AWS Documentation » Amazon EC2 » User Guide for Windows Instances » Network and Security » Enhanced Networking on Windows » Enabling Enhanced Networking with the Elastic Network Adapter (ENA) on Windows Instances

The AWS Documentation website is getting a new look!
Try it now and let us know what you think. Switch to the new look >>

You can return to the original look by selecting English in the language selector above.

Enabling Enhanced Networking with the Elastic Network Adapter (ENA) on Windows Instances

Amazon EC2 provides enhanced networking capabilities through the Elastic Network Adapter (ENA).

Contents

• Requirements
• Data Encryption
• Testing Whether Enhanced Networking Is Enabled
• Enabling Enhanced Networking on Windows
• Amazon ENA Driver Versions
• Subscribing to Notifications
• Operating System Optimizations

Requirements

To prepare for enhanced networking using the ENA, set up your instance as follows:

• Select from the following supported instance types: C5, C5d, C5n, F1, G3, G4, H1, I3, I3en, m4.16xlarge, M5, M5a, M5ad, M5d, M5dn, M5n P2, P3, R4, R5, R5a, R5ad, R5d, R5dn, R5n, T3, T3a, u-6tb1.metal, u-9tb1.metal, u-12tb1.metal, u-18tb1.metal, u-24tb1.metal, X1, X1e, and z1d.

• Ensure that the instance has internet connectivity.

• Install and configure the AWS CLI or the AWS Tools for Windows PowerShell on any computer you choose, preferably your local desktop or laptop. For more information, see Accessing Amazon EC2. Enhanced networking cannot be managed from the Amazon EC2 console.

• If you have important data on the instance that you want to preserve, you should back that data up now by creating an AMI from your instance. Updating kernels and kernel modules, as well as enabling the enaSupport attribute, might render incompatible instances or operating systems unreachable; if you have a recent backup, your data will still be retained if this happens.

Data Encryption

AWS provides secure and private connectivity between EC2 instances. In addition, we automatically encrypt in-transit traffic between supported instances in the same VPC or in peered VPCs, using AEAD algorithms with 256-bit encryption. This encryption feature uses the offload capabilities of the underlying hardware, and there is no impact on network performance. The supported instances are: C5n, G4, I3en, M5dn, M5n, P3dn, R5dn, and R5n.

Testing Whether Enhanced Networking Is Enabled

To test whether enhanced networking is already enabled, verify that the driver is installed on your instance and that the enaSupport attribute is set.

Instance Attribute (enaSupport)

To check whether an instance has the enhanced networking enaSupport attribute set, use one of the following commands. If the attribute is set, the response is true.

• describe-instances (AWS CLI)

  aws ec2 describe-instances --instance-ids instance_id --query "Reservations[].Instances[].EnaSupport"

• Get-EC2Instance (Tools for Windows PowerShell)

  (Get-EC2Instance -InstanceId instance-id).Instances.EnaSupport

Image Attribute (enaSupport)

To check whether an AMI has the enhanced networking enaSupport attribute set, use one of the following commands. If the attribute is set, the response is true.

• describe-images (AWS CLI)

  aws ec2 describe-images --image-id ami_id --query "Images[].EnaSupport"

• Get-EC2Image (Tools for Windows PowerShell)

  (Get-EC2Image -ImageId ami_id).EnaSupport

Enabling Enhanced Networking on Windows

If you launched your instance and it does not have enhanced networking enabled already, you must download and install the required network adapter driver on your instance, and then set the enaSupport instance attribute to activate enhanced networking. You can only enable this attribute on supported instance types and only if the ENA driver is installed. For more information, see Enhanced Networking Types.

To enable enhanced networking

1. Connect to your instance and log in as the local administrator.

2. [Windows Server 2016 and later] Run the following EC2Launch PowerShell script to configure the instance after the driver is installed.

   PS C:\> C:\ProgramData\Amazon\EC2-Windows\Launch\Scripts\InitializeInstance.ps1 -Schedule

3. From the instance, install the driver as follows:

   1. Download the latest driver to the instance.

   2. Extract the zip archive.

   3. Install the driver by running the install.ps1 PowerShell script.

      Note

      If you get an execution policy error, you’ll need to set the policy to Unrestricted (by default it is set to Restricted or RemoteSigned). In a command line, run Set-ExecutionPolicy -ExecutionPolicy Unrestricted, and then run the install.ps1 PowerShell script again.

4. From your local computer, stop the instance using the Amazon EC2 console or one of the following commands: stop-instances (AWS CLI), Stop-EC2Instance (AWS Tools for Windows PowerShell). If your instance is managed by AWS OpsWorks, you should stop the instance in the AWS OpsWorks console so that the instance state remains in sync.

5. Enable ENA support on your instance as follows:

   1. From your local computer, check the EC2 instance ENA support attribute on your instance by running one of the following commands. If the attribute is not enabled, the output will be "[]" or blank. EnaSupport is set to false by default.

      • describe-instances (AWS CLI)

        aws ec2 describe-instances --instance-ids instance_id --query "Reservations[].Instances[].EnaSupport"

      • Get-EC2Instance (Tools for Windows PowerShell)

        (Get-EC2Instance -InstanceId instance-id).Instances.EnaSupport

   2. To enable ENA support, run one of the following commands:

      • modify-instance-attribute (AWS CLI)

        aws ec2 modify-instance-attribute --instance-id instance_id --ena-support

      • Edit-EC2InstanceAttribute (AWS Tools for Windows PowerShell)

        Edit-EC2InstanceAttribute -InstanceId instance_id -EnaSupport $true

      If you encounter problems when you restart the instance, you can also disable ENA support using one of the following commands:

      • modify-instance-attribute (AWS CLI)

        aws ec2 modify-instance-attribute --instance-id instance_id --no-ena-support

      • Edit-EC2InstanceAttribute (AWS Tools for Windows PowerShell)

        Edit-EC2InstanceAttribute -InstanceId instance_id -EnaSupport $false

   3. Verify that the attribute has been set to true using describe-instances or Get-EC2Instance as shown previously. You should now see the following output:

      [
          true
      ]

6. From your local computer, start the instance using the Amazon EC2 console or one of the following commands: start-instances (AWS CLI), Start-EC2Instance (AWS Tools for Windows PowerShell). If your instance is managed by AWS OpsWorks, you should start the instance using the AWS OpsWorks console so that the instance state remains in sync.

7. On the instance, validate that the ENA driver is installed and enabled as follows:

   1. Right-click the network icon and choose Open Network and Sharing Center.

   2. Choose the Ethernet adapter (for example, Ethernet 2).

   3. Choose Details. For Network Connection Details, check that Description is Amazon Elastic Network Adapter.

8. (Optional) Create an AMI from the instance. The AMI inherits the enaSupport attribute from the instance. Therefore, you can use this AMI to launch another instance with ENA enabled by default. For more information, see Creating a Custom Windows AMI.

Amazon ENA Driver Versions

Windows AMIs include the Amazon ENA driver to enable enhanced networking. The following table summarizes the changes for each release.

Driver version	Details	Release date
2.1.1	Bug Fixes Prevent drops of highly fragmented TCP LSO packets arriving from operating system. Properly handle Encapsulating Security Payload (ESP) protocol within the IPSec in IPv6 networks.	September 2019
2.1.0	ENA Windows driver v2.1 introduces new ENA device capabilities, provides a performance boost, adds new features, and includes multiple stability improvements. New features Use standardized Windows registry key for Jumbo frames configuration. Allow VLAN ID setting via the ENA driver properties GUI. Improved Recovery flows Improved failure identification mechanism. Added support for tunable recovery parameters. Support up to 32 I/O queues for newer EC2 instances that have more than 8 vCPUs. ~90% reduction of driver memory footprint. Performance optimizations Reduced transmit path latency. Support for receive checksum offload. Performance optimization for heavily loaded system (optimized usage of locking mechanisms). Further enhancements to reduce CPU utilization and improve system responsiveness under load. Bug Fixes Fix crash due to invalid parsing of non-contiguous Tx headers. Fix driver v1.5 crash during ENI detach on Bare Metal instances. Fix LSO pseudo-header checksum calculation error over IPv6. Fix potential memory resource leak upon initialization failure. Disable TCP/UDP checksum offload for IPv4 fragments. Fix for VLAN configuration. VLAN was incorrectly disabled when only VLAN priority should have been disabled. Enable correct parsing of custom driver messages by the event viewer. Fix failure to initialize driver due to invalid timestamp handling. Fix race condition between data processing and ENA device disabling.	July 2019
1.5.0	Improved stability and performance fixes. Receive Buffers can now be configured up to a value of 8192 in Advanced Properties of the ENA NIC. Default Receive Buffers of 1k.	October 2018
1.2.3	Includes reliability fixes and unifies support for Windows Server 2008 R2 through Windows Server 2016.	February 2018
1.0.9	Includes some reliability fixes. Applies only to Windows Server 2008 R2. Not recommended for other versions of Windows Server.	December 2016
1.0.8	The initial release. Included in AMIs for Windows Server 2008 R2, Windows Server 2012 RTM, Windows Server 2012 R2, and Windows Server 2016.	July 2016

Subscribing to Notifications

Amazon SNS can notify you when new versions of EC2 Windows Drivers are released. Use the following procedure to subscribe to these notifications.

To subscribe to EC2 notifications

1. Open the Amazon SNS console at https://console.aws.amazon.com/sns/v3/home.

2. In the navigation bar, change the region to US East (N. Virginia), if necessary. You must select this region because the SNS notifications that you are subscribing to are in this region.

3. In the navigation pane, choose Subscriptions.

4. Choose Create subscription.

5. In the Create subscription dialog box, do the following:

   1. For TopicARN, copy the following Amazon Resource Name (ARN):

      arn:aws:sns:us-east-1:801119661308:ec2-windows-drivers

   2. For Protocol, choose Email.

   3. For Endpoint, type an email address that you can use to receive the notifications.

   4. Choose Create subscription.

6. You'll receive a confirmation email. Open the email and follow the directions to complete your subscription.

Whenever new EC2 Windows drivers are released, we send notifications to subscribers. If you no longer want to receive these notifications, use the following procedure to unsubscribe.

To unsubscribe from Amazon EC2 Windows driver notification

1. Open the Amazon SNS console at https://console.aws.amazon.com/sns/v3/home.

2. In the navigation pane, choose Subscriptions.

3. Select the checkbox for the subscription and then choose Actions, Delete subscriptions. When prompted for confirmation, choose Delete.