If an EIP is unreachable, run instance diagnosis, Reachability Analyzer, and traffic analysis to troubleshoot connectivity and configuration issues.
Prerequisites
-
You have activatedNetwork Intelligence Service (NIS).
-
When you run a diagnosis for the first time, the system automatically creates the service-linked role
AliyunServiceRoleForNisto obtain the required permissions.
Instance diagnosis
Run automated health checks on an EIP to identify issues related to configuration, capacity, security, and billing, and receive remediation suggestions.
-
Go to the EIP console, select a region, and then click the ID of the target EIP.
-
On the Diagnose tab, run a diagnosis. You can select Show All Diagnostic Items to view all diagnostic results. You can also go to the NIS instance diagnosis page to view historical results.
-
To further investigate issues related to public network ISPs, click Internet Diagnostics at the bottom of the page. You can then set an access region to check the public network connectivity to the target EIP from ISPs both within and outside the Chinese mainland.
Reachability Analyzer
If an EIP is unreachable, you can use Reachability Analyzer to test the connectivity between the EIP and a destination resource and diagnose network configuration issues. The analysis does not send real data packets or affect your services.
-
Go to the EIP console, select a region, and in the Diagnose column of the target EIP, click .
-
Select the Source and Destination resources, configure the Protocol, Destination Port, and an analysis name, and then click Start Analyzing.
-
After the analysis is complete, Reachability Analyzer displays a hop-by-hop virtual network path from the source to the destination. If the path is blocked, the analyzer identifies the blocking point and its cause.
Traffic analysis
EIPs integrate with the public traffic analysis feature of NIS. You can use an NIS traffic analyzer to view the volume and ranking of inbound and outbound EIP traffic, displayed as 2-tuples or 5-tuples. You can use this traffic data and monitoring metrics to troubleshoot issues.
The traffic analysis feature on the EIP monitoring page is part of the NIS traffic analyzer and requires NIS activation. If NIS is not activated, the traffic analysis status on the EIP monitoring page is displayed as "Not activated". For activation instructions, see the Prerequisites section of this topic.
During its public preview, NIS traffic analysis was automatically enabled for some accounts, allowing them to view data without manual activation. After the commercial release, all new accounts must manually activate NIS to use this feature.
-
Traffic analyzers provide analysis services by detecting Internet traffic in VPC flow logs. VPC flow logs only collect traffic information from Elastic Network Interfaces (ENIs). In Internet scenarios, traffic analyzers cannot guarantee collection of the Internet traffic of IP Target and Classic Load Balancer (CLB).
-
VPC flow logs only support traffic collection at three granularity levels: VPC, switch, and ENI. Collection of only Internet traffic is not yet supported. If you want to obtain all Internet traffic analysis data using a traffic analyzer, we recommend that you enable traffic analysis for the corresponding VPC as needed. The traffic analyzer will provide Internet traffic analysis services by parsing Internet traffic in VPC network logs. If you want to obtain traffic analysis data for a specific public IP address, you can enable traffic analysis for the ENI to which the public IP address is mounted.
-
Create VPC Flow Logs as a data source. To collect traffic data from an elastic network interface (ENI) that is bound to an EIP, set Resource Type and Resource Instance to the target ENI.
Self-service troubleshooting
Go to the self-service troubleshooting page, select an issue category, and follow the on-page guidance to find relevant documentation and recommended actions.