Instance IP Address Ping Failure

Last updated: 2019-08-13 20:04:09

PDF

A failed ping test from a local server to an instance may be caused by incorrect destination server configuration, unsuccessful domain name resolution or linkage failure. The following describes how to troubleshoot this problem if the local network is normal (other websites can be pinged):

1. Check whether the instance is bound with a public IP.

Only an instance with public IP can access and be accessed by other computers on the Internet. An instance without public IP cannot be pinged outside the private IP. You can check the information of public IP on the instance details page in the console, as shown below. Bind an EIP to the instance if it is not bound with any public IP.

2. Check the security group configuration

Security group is a virtual firewall, which allows you to control the inbound and outbound traffic of the associated instance. You can specify protocols, ports and policies for the rules of a security group. Check whether the ICMP protocol that is used in ping test is allowed in the security group associated to the instance. You can view the information of the associated security group and its inbound/outbound rules in the Security Group tab of the instance details page.

3. Check the system configurations

Check kernel parameters and firewall settings on Linux

On Linux system, whether a ping test is allowed depends on both kernel and firewall configuration. If either of them blocks the ping test, "Request timeout" occurs.

Kernel parameter icmp_echo_ignore_all

icmp_echo_ignore_all indicates whether to ignore all ICMP Echo requests. 1: Disabled; 0: Enabled. Check icmp_echo_ignore_all configuration using the following command.

cat /proc/sys/net/ipv4/icmp_echo_ignore_all


You can modify the configuration using echo command.

echo "1" >/proc/sys/net/ipv4/icmp_echo_ignore_all

Firewall settings

Check the firewall rules of the CVM using iptables -L, and check whether ICMP-related rules are blocked.

Firewall settings on Windows

Go to Control Panel -> Windows Firewall Settings -> Advanced Settings to check whether inbound and outbound rules related to ICMP are blocked.