Why Can't My ECS Access the Internet Even After an EIP Is Bound?
Symptom
An ECS with an EIP bound cannot access the Internet.
Troubleshooting
Checking Whether EIPs Are Blocked or Frozen
- Check whether the EIP is blocked. For details, see How Do I Unblock an EIP?
- Check whether the EIP is frozen. For details, see Why My EIPs Are Frozen? How Do I Unfreeze My EIPs?
Checking EIP Connectivity
Figure 1 shows the networking diagram for an ECS to access the Internet using an EIP.
Locate the fault based on the following procedure.
- Step 1: Check Whether the ECS Is Running Properly
- Step 2: Check Whether the Network Configuration of the ECS Is Correct
- Step 3: Check Whether an EIP Has Been Assigned and Bound to the ECS
- Step 4: Check Whether an EIP Is Bound to the Primary NIC of the ECS
- Step 5: Check Whether Required Security Group Rules Have Been Configured.
- Step 6: Check Whether Traffic from the ECS Subnet Is Blocked
Step 1: Check Whether the ECS Is Running Properly
Check the ECS status.
If the ECS status is not Running, start or restart the ECS.
Step 2: Check Whether the Network Configuration of the ECS Is Correct
- Check whether the ECS NIC has an IP address assigned.
Log in to the ECS, and run ifconfig or ip address to check the ECS NIC IP address.
If both the primary and extension NICs of an ECS have an EIP bound, check whether the ECS has policy-based routes configured. If policy-based routes are not configured, refer to Configuring Policy-based Routes for a Linux ECS with Multiple NICs (IPv4/IPv6).
If the ECS runs Windows, run ipconfig.
- Check whether the ECS NIC has a virtual IP address.
Log in to the ECS, and run ifconfig or ip address to check whether the ECS NIC has a virtual IP address. If the ECS NIC has no virtual IP address, run the ip addr add virtual IP address eth0 command to configure an IP address for the ECS NIC.
Figure 4 Virtual IP address of a NIC
Check whether the ECS NIC has a default route. If there is no default route, run ip route add to add one.
Figure 5 Default route
Step 3: Check Whether an EIP Has Been Assigned and Bound to the ECS
Check whether an EIP has been assigned and bound to the ECS. If no EIP has been assigned, assign an EIP and bind it to the ECS.
Step 4: Check Whether an EIP Is Bound to the Primary NIC of the ECS
Check whether an EIP is bound to the primary NIC of the ECS. If there is no EIP bound to the primary NIC of the ECS, bind one.
You can view the NIC details by clicking the NICs tab on the ECS details page. By default, the first record in the list is the primary NIC.
As shown in Figure 7, the EIP is bound to the primary NIC.
Step 5: Check Whether Required Security Group Rules Have Been Configured.
For details about how to add security group rules, see Adding a Security Group Rule.
If security group rules have not been configured, configure them based on your service requirements. (The remote IP address indicates the allowed IP address, and 0.0.0.0/0 indicates that all IP addresses are allowed.)
Step 6: Check Whether Traffic from the ECS Subnet Is Blocked
Check whether the network ACL of the NIC subnet blocks certain traffic from the subnet.
You can configure the network ACL on the VPC console. Make sure that the network ACL rules allow the traffic from the ECS subnet.
Submitting a Service Ticket
If the EIP still cannot communicate with the Internet after you perform all the steps above, submit a service ticket.
Provide the following information to technical support.
Item |
Description |
Example |
Value |
|---|---|---|---|
VPC CIDR block |
Required for gateway configuration |
Example: 10.0.0.0/16 |
N/A |
VPC ID |
N/A |
Example: 120b71c7-94ac-45b8-8ed6-30aafc8fbdba |
N/A |
CIDR block of subnet 1 (can be the same as the VPC CIDR block) |
N/A |
Example: 10.0.1.0/24 |
N/A |
ECS ID |
N/A |
N/A |
N/A |
ECS IP address |
N/A |
Example: 192.168.1.192/24 |
N/A |
ECS route information |
N/A |
N/A |
N/A |
EIP |
Required for the ECS to access the Internet |
Example: 10.154.55.175 |
N/A |
EIP bandwidth |
Maximum bandwidth size used by the ECS to access the Internet |
Example: 1 Mbit/s |
N/A |
EIP ID |
N/A |
Example: b556c80e-6345-4003-b512-4e6086abbd48 |
N/A |
Connectivity FAQs
- Does a VPN Allow Communication Between Two VPCs?
- Why Are Internet or Internal Domain Names in the Cloud Inaccessible Through Domain Names When My ECS Has Multiple NICs?
- What Are the Priorities of the Custom Route and EIP If Both Are Configured for an ECS to Enable the ECS to Access the Internet?
- Why Are There Intermittent Interruptions When a Local Host Accesses a Website Built on an ECS?
- Why Do ECSs Using Private IP Addresses in the Same Subnet Only Support One-Way Communication?
- Why Does Communication Fail Between Two ECSs in the Same VPC or Packet Loss Occur When They Communicate?
- Why Can't My ECS Use Cloud-init?
- Why Can't My ECS Access the Internet Even After an EIP Is Bound?
- Why Is My ECS Unable to Communicate at a Layer 2 or Layer 3 Network?
- How Do I Handle a BMS Network Failure?
- Why Does My ECS Fail to Obtain an IP Address?
- How Do I Handle a VPN or Direct Connect Connection Network Failure?
- Why Can My Server Be Accessed from the Internet But Cannot Access the Internet?
- Why Can't I Access Websites Using IPv6 Addresses After IPv4/IPv6 Dual Stack Is Configured?
- Why Does My ECS Fail to Communicate with Other After It Has Firewall Installed?
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbotmore
