How Do I Handle the VPC Peering Connection Failure?
VPC Peering Connection Network
Figure 1 shows the VPC peering connection network.
Routes are required to enable communication between Subnet A in VPC1 and Subnet X in VPC2 in the figure. Figure 2 shows the route table configuration.
Checking ECS Basic Network Functions
- Confirm that the ECS NIC has an IP address assigned.
Log in to the ECS, and run the ifconfig or ip address command to check the ECS NIC IP address.
The ipconfig command applies only to Windows ECSs.
- Ping the gateway address of the subnet from the ECS to check the ECS communication with external networks.
Obtain the gateway address from the VPC details page on the console. In most cases, the gateway address is xxx. xxx. xxx. 1. Ping the gateway address to check the communication. If the gateway address cannot be pinged, troubleshoot the layer 2 and layer 3 networks.
Checking VPC Network Configuration
- Confirm that the security group configuration of the ECS NIC is correct.
Obtain the security group used by the ECS NIC from the ECS details page. The security group rule that allows the ECS to access the peer subnet has been configured for the security group. For example, you must configure security group rules described in Figure 3 for the NICs of all ECSs in VPC 1 in Figure 1.
- Confirm that the firewall for the subnet used by the ECS NIC does not block required traffic.
If you can configure the firewall on the VPC console, confirm that the firewall rules allow traffic from the subnets used by the VPC peering connection to pass through.
- If the ECS has more than one NIC, ensure that correct policy-based routing has been configured for the ECS and that packets with different source IP addresses match their own rules.
For example, if the IP address of eth0 is 192.168.1.10/24, and that of eth1 is 192.168.2.10/24, run the following commands:
ping -I 192.168.1.10 192.168.1.1
ping -I 192.168.2.10 192.168.2.1
If the IP addresses can be pinged, the policy-based routing configured for the two NICs is correct.
Checking VPC Peering Connection Configuration
- The VPC peering connection described in Figure 1 is used as an example to show how to check the configuration. Check whether correct routes have been added to the VPC peering connection. For example, the destination of the route for VPC 1 must be the subnet CIDR block in VPC 2.
Add local and peer routes on the VPC peering connection page. The VPC peering connection works properly after the routes are correctly configured.
- Check VPC 1 and VPC 2 for subnets that conflict with the subnets involved in the VPC peering connection. For example, if VPC 1 and VPC 2 each has a subnet with the same CIDR block, such as 192.168.11.0/24, the VPC peering connection will become invalid. Figure 4 shows the invalid VPC peering connection.
O&M Operations That Require Assistance
If the VPC peering connection failure cannot be rectified after you perform the preceding operations, contact technical support.
You need to ping the ECS at one side of the VPC peering connection from another ECS at the other side of the VPC peering connection to send ICMP packets and provide the technical support engineer with the following information:
|
Item |
Description |
Your Value |
|---|---|---|
|
VPC1 ID |
VPC 1 ID |
N/A |
|
VPC2 ID |
VPC 2 ID |
N/A |
|
VM1 ID |
ID of the ECS in VPC 1 |
N/A |
|
VM2 ID |
ID of the ECS in VPC 2 |
N/A |
|
Subnet1 ID |
ID of the subnet used by ECS 1 |
N/A |
|
Subnet2 ID |
ID of the subnet used by ECS 2 |
N/A |
|
IP1 |
ECS 1 IP address |
N/A |
|
IP2 |
ECS 2 IP address |
N/A |
You can add - t to the end of the ping command to enable the Windows ECS to continuously send ICMP packets.
Did this article solve your problem?
Thank you for your score!Your feedback would help us improve the website.