Help Center/ Virtual Private Cloud/ FAQs/ Connectivity/ Why Can't My ECS Access the Internet Even After an EIP Is Bound?

Updated on 2025-01-17 GMT+08:00

View PDF

Why Can't My ECS Access the Internet Even After an EIP Is Bound?

Symptom

An ECS with an EIP bound cannot access the Internet.

Troubleshooting

Checking Whether EIPs Are Blocked or Frozen

Check whether the EIP is blocked. For details, see How Do I Unblock an EIP?

Check whether the EIP is frozen. For details, see Why My EIPs Are Frozen? How Do I Unfreeze My EIPs?

Checking EIP Connectivity

Figure 1 shows the networking diagram for an ECS to access the Internet using an EIP.

Figure 1 EIP network diagram

Locate the fault based on the following procedure.

Figure 2 Troubleshooting procedure

Step 1: Check Whether the ECS Is Running Properly
Step 2: Check Whether the Network Configuration of the ECS Is Correct
Step 3: Check Whether an EIP Has Been Assigned and Bound to the ECS
Step 4: Check Whether an EIP Is Bound to the Primary Network Interface of the ECS
Step 5: Check Whether Required Security Group Rules Have Been Configured
Step 6: Check Whether Traffic from the ECS Subnet Is Blocked

Step 1: Check Whether the ECS Is Running Properly

Check the ECS status.

If the ECS status is not Running, start or restart the ECS.

Figure 3 ECS status

Step 2: Check Whether the Network Configuration of the ECS Is Correct

Check whether the ECS's network interface has an IP address assigned.
Log in to the ECS, and run ifconfig or ip address to check the IP address of the ECS's network interface.

If both the primary and extended network interfaces of an ECS have an EIP bound, check whether the ECS has policy-based routes configured. If policy-based routes are not configured, refer to Configuring Policy-based Routes for a Linux ECS with Multiple Network Interfaces (IPv4/IPv6).

If the ECS runs Windows, run ipconfig.
Check whether the ECS's network interface has a virtual IP address.
Log in to the ECS, and run ifconfig or ip address to check whether the ECS's network interface has a virtual IP address. If the ECS's network interface has no virtual IP address, run the ip addr add <virtual-IP-address> eth0 command to configure an IP address for the ECS's network interface.

Figure 4 Virtual IP address of a network interface

Check whether the ECS's network interface has a default route. If there is no default route, run ip route add to add one.

Figure 5 Default route

Step 3: Check Whether an EIP Has Been Assigned and Bound to the ECS

Check whether an EIP has been assigned and bound to the ECS. If no EIP has been assigned, assign an EIP and bind it to the ECS.

The ECS shown in Figure 6 has no EIP bound. It only has a private IP address bound.

Figure 6 EIP status

Step 4: Check Whether an EIP Is Bound to the Primary Network Interface of the ECS

Check whether an EIP is bound to the primary network interface of the ECS. If there is no EIP bound to the primary network interface of the ECS, bind one.

You can view the network interface details by clicking the Network Interfaces tab on the ECS details page. By default, the first record in the list is the primary network interface.

As shown in the following figure, the EIP is bound to the primary network interface.

Figure 7 Checking whether the EIP is bound to the primary network interface of the ECS

Step 5: Check Whether Required Security Group Rules Have Been Configured

For details about how to add security group rules, see Adding a Security Group Rule.

If security group rules have not been configured, configure them based on your service requirements. (The remote IP address indicates the allowed IP address, and 0.0.0.0/0 indicates that all IP addresses are allowed.)

Step 6: Check Whether Traffic from the ECS Subnet Is Blocked

Check whether the network ACL associated with the subnet of the ECS's network interface blocks traffic.

You can configure the network ACL on the VPC console. Make sure that the network ACL rules allow the traffic from the ECS subnet.

Submitting a Service Ticket

If the EIP still cannot communicate with the Internet after you perform all the steps above, submit a service ticket.

Provide the following information to technical support.

Item	Description	Example	Value
VPC CIDR block	Required for gateway configuration	Example: 10.0.0.0/16	N/A
VPC ID	N/A	Example: 120b71c7-94ac-45b8-8ed6-30aafc8fbdba	N/A
CIDR block of subnet 1 (can be the same as the VPC CIDR block)	N/A	Example: 10.0.1.0/24	N/A
ECS ID	N/A	N/A	N/A
ECS IP address	N/A	Example: 192.168.1.192/24	N/A
ECS route information	N/A	N/A	N/A
EIP	Required for the ECS to access the Internet	Example: 10.154.55.175	N/A
EIP bandwidth	Maximum bandwidth size used by the ECS to access the Internet	Example: 1 Mbit/s	N/A
EIP ID	N/A	Example: b556c80e-6345-4003-b512-4e6086abbd48	N/A

Parent topic: Connectivity

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.

Chatbot