Diagnose network connectivity - Deployment & Maintenance| Alibaba Cloud Documentation Center

Elastic Compute Service (ECS) Network Connectivity Diagnostics is a feature that allows you to diagnose the network connectivity between diagnostic objects in the cloud and identify the causes of network connectivity issues. This topic describes the ECS Network Connectivity Diagnostics feature and how to use this feature.

Prerequisites

The following requirements are met:

If you want to use instances or elastic network interfaces (ENIs) as diagnostic objects, make sure that the instances or ENIs are in the Running state.
If you want to use secondary ENIs as diagnostic objects, make sure that the ENIs are bound to instances. For more information, see Bind an ENI.

If you diagnose an instance in a scenario where the operating system configurations of the instance are checked, the instance operating system meets the requirements described in the following table.


Operating system architecture	Operating system version	Operating system configuration
x86_64-bit	Windows Server 2008 or later Alibaba Cloud Linux 2/3 AlmaLinux 8.x Anolis OS 7.x/8.2 CentOS 7.x/8.x CentOS Stream 8 Debian 8.x/9.x/10.x Fedora 33/34 OpenSUSE 15.x/42.x Rocky Linux 8.x SUSE Linux 12.x/15.x Ubuntu 20.04	Python: Python 3.6 to 3.9 Python 2.7 The Cloud Assistant client is installed on the instance. For more information, see Install the Cloud Assistant client.

Background information

To use the ECS Network Connectivity Diagnostics feature, perform the following steps:

Specify a path.
Each path includes all information required to execute a diagnostic task, such as a virtual private cloud (VPC) and diagnostic objects (instances, ENIs, or public IP addresses). You can create or clone a path. For more information, see Create a path and Clone a path.
Initiate a diagnostic task.
A diagnostic task is a diagnosis performed to check the real-time network connectivity between the source and destination diagnostic objects configured in a path. After a path is created or cloned, the system immediately initiates a diagnostic task for the path. You can also manually initiate a diagnostic task for an existing path. For more information, see Diagnose a path.
View diagnostic results.
In the diagnostic task list, you can view the results and details of diagnostic tasks. For more information, see Manage diagnostic tasks.

Note The ECS Network Connectivity Diagnostics feature is used as an auxiliary tool to provide insight into critical network connectivity configurations, but its diagnostic results cannot indicate whether communication over networks is allowed or denied.

When you create a path and initiate a diagnostic task, the system checks whether the AliyunServiceRoleForECSNetworkInsights service-linked role exists. If the role does not exist, the system creates the role. For more information, see Manage the service-linked role for ECS Network Connectivity Diagnostics.

The following table describes the quotas on paths and diagnostic tasks.


Item	Limit	Adjustable
Diagnostic paths within a single region	100	N/A
Diagnostic tasks within a single region	1,000	N/A
Diagnostic tasks that can be concurrently executed within a single region	5	N/A

Create a path

Log on to the ECS console.
In the left-side navigation pane, click Troubleshooting.
In the top navigation bar, select a region.
Click the Network Connectivity Diagnostics tab.
Click Create Path.

Configure the parameters described in the following table and click Create.


Parameter	Description
Path Name	Enter a name for the path. The name must be 2 to 128 characters in length and can contain letters, digits, periods (`.`), underscores (`_`), hyphens (`-`), and colons (`:`). It cannot start with a special character, a digit, `http://`, or `https://`.
VPC	Select a VPC. At least one of the diagnostic objects is an ECS instance or ENI that is located in a VPC.
Source and Destination	Select a diagnostic object type and then specify a source diagnostic object and a destination diagnostic object. Valid values for the diagnostic object type: ECS Instance: existing ECS instances. The source and the destination diagnostic objects cannot be the same instance. NIC: existing ENIs. The source and destination diagnostic objects cannot be the same ENI or the ENIs that are bound to the same instance. Public IP Address: public IP addresses. You can manually enter public IP addresses as diagnostic objects. The source and the destination diagnostic objects cannot be public IP addresses at the same time.
Destination Port and Protocol	Specify the destination port and protocol. The supported destination port is determined by the selected protocol. If you set Protocol to Custom TCP or Custom UDP, select a port from the drop-down list or enter a port number for Destination Port. SSH (22), Telnet (23), HTTP (80), HTTPS (443), MS SQL (1433), Oracle (1521), MySQL (3306), RDP (3389), PostgreSQL (5432), and Redis (6379) are displayed on the drop-down list. If you set Protocol to All ICMP(IPv4) or All GRE, Destination Port is automatically set to -1.

After the path is created, the system initiates a diagnostic task to diagnose the network connectivity over the specified protocol from the source diagnostic object to the specified port of the destination diagnostic object.

Note It takes a few minutes for a diagnostic task to be completed. You can view the state and diagnostic result of a diagnostic task in the path list. Alternatively, you can go to the details page of the path to view the state and diagnostic result of the task in the diagnostic task list. For more information, see Manage diagnostic tasks.

Clone a path

You can clone an existing path and modify some settings, such as the source or destination diagnostic object, to quickly create a path.

Log on to the ECS console.
In the left-side navigation pane, click Troubleshooting.
In the top navigation bar, select a region.
Click the Network Connectivity Diagnostics tab.
Click Clone in the Actions column corresponding to a path.

Configure the parameters described in the following table and click Create.


Parameter	Description
Path Name	Enter a name for the path. The name must be 2 to 128 characters in length and can contain letters, digits, periods (`.`), underscores (`_`), hyphens (`-`), and colons (`:`). It cannot start with a special character, a digit, `http://`, or `https://`.
VPC	Select a VPC. At least one of the diagnostic objects is an ECS instance or ENI that is located in a VPC.
Source and Destination	Select a diagnostic object type and then specify a source diagnostic object and a destination diagnostic object. Valid values for the diagnostic object type: ECS Instance: existing ECS instances. The source and the destination diagnostic objects cannot be the same instance. NIC: existing ENIs. The source and destination diagnostic objects cannot be the same ENI or the ENIs that are bound to the same instance. Public IP Address: public IP addresses. You can manually enter public IP addresses as diagnostic objects. The source and the destination diagnostic objects cannot be public IP addresses at the same time.
Destination Port and Protocol	Specify the destination port and protocol. The supported destination port is determined by the selected protocol. If you set Protocol to Custom TCP or Custom UDP, select a port from the drop-down list or enter a port number for Destination Port. SSH (22), Telnet (23), HTTP (80), HTTPS (443), MS SQL (1433), Oracle (1521), MySQL (3306), RDP (3389), PostgreSQL (5432), and Redis (6379) are displayed on the drop-down list. If you set Protocol to All ICMP(IPv4) or All GRE, Destination Port is automatically set to -1.

After a path is cloned, the system initiates a diagnostic task to diagnose the network connectivity over the specified protocol from the source diagnostic object to the specified port of the destination diagnostic object.

Diagnose a path

You can manually initiate a diagnostic task for an existing path. However, each path can have only a single diagnostic task ongoing. If a diagnostic task is being executed on a path, no other diagnostic tasks can be initiated for the path.

Log on to the ECS console.
In the left-side navigation pane, click Troubleshooting.
In the top navigation bar, select a region.
Click the Network Connectivity Diagnostics tab.
Click Diagnose in the Actions column corresponding to a path.
Click Continue.

Manage diagnostic tasks

The latest diagnostic results are displayed for paths in the path list. However, you may want to view diagnostic task details or historical diagnostic tasks. For example, when Unconnectable is displayed as the diagnostic result for a path, you may want to look into the details of the diagnostic task for the cause of this issue. This section describes how to manage diagnostic tasks.

Note The records of a limited number of diagnostic tasks can be retained for each path. We recommend that you delete diagnostic tasks that are no longer needed on a regular basis.

Log on to the ECS console.
In the left-side navigation pane, click Troubleshooting.
In the top navigation bar, select a region.
Click the Network Connectivity Diagnostics tab.
Click the ID of a path.
Perform the following operations based on your business requirements:
- To initiate a diagnostic task, click Diagnose and click Continue.
- To delete a diagnostic task, find the task and click Delete in the Actions column. Then, click Continue.
- To view details of a specific diagnostic task, click the icon in the Diagnosis List section on the details page of the task.
  
  Note For more information about diagnostic items, see Diagnostic items of ECS Network Connectivity Diagnostics.
  
  Figure 1. Details of a sample diagnostic task whose result is Connectable
  
  Figure 2. Details of a sample diagnostic task whose result is Unconnectable

Delete a path

Log on to the ECS console.
In the left-side navigation pane, click Troubleshooting.
In the top navigation bar, select a region.
Click the Network Connectivity Diagnostics tab.
Click Delete in the Actions column corresponding to a path.
Click Continue.