Problem description
The Eni bound to the ECS instance cannot be accessed or cannot be pinged.
Causes
The system is configured with an SNAT entry.Ping 192.168.1.252
The SNAT packet is converted to 192.168.1.251. The source address of the quintuple returned packet is incorrect, resulting in ping failure.
Note:
- 192.168.1.251 is the IP address of the default network adapter.
- 192.168.1.252 is the IP address of the Eni.
- 192.168.1.2 is the IP address of the ECS instance used for testing.
Solution
-
Check whether the two ECS instances are in the same VPC. If not, connect to the VPC.
Note: You can use methods such as creating express connect to meet this requirement.
- Check whether the network types of the two ECS instances are the same. If not, enable the ClassLink function.
- Check whether the ECS Security group is connected.
- Check whether the system security policies block connections.
- Check the route table in the system to confirm that the route is correct.
- Check whether the NAT or other proxy services in the system are correctly configured.
Application scope
-
ECS