Instance IP Address Ping Failure
Last updated: 2019-08-13 20:04:09PDF
A failed ping test from a local server to an instance may be caused by incorrect destination server configuration, unsuccessful domain name resolution or linkage failure. The following describes how to troubleshoot this problem if the local network is normal (other websites can be pinged):
1. Check whether the instance is bound with a public IP.
Only an instance with public IP can access and be accessed by other computers on the Internet. An instance without public IP cannot be pinged outside the private IP. You can check the information of public IP on the instance details page in the console, as shown below. Bind an EIP to the instance if it is not bound with any public IP.
2. Check the security group configuration
Security group is a virtual firewall, which allows you to control the inbound and outbound traffic of the associated instance. You can specify protocols, ports and policies for the rules of a security group. Check whether the ICMP protocol that is used in ping test is allowed in the security group associated to the instance. You can view the information of the associated security group and its inbound/outbound rules in the Security Group tab of the instance details page.
3. Check the system configurations
Check kernel parameters and firewall settings on Linux
On Linux system, whether a ping test is allowed depends on both kernel and firewall configuration. If either of them blocks the ping test, "Request timeout" occurs.
Kernel parameter icmp_echo_ignore_all
icmp_echo_ignore_all indicates whether to ignore all ICMP Echo requests. 1: Disabled; 0: Enabled. Check icmp_echo_ignore_all configuration using the following command.
You can modify the configuration using echo command.
echo "1" >/proc/sys/net/ipv4/icmp_echo_ignore_all
Check the firewall rules of the CVM using iptables -L, and check whether ICMP-related rules are blocked.
Firewall settings on Windows
Go to Control Panel -> Windows Firewall Settings -> Advanced Settings to check whether inbound and outbound rules related to ICMP are blocked.