Enabling enhanced networking with the Elastic Network Adapter (ENA) on Windows instances

Amazon EC2 provides enhanced networking capabilities through the Elastic Network Adapter (ENA). To use enhanced networking, you must install the required ENA module and enable ENA support.

Contents

• Requirements
• Enhanced networking performance
• Testing whether enhanced networking is enabled
• Enabling enhanced networking on Windows
• Amazon ENA driver versions
• Subscribing to notifications
• Operating System Optimizations

Requirements

To prepare for enhanced networking using the ENA, set up your instance as follows:

• Select from the following supported instance types: C5, C5a, C5d, C5n, F1, G3, G4, H1, I3, I3en, m4.16xlarge, M5, M5a, M5ad, M5d, M5dn, M5n, P2, P3, R4, R5, R5a, R5ad, R5d, R5dn, R5n, T3, T3a, u-6tb1.metal, u-9tb1.metal, u-12tb1.metal, u-18tb1.metal, u-24tb1.metal, X1, X1e, and z1d.

• Ensure that the instance has internet connectivity.

• Install and configure the AWS CLI or the AWS Tools for Windows PowerShell on any computer you choose, preferably your local desktop or laptop. For more information, see Accessing Amazon EC2. Enhanced networking cannot be managed from the Amazon EC2 console.

• If you have important data on the instance that you want to preserve, you should back that data up now by creating an AMI from your instance. Updating kernels and kernel modules, as well as enabling the enaSupport attribute, might render incompatible instances or operating systems unreachable. If you have a recent backup, your data will still be retained if this happens.

Enhanced networking performance

The following documentation provides a summary of the network performance for the instance types that support ENA enhanced networking:

• Network Performance for Accelerated Computing Instances

• Network Performance for Compute Optimized Instances

• Network Performance for General Purpose Instances

• Network Performance for Memory Optimized Instances

• Network Performance for Storage Optimized Instances

Testing whether enhanced networking is enabled

To test whether enhanced networking is already enabled, verify that the driver is installed on your instance and that the enaSupport attribute is set.

Instance attribute (enaSupport)

To check whether an instance has the enhanced networking enaSupport attribute set, use one of the following commands. If the attribute is set, the response is true.

• describe-instances (AWS CLI)

  aws ec2 describe-instances --instance-ids instance_id --query "Reservations[].Instances[].EnaSupport"

• Get-EC2Instance (Tools for Windows PowerShell)

  (Get-EC2Instance -InstanceId instance-id).Instances.EnaSupport

Image attribute (enaSupport)

To check whether an AMI has the enhanced networking enaSupport attribute set, use one of the following commands. If the attribute is set, the response is true.

• describe-images (AWS CLI)

  aws ec2 describe-images --image-id ami_id --query "Images[].EnaSupport"

• Get-EC2Image (Tools for Windows PowerShell)

  (Get-EC2Image -ImageId ami_id).EnaSupport

Enabling enhanced networking on Windows

If you launched your instance and it does not have enhanced networking enabled already, you must download and install the required network adapter driver on your instance, and then set the enaSupport instance attribute to activate enhanced networking. You can only enable this attribute on supported instance types and only if the ENA driver is installed. For more information, see Enhanced networking types.

To enable enhanced networking

1. Connect to your instance and log in as the local administrator.

2. [Windows Server 2016 and later] Run the following EC2Launch PowerShell script to configure the instance after the driver is installed.

   PS C:\> C:\ProgramData\Amazon\EC2-Windows\Launch\Scripts\InitializeInstance.ps1 -Schedule

3. From the instance, install the driver as follows:

   1. Download the latest driver to the instance.

   2. Extract the zip archive.

   3. Install the driver by running the install.ps1 PowerShell script.

      Note

      If you get an execution policy error, set the policy to Unrestricted (by default it is set to Restricted or RemoteSigned). In a command line, run Set-ExecutionPolicy -ExecutionPolicy Unrestricted, and then run the install.ps1 PowerShell script again.

4. From your local computer, stop the instance using the Amazon EC2 console or one of the following commands: stop-instances (AWS CLI), Stop-EC2Instance (AWS Tools for Windows PowerShell). If your instance is managed by AWS OpsWorks, you should stop the instance in the AWS OpsWorks console so that the instance state remains in sync.

5. Enable ENA support on your instance as follows:

   1. From your local computer, check the EC2 instance ENA support attribute on your instance by running one of the following commands. If the attribute is not enabled, the output will be "[]" or blank. EnaSupport is set to false by default.

      • describe-instances (AWS CLI)

        aws ec2 describe-instances --instance-ids instance_id --query "Reservations[].Instances[].EnaSupport"

      • Get-EC2Instance (Tools for Windows PowerShell)

        (Get-EC2Instance -InstanceId instance-id).Instances.EnaSupport

   2. To enable ENA support, run one of the following commands:

      • modify-instance-attribute (AWS CLI)

        aws ec2 modify-instance-attribute --instance-id instance_id --ena-support

      • Edit-EC2InstanceAttribute (AWS Tools for Windows PowerShell)

        Edit-EC2InstanceAttribute -InstanceId instance_id -EnaSupport $true

      If you encounter problems when you restart the instance, you can also disable ENA support using one of the following commands:

      • modify-instance-attribute (AWS CLI)

        aws ec2 modify-instance-attribute --instance-id instance_id --no-ena-support

      • Edit-EC2InstanceAttribute (AWS Tools for Windows PowerShell)

        Edit-EC2InstanceAttribute -InstanceId instance_id -EnaSupport $false

   3. Verify that the attribute has been set to true using describe-instances or Get-EC2Instance as shown previously. You should now see the following output:

      [
          true
      ]

6. From your local computer, start the instance using the Amazon EC2 console or one of the following commands: start-instances (AWS CLI), Start-EC2Instance (AWS Tools for Windows PowerShell). If your instance is managed by AWS OpsWorks, you should start the instance using the AWS OpsWorks console so that the instance state remains in sync.

7. On the instance, validate that the ENA driver is installed and enabled as follows:

   1. Right-click the network icon and choose Open Network and Sharing Center.

   2. Choose the Ethernet adapter (for example, Ethernet 2).

   3. Choose Details. For Network Connection Details, check that Description is Amazon Elastic Network Adapter.

8. (Optional) Create an AMI from the instance. The AMI inherits the enaSupport attribute from the instance. Therefore, you can use this AMI to launch another instance with ENA enabled by default. For more information, see Creating a custom Windows AMI.

Amazon ENA driver versions

Windows AMIs include the Amazon ENA driver to enable enhanced networking. The following table summarizes the changes for each release.

Driver version	Details	Release date
2.1.5	Bug Fixes Fixes occasional network adapter initialization failure on bare metal instances.	June 23, 2020
2.1.4	Bug Fixes Prevent connectivity issues caused by corrupted LSO packet metadata arrviving from the network stack. Prevent system crash caused by a rare race condition that results in accessing an already released packet memory.	November 25, 2019
2.1.2	New Features Added support for vendor ID report to allow OS to generate MAC-based UUIDs. Bug Fixes Improved DHCP network configuration performance during initialization. Properly calculate L4 checksum on inbound IPv6 traffic when the maximum transmission unit (MTU) exceeds 4K. General improvements to driver stability and minor bug fixes.	November 4, 2019
2.1.1	Bug Fixes Prevent drops of highly fragmented TCP LSO packets arriving from operating system. Properly handle Encapsulating Security Payload (ESP) protocol within the IPSec in IPv6 networks.	September 16, 2019
2.1.0	ENA Windows driver v2.1 introduces new ENA device capabilities, provides a performance boost, adds new features, and includes multiple stability improvements. New features Use standardized Windows registry key for Jumbo frames configuration. Allow VLAN ID setting via the ENA driver properties GUI. Improved Recovery flows Improved failure identification mechanism. Added support for tunable recovery parameters. Support up to 32 I/O queues for newer EC2 instances that have more than 8 vCPUs. ~90% reduction of driver memory footprint. Performance optimizations Reduced transmit path latency. Support for receive checksum offload. Performance optimization for heavily loaded system (optimized usage of locking mechanisms). Further enhancements to reduce CPU utilization and improve system responsiveness under load. Bug Fixes Fix crash due to invalid parsing of non-contiguous Tx headers. Fix driver v1.5 crash during ENI detach on Bare Metal instances. Fix LSO pseudo-header checksum calculation error over IPv6. Fix potential memory resource leak upon initialization failure. Disable TCP/UDP checksum offload for IPv4 fragments. Fix for VLAN configuration. VLAN was incorrectly disabled when only VLAN priority should have been disabled. Enable correct parsing of custom driver messages by the event viewer. Fix failure to initialize driver due to invalid timestamp handling. Fix race condition between data processing and ENA device disabling.	July 1, 2019
1.5.0	Improved stability and performance fixes. Receive Buffers can now be configured up to a value of 8192 in Advanced Properties of the ENA NIC. Default Receive Buffers of 1k.	October 4, 2018
1.2.3	Includes reliability fixes and unifies support for Windows Server 2008 R2 through Windows Server 2016.	February 13, 2018
1.0.9	Includes some reliability fixes. Applies only to Windows Server 2008 R2. Not recommended for other versions of Windows Server.	December 2016
1.0.8	The initial release. Included in AMIs for Windows Server 2008 R2, Windows Server 2012 RTM, Windows Server 2012 R2, and Windows Server 2016.	July 2016

Subscribing to notifications

Amazon SNS can notify you when new versions of EC2 Windows Drivers are released. Use the following procedure to subscribe to these notifications.

To subscribe to EC2 notifications

1. Open the Amazon SNS console at https://console.aws.amazon.com/sns/v3/home.

2. In the navigation bar, change the Region to US East (N. Virginia), if necessary. You must select this Region because the SNS notifications that you are subscribing to are in this Region.

3. In the navigation pane, choose Subscriptions.

4. Choose Create subscription.

5. In the Create subscription dialog box, do the following:

   1. For TopicARN, copy the following Amazon Resource Name (ARN):

      arn:aws:sns:us-east-1:801119661308:ec2-windows-drivers

   2. For Protocol, choose Email.

   3. For Endpoint, enter an email address that you can use to receive the notifications.

   4. Choose Create subscription.

6. You'll receive a confirmation email. Open the email and follow the directions to complete your subscription.

Whenever new EC2 Windows drivers are released, we send notifications to subscribers. If you no longer want to receive these notifications, use the following procedure to unsubscribe.

To unsubscribe from Amazon EC2 Windows driver notification

1. Open the Amazon SNS console at https://console.aws.amazon.com/sns/v3/home.

2. In the navigation pane, choose Subscriptions.

3. Select the check box for the subscription and then choose Actions, Delete subscriptions. When prompted for confirmation, choose Delete.