Help Center/ Elastic IP/ FAQs/ Connectivity/ Why Can't My ECS Access the Internet Even After an EIP Is Bound?
Updated on 2024-04-09 GMT+08:00

Why Can't My ECS Access the Internet Even After an EIP Is Bound?

Symptom

An ECS with an EIP bound cannot access the Internet.

Troubleshooting

Checking Whether EIPs Are Blocked or Frozen

Checking EIP Connectivity

Figure 1 shows the networking diagram for an ECS to access the Internet using an EIP.

Figure 1 EIP network diagram

Locate the fault based on the following procedure.

Figure 2 Troubleshooting procedure
  1. Step 1: Check Whether the ECS Is Running Properly
  2. Step 2: Check Whether the Network Configuration of the ECS Is Correct
  3. Step 3: Check Whether an EIP Has Been Assigned and Bound to the ECS
  4. Step 4: Check Whether an EIP Is Bound to the Primary NIC of the ECS
  5. Step 5: Check Whether Required Security Group Rules Have Been Configured.
  6. Step 6: Check Whether Traffic from the ECS Subnet Is Blocked

Step 1: Check Whether the ECS Is Running Properly

Check the ECS status.

If the ECS status is not Running, start or restart the ECS.

Figure 3 ECS status

Step 2: Check Whether the Network Configuration of the ECS Is Correct

  1. Check whether the ECS NIC has an IP address assigned.

    Log in to the ECS, and run ifconfig or ip address to check the ECS NIC IP address.

  2. Check whether the ECS NIC has a virtual IP address.

    Log in to the ECS, and run ifconfig or ip address to check whether the ECS NIC has a virtual IP address. If the ECS NIC has no virtual IP address, run the ip addr add virtual IP address eth0 command to configure an IP address for the ECS NIC.

    Figure 4 Virtual IP address of a NIC

    Check whether the ECS NIC has a default route. If there is no default route, run ip route add to add one.

    Figure 5 Default route

Step 3: Check Whether an EIP Has Been Assigned and Bound to the ECS

Check whether an EIP has been assigned and bound to the ECS. If no EIP has been assigned, assign an EIP and bind it to the ECS.

The ECS shown in Figure 6 has no EIP bound. It only has a private IP address bound.
Figure 6 EIP status

Step 4: Check Whether an EIP Is Bound to the Primary NIC of the ECS

Check whether an EIP is bound to the primary NIC of the ECS. If there is no EIP bound to the primary NIC of the ECS, bind one.

You can view the NIC details by clicking the NICs tab on the ECS details page. By default, the first record in the list is the primary NIC.

As shown in Figure 7, the EIP is bound to the primary NIC.

Figure 7 Checking whether the EIP is bound to the primary NIC of the ECS

Step 5: Check Whether Required Security Group Rules Have Been Configured.

For details about how to add security group rules, see Adding a Security Group Rule.

If security group rules have not been configured, configure them based on your service requirements. (The remote IP address indicates the allowed IP address, and 0.0.0.0/0 indicates that all IP addresses are allowed.)

Step 6: Check Whether Traffic from the ECS Subnet Is Blocked

Check whether the network ACL of the NIC subnet blocks certain traffic from the subnet.

You can configure the network ACL on the VPC console. Make sure that the network ACL rules allow the traffic from the ECS subnet.