Symptom

You have an ECS that has an EIP bound, but the ECS cannot access the Internet.

Troubleshooting

Figure 1 shows the process for an ECS to access the Internet using an EIP.

Figure 1 EIP network diagram

Locate the fault based on the following procedure.

Figure 2 Troubleshooting procedure

1. Step 1: Check Whether the ECS Is Running Properly
2. Step 2: Check Whether the Network Configuration of the ECS Is Correct
3. Step 3: Check Whether an EIP Has Been Assigned and Bound to the ECS
4. Step 4: Check Whether the EIP Is Bound to the Primary NIC of the ECS
5. Step 5: Check Whether Required Security Group Rules Have Been Configured.
6. Step 6: Check Whether Traffic from the ECS Subnet Is Blocked

Step 1: Check Whether the ECS Is Running Properly

Check whether the ECS is running properly.

If the ECS state is not Running, start or restart the ECS.

Figure 3 ECS status

Step 2: Check Whether the Network Configuration of the ECS Is Correct

1. Check whether the ECS NIC has an IP address assigned.

   Log in to the ECS, and run the ifconfig or ip address command to check the ECS NIC IP address.

   If an ECS runs the Window OS, run the ipconfig command.

2. Check whether the virtual IP address is correctly configured on the ECS NIC.

   Log in to the ECS, and run the ifconfig or ip address command to check the ECS NIC IP address. If the ECS NIC does not have an IP address configured, run a command to configure an IP address for the ECS NIC. For example, run the ip addr add virtual IP address eth0 command to configure IP address 192.168.1.192/24 for the NIC.

   Figure 4 Virtual IP address of a NIC
   

   Check whether the default route exists. If no default route exists, run the ip route add command to add the default route.

   Figure 5 Default route
   

Step 3: Check Whether an EIP Has Been Assigned and Bound to the ECS

Check whether an EIP has been assigned and bound to the ECS. (If the EIP has not been assigned, assign an EIP and bind it to the ECS.)

The ECS shown in Figure 6 has no EIP bound and only has a private IP address bound.

Figure 6 EIP status

Step 4: Check Whether the EIP Is Bound to the Primary NIC of the ECS

Check whether the EIP is bound to the primary NIC of the ECS. If the EIP is not bound to the primary NIC of the ECS, bind it.

You can view the NIC details by clicking the NICs tab on the ECS details page. By default, the first record in the list is the primary NIC and the EIP is bound to the primary NIC as shown in the following figure.

Figure 7 Checking whether the EIP is bound to the primary NIC of the ECS

Step 5: Check Whether Required Security Group Rules Have Been Configured.

For details about how to add security group rules, see Adding a Security Group Rule.

If rules have not been configured, configure them based on your service requirements. (The remote IP address indicates the allowed IP address, and 0.0.0.0/0 indicates that all IP addresses are allowed.)

Step 6: Check Whether Traffic from the ECS Subnet Is Blocked

Check whether traffic filtering has been configured on the network ACL of the subnet used by the ECS NIC.

You can configure the network ACL on the VPC console, and make sure that the network ACL rules allow the traffic from the ECS subnet.

Submitting a Service Ticket

If the EIP still fails to communicate with the Internet after performing the preceding steps, submit a service ticket.

Provide the following information to the technical support engineer.