Help Center> Virtual Private Cloud> FAQ> Connectivity> What Do I Do If Two ECSs in the Same VPC Cannot Communicate with Each Other or Packet Loss Occurs When They Communicate?
View PDF

What Do I Do If Two ECSs in the Same VPC Cannot Communicate with Each Other or Packet Loss Occurs When They Communicate?

Fault Locating

  1. Check security group rules.
  2. Check network ACLs.
  3. Check the NIC information of ECSs.
  4. Check the disconnected ports.

Troubleshooting Procedure

  1. Check security group rules.

    Check whether the ECS NIC security group allows the outbound and inbound Internet Control Message Protocol (ICMP) traffic.

    Take the inbound direction as an example. The security group rules must contain any of the following rules.

    Figure 1 Inbound security group rule

    If packets of other protocols are tested, configure the security group rules to allow the corresponding protocol traffic. For example, if UDP packets are tested, check whether the security group allows the inbound UDP traffic.

  2. Check network ACLs.
    1. Check whether the ECS NIC is in the associated subnet of the network ACL.
    2. Check the network ACL status in the network ACL list.
      • If Disable is displayed in the Operation column, the network ACL has been enabled. Go to 2.c.
      • If Enable is displayed in the Operation column, the network ACL has been disabled. Go to 2.d.
    3. Click the network ACL name and configure rules on the Inbound and Outbound tabs to allow the ICMP traffic.
    4. When the network ACL is disabled, all packets in the inbound and outbound directions are discarded by default. In this case, delete the network ACL or enable the network ACL and allow the ICMP traffic.
  3. Check the NIC information of the ECS. (The following procedure uses a Linux ECS as an example. For a Windows ECS, check the firewall restrictions.))
    1. Check whether multiple NICs are configured for the ECS. If the ECS has multiple NICs and the EIP is bound to an extension NIC, configure policy-based routing for the ECS. For details, see How Do I Configure Policy-Based Routing for ECSs with Multiple NICs?
    2. Log in to the ECS and run the following command to check whether the NIC has been created and obtained a private IP address. If there is no NIC information or the private IP address cannot be obtained, contact technical support.

      ifconfig

      Figure 2 NIC IP address
    3. Run the following command to check whether the CPU usage of the ECS is too high. If the CPU usage exceeds 80%, the ECS communication may be adversely affected.

      top

    4. Run the following command to check whether the ECS has any restrictions on security group rules:

      iptables-save

    5. Run the following command to check whether the /etc/hosts.deny file contains the IP addresses that limit communication:

      vi /etc/hosts.deny

      If the hosts.deny file contains the IP address of another ECS, delete the IP address from the hosts.deny file and save the file.

  4. Check the disconnected ports.
    1. If the special port of the ECS cannot be accessed, check whether the security group rules and network ACL rules enable the port.
    2. On the Linux ECS, run the following command to check whether the ECS listens to the port: If the port is not listened, the ECS communication may be adversely affected.

      netstat -na | grep <Port number>

Parent topic: Connectivity