optimizes processing of inbound traffic.

  • Improves shared memory management in low resource environment.

Bug Fix

  • Avoids system crash upon ENA device removal in rare scenario where driver fails to reset.

August 12, 2020

2.1.5

Bug Fix

  • Fixes occasional network adapter initialization failure on bare metal instances.

June 23, 2020

2.1.4

Bug Fixes

  • Prevent connectivity issues caused by corrupted LSO packet metadata arriving from the network stack.

  • Prevent system crash caused by a rare race condition that results in accessing an already released packet memory.

November 25, 2019

2.1.2

New Feature

  • Added support for vendor ID report to allow OS to generate MAC-based UUIDs.

Bug Fixes

  • Improved DHCP network configuration performance during initialization.

  • Properly calculate L4 checksum on inbound IPv6 traffic when the maximum transmission unit (MTU) exceeds 4K.

  • General improvements to driver stability and minor bug fixes.

November 4, 2019

2.1.1

Bug Fixes
  • Prevent drops of highly fragmented TCP LSO packets arriving from operating system.

  • Properly handle Encapsulating Security Payload (ESP) protocol within the IPSec in IPv6 networks.

September 16, 2019

2.1.0

ENA Windows driver v2.1 introduces new ENA device capabilities, provides a performance boost, adds new features, and includes multiple stability improvements.
  • New features

    • Use standardized Windows registry key for Jumbo frames configuration.

    • Allow VLAN ID setting via the ENA driver properties GUI.

    • Improved Recovery flows

      • Improved failure identification mechanism.

      • Added support for tunable recovery parameters.

    • Support up to 32 I/O queues for newer EC2 instances that have more than 8 vCPUs.

    • ~90% reduction of driver memory footprint.

  • Performance optimizations

    • Reduced transmit path latency.

    • Support for receive checksum offload.

    • Performance optimization for heavily loaded system (optimized usage of locking mechanisms).

    • Further enhancements to reduce CPU utilization and improve system responsiveness under load.

  • Bug Fixes

    • Fix crash due to invalid parsing of non-contiguous Tx headers.

    • Fix driver v1.5 crash during the elastic network interface detach on Bare Metal instances.

    • Fix LSO pseudo-header checksum calculation error over IPv6.

    • Fix potential memory resource leak upon initialization failure.

    • Disable TCP/UDP checksum offload for IPv4 fragments.

    • Fix for VLAN configuration. VLAN was incorrectly disabled when only VLAN priority should have been disabled.

    • Enable correct parsing of custom driver messages by the event viewer.

    • Fix failure to initialize driver due to invalid timestamp handling.

    • Fix race condition between data processing and ENA device disabling.

July 1, 2019

1.5.0

  • Improved stability and performance fixes.

  • Receive Buffers can now be configured up to a value of 8192 in Advanced Properties of the ENA NIC.

  • Default Receive Buffers of 1k.

October 4, 2018

1.2.3

Includes reliability fixes and unifies support for Windows Server 2008 R2 through Windows Server 2016.

February 13, 2018

1.0.8

The initial release. Included in AMIs for Windows Server 2008 R2, Windows Server 2012 RTM, Windows Server 2012 R2, and Windows Server 2016.

July 2016

Subscribe to notifications

Amazon SNS can notify you when new versions of EC2 Windows Drivers are released. Use the following procedure to subscribe to these notifications.

To subscribe to EC2 notifications
  1. Open the Amazon SNS console at https://console.aws.amazon.com/sns/v3/home.

  2. In the navigation bar, change the Region to US East (N. Virginia), if necessary. You must select this Region because the SNS notifications that you are subscribing to are in this Region.

  3. In the navigation pane, choose Subscriptions.

  4. Choose Create subscription.

  5. In the Create subscription dialog box, do the following:

    1. For TopicARN, copy the following Amazon Resource Name (ARN):

      arn:aws:sns:us-east-1:801119661308:ec2-windows-drivers

    2. For Protocol, choose Email.

    3. For Endpoint, enter an email address that you can use to receive the notifications.

    4. Choose Create subscription.

  6. You'll receive a confirmation email. Open the email and follow the directions to complete your subscription.

Whenever new EC2 Windows drivers are released, we send notifications to subscribers. If you no longer want to receive these notifications, use the following procedure to unsubscribe.

To unsubscribe from Amazon EC2 Windows driver notification
  1. Open the Amazon SNS console at https://console.aws.amazon.com/sns/v3/home.

  2. In the navigation pane, choose Subscriptions.

  3. Select the check box for the subscription and then choose Actions, Delete subscriptions. When prompted for confirmation, choose Delete.