Help Center/ Cloud Search Service/ Troubleshooting/ Ports/ Why Does Access to Port 9200 Fail?
Updated on 2022-08-31 GMT+08:00

Why Does Access to Port 9200 Fail?

Symptom

If a VPN or VPC peering connection is used to access the CSS cluster, no result is returned when the curl command is used to connect to the CSS cluster.

For example, if you run the following command to connect to the cluster, no result is returned:

curl -s 'http://< node private access address >:9200'

Cause

If a VPN or VPC peering connection is used to access CSS, that means that the client and CSS are not in the same VPC. Therefore, the subnet of the CSS cluster must be in a different network segment from that of the VPC.

Suppose, for example, there is a CSS cluster in VPC vpc-8e28 on the network segment 192.168.0.0/16, the subnet subnet-4a81 of the VPC is selected, and its network segment is also 192.168.0.0/16. As the CSS subnet vpc-8e28 and the subnet it is being accessed from (subnet-4a81) are both 192.168.0.0/16, if the VPN or the VPC peering connection tries to access the CSS cluster, the host created on the subnet does not have a gateway corresponding to the VPC. As a result, the default route of the CSS service is affected and access to port 9200 fails.

Procedure

If access to port 9200 fails but the CSS cluster is available, do as follows:

  1. Go to the CSS management console. In the cluster list, click the cluster name to view the VPC and subnet used by the cluster.
  2. Go to the VPC management console. In the VPC list, click the name of the VPC used by the CSS cluster. The VPC details page is displayed. View the VPC and subnet network segment information.

    As shown in Figure 1, the VPC network segment information is the same as the subnet network segment information. When a VPN private line or a VPC peer connection is used, access to port 9200 fails.

    Figure 1 Viewing network segment information
  3. If the preceding error occurs, create another cluster and this time select a subnet that is different from the VPC subnet. If the subnet does not exist, create another subnet on the VPC management console.

    After a new CSS cluster is created, migrate the data of the old cluster to the new cluster, and then use the VPN or VPC peering connection to access the cluster.

    If you require a VPN connection or VPC peering connection to access the CSS cluster, ensure that the VPC and subnet of the newly created CSS are in different network segments.