All Products
Search

This Product

    :What do I do if the "Network is unreachable" error message appears when I access a public IP address from a Linux ECS instance?

    Document Center

    :What do I do if the "Network is unreachable" error message appears when I access a public IP address from a Linux ECS instance?

    Last Updated:Aug 01, 2024

    This topic describes how to troubleshoot the issue that the "Network is unreachable" error message appears when you access a public IP address from a Linux Elastic Compute Service (ECS) instance.

    Problem description

    When you access a public IP address from a Linux ECS instance, the Network is unreachable error message appears.

    Cause

    The default route of the instance is missing, and the system cannot find the destination IP address of packets. This causes the Internet access to fail.

    Solution

    For ECS instances in a virtual private cloud (VPC), we recommend that you use Dynamic Host Configuration Protocol (DHCP) to obtain dynamic IP addresses and default route configurations. This prevents most network issues caused by missing default routes due to improper static IP configurations.

    For information about how to change a static IP address to a dynamic IP address, see DHCP configuration check and repair for local network interface controller of Linux instances.

    Step 1: Obtain the IP address of the default gateway

    If the instance cannot access any IP addresses other than the IP address on the instance, obtain the IP address of the default gateway from other instances connected to the same vSwitch as the instance. Perform the following operations:

    1. Log on to a healthy instance that is connected to the same vSwitch as the problematic instance.

    2. Run the following command to view the network interface controller (NIC) connected to the vSwitch and record the MAC address: 

      ip addr

      The command output similar to the following one is displayed. The primary NIC named eth0 is connected to the same vSwitch as the problematic instance, and the MAC address of the NIC is 00:16:52:07:**:**. 

      1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:**:**:**:** brd 00:00:**:**:**:**
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:16:52:07:**:** brd ff:ff:ff:ff:ff:ff
    inet 172.16.*.***/24 brd 172.16.2.255 scope global eth0
       valid_lft 311974909sec preferred_lft 311974909sec
    inet6 fe80::216:52ff:fe07:1306/64 scope link 
       valid_lft forever preferred_lft forever

    3. Run the following command to obtain the default gateway IP address from the instance metadata server.

      Note

      If the problematic instance can ping the 100.100.100.200 IP address of the instance metadata server, you can run the following command on the problematic instance to select the primary NIC named eth0 as the default egress. You can select another NIC based on your business requirements. 

      curl http://100.100.100.200/latest/meta-data/network/interfaces/macs/[$MAC_Address]/gateway
      Note

      Replace the [$MAC_Address] parameter with the MAC address that you obtained in the previous step.

    Step 2: Configure a default route

    If you temporarily configure a default route, you do not need to modify the NIC configuration or restart the network service. However, the default route configuration becomes invalid after the system is shut down or restarted.

    Configure a temporary default route

    1. Run the following command to add a default route to the routing table: 

      ip route add default via [$Gateway_IP] dev [$Network]
      Note

      • Replace the [$Gateway_IP] parameter with the default gateway IP address that you obtained in Step 1.

      • Replace the [$Network] parameter with the NIC that has the default gateway IP address, which you queried on the other instance connected to the same vSwitch as the problematic instance.

    2. Run the following command to query the routing table. Check whether the default route is added to the routing table. 

      ip route

      A command output similar to the following one is displayed: 

      default via 172.16.2.253 dev eth0 
10.64.0.0/10 via 172.16.2.253 dev eth0
169.254.0.0/16 dev eth0 scope link metric 1002 
172.16.2.0/24 dev eth0 proto kernel scope link src 172.16.2.248
      Note

      In the preceding command output, the default gateway is set to 172.16.2.253 and the default egress NIC is set to eth0 that is the primary NIC.

    Configure a consistent default route

    If you want to configure a consistent default route, you must modify the configuration file of the NIC. To allow the change to the configuration file to immediately take effect, you must restart the network service, which may cause network interruptions. In the following example, CentOS 7.9 is used. For other Linux distributions, refer to the corresponding system documentation and network configuration documentation.

    1. Open the /etc/sysconfig/network-scripts/ifcfg-eth0 configuration file of the NIC that serves as the default egress. Enter the gateway information recorded in the preceding steps into the configuration file, and then save and close the file. For example, the primary NIC named eth0 is used as the default egress, and the gateway IP address is 172.16.2.253. 

      DEVICE=eth0
TYPE=Ethernet
BOOTPROTO=static
ONBOOT=yes
STARTMODE=auto
IPADDR=172.16.2.248
NETMASK=255.255.255.0
GATEWAY=172.16.2.253

    2. Run the following command to restart the network service: 

      systemctl restart network