This tutorial describes the causes for why the client cannot access an SLB instance and the troubleshooting methods.
|1||For Layer-4 SLB service, a backend ECS instance cannot directly provide service for clients and function as the backend server of the SLB service at the same time.||-|
|2||Health check exception.||For more information, see Troubleshoot the health check exception of a Layer-4 listener (TCP/UDP) and Troubleshoot a health check exception of a Layer-7 listener (HTTP/HTTPS).|
|3||Using FTP, tftp, h323, sip and related protocols through SLB is not supported.||
|4||The intranet firewall of the server does not allow Port 80.||You can run the following commands to temporarily disable the firewall.
|5||Backend port exception.||
|6||The rp_filter feature conflicts with the policy route of the bottom-layer LVS of SLB.||
Run the following command on the server. If you can see the monitoring information of 10.1.1.192.1: 80, or the monitoring information of 0.0.0.0: 80, the listening function of the ports is normal.
|8||No listener is added to the SLB instance.||Configure a listener. For more information, see Configure a listener.|
|9||The SLB cannot be accessed through the domain name. Therefore, an error may occur in domain name resolution.||-|
|10||Exception of the local network of the client or exception of the intermediate link of the service provider.||Perform access tests on the service port of SLB in different regions and network environments.
If the exception only occurs when it is accessed from the local network, the problem is caused by a network exception. In this case, you can do further troubleshooting and analysis through ongoing ping tests or MTR route tracing.
|11||The client IP address is blocked by Alibaba Cloud Security.||
|12||When the SLB returns to Anti-DDoS Basic after using Anti-DDoS Pro, the whitelist is not disabled.||Disable the ACL whitelist.|
|If the problem persists, open a ticket and submit the following details so that we can help you solve the problem more efficiently: