Help Center/ Data Lake Insight/ FAQs/ Datasource Connections/ Datasource Connections/ How Do I Do if the Datasource Connection Is Created But the Network Connectivity Test Fails?
Updated on 2023-06-16 GMT+08:00

How Do I Do if the Datasource Connection Is Created But the Network Connectivity Test Fails?

Description

A datasource connection is created and bound to a queue. The connectivity test fails and the following error information is displayed:
failed to connect to specified address

Check Whether a Port Number Is Added to the End of the Domain Name or IP Address

The port number is required for the connectivity test.

The following example tests the connectivity between a queue and a specified RDS DB instance. The RDS DB instance uses port 3306.

The following figure shows how you should specify the IP address.

Figure 1 Testing address connectivity

Check Whether the Information of the Peer VPC and Subnet Are Correct.

When you create an enhanced datasource connection, you need to specify the peer VPC and subnet.

For example, to test the connectivity between a queue and a specified RDS DB instance, you need to specify the RDS VPC and subnet information.

Figure 2 Creating a connection

Check Whether the CIDR Block of the Queue Overlaps That of the Data Source

The CIDR block of the DLI queue bound with a datasource connection cannot overlap the CIDR block of the data source.

You can check whether they overlap by viewing the connection logs.

Figure 3 shows an example where the CIDR block conflicts of queue A and queue B. In this example, queue B is bound to an enhanced datasource connection to data source C. Therefore, a message is displayed, indicating that the network segment of queue A conflicts with that of data source C. As a result, a new enhanced datasource connection cannot be established.

Solution: Modify the CIDR block of the queue or create another queue.

Planing the CIDR blocks for your queues helps you to avoid this problem.

Figure 3 Viewing connection logs

Check Whether the VPC Administrator Permission Is Granted to DLI

View the connection logs to check whether there is the required permission.

Figure 4 and Figure 5 show the logs when subnet ID and route ID of the destination cannot be obtained because there is no permission.

Solution: Grant DLI the VPC Administrator permission and cancel the IAM ReadOnlyAccess authorization.

Figure 4 Viewing connection logs
Figure 5 Viewing connection logs
Figure 6 Selecting VPC administrator

Check Whether the Destination Security Group Allows Access from the CIDR Block of the Queue

To connect to Kafka, GaussDB(DWS), and RDS instances, add security group rules for the DLI CIDR block to the security group where the instances belong. For example, to connect a queue to RDS, perform the following operations:
  1. Log in to the DLI console, choose Resources > Queue Management in the navigation pane on the left. On the displayed page, select the target queue, and click to expand the row containing the target queue to view its CIDR block.
  2. On the Instance Management page of the RDS console, click the instance name. In the Connection Information area, locate Database Port to obtain the port number of the RDS DB instance.
  3. In the Connection Information area locate the Security Group and click the group name to switch to the security group management page. Select the Inbound Rules tab and click Add Rule. Set the priority to 1, protocol to TCP, port to the database port number, and source to the CIDR block of the DLI queue. Click OK.
    Figure 7 VPC security group rules

Check the Route Information of the VPC Peering Connection Corresponding to an Enhanced Datasource Connection

Check the routing table of the VPC peering connection corresponding to the enhanced datasource connection. Check whether the CIDR block of the queue overlaps other CIDR blocks in the routing table. If it does, the forwarding may be incorrect.

  1. Obtain the ID of the VPC peering connection created for the enhanced datasource connection.
    Figure 8 Obtaining the VPC peering connection ID
  2. View the information about the VPC peering connection on the VPC console.
    Figure 9 Viewing a VPC peering connection
    Figure 10 Viewing the CIDR block of the queue
  3. View the route table information of the VPC corresponding to the queue.
    Figure 11 Viewing the destination addresses in the routing table

Check Whether VPC Network ACL Rules Are Configured to Restrict Network Access

Check whether an ACL is configured for the subnet corresponding to the datasource connection and whether the ACL rules restrict network access.

For example, if you set a CIDR block whose security group rule allows access from a queue and set a network ACL rule to deny access from that CIDR block, the security group rule does not take effect.