When a Global Accelerator (GA) instance experiences access failures, performance degradation, or configuration errors, instance diagnosis helps you identify the root cause without manually inspecting each component. It checks your instance across six categories — configurations, running status, resource limits, certificates, security policies, payment status, and service access — and surfaces actionable suggestions when exceptions are detected. You can also view previous diagnostic results.
Instance diagnosis is supported only on standard GA instances. Basic GA instances do not support this feature.
Prerequisites
Before you begin, ensure that you have:
Network Intelligence Service (NIS) activated. To activate it, go to the service activation page
The AliyunServiceRoleForNis service-linked role created. This role is created automatically the first time you run a diagnosis. For details, see Service-linked roles
A standard GA instance to diagnose. For details, see the "Create a standard GA instance" section in Create and manage standard GA instances
Run a diagnosis
Log on to the GA console.
On the Instances page, find the instance you want to diagnose and click Diagnose in the Monitor/Diagnostics column.
In the Instance Diagnostics panel, view the progress, summary, and details of the diagnostic task.
If an exception is detected, the affected diagnostic item appears in the panel. Click the item to view details.
To see all supported diagnostic items regardless of status, go to the Diagnostic Items section and select Show All Diagnostic Items. Expand each item to view details.
(Optional) Click Go to the NIS console to view diagnostic records to open the NIS console Overview page, where you can review the full diagnostic history and additional context.
Diagnostic items and details
The following table describes all diagnostic items supported by standard GA instances.
| Category | Diagnostic item | What it checks | Use this to |
|---|---|---|---|
| Configuration diagnostics | Check Instance Status | Whether the service status of the GA instance is normal | Confirm the instance itself is healthy before investigating other issues |
| Configuration Integrity | Whether the acceleration configurations of the GA instance are complete | Identify missing configurations — such as listeners or endpoint groups — that prevent traffic from flowing | |
| Configuration Correctness | Whether the configurations of the GA instance are valid | Catch misconfigured settings that cause routing failures even when the configuration appears complete | |
| Access Control | Whether network access control lists (ACLs) are configured as whitelists or blacklists for the instance | Verify that ACL rules are not accidentally blocking legitimate traffic. For details, see Enable access control for GA listeners | |
| Quota limit diagnostics | High Bandwidth Usage of Acceleration IP | Inbound and outbound bandwidth utilization of accelerated IP addresses | Detect whether an accelerated IP is approaching its bandwidth cap, which can degrade throughput for all users sharing that IP. View the risk level for each risk reported in the console |
| Packet Loss Rate Due to Throttling on Acceleration IP | Packet loss on accelerated IP addresses and the calculated packet loss rate | Confirm whether bandwidth throttling is causing packet loss on an accelerated IP. If this item and High Bandwidth Usage of Acceleration IP both report high risk for the same IP, throttling is actively causing packet loss — consider upgrading your bandwidth plan | |
| High Bandwidth Usage of Endpoint Group | Inbound and outbound bandwidth usage of endpoint group IP addresses | Identify endpoint groups that are saturating their allocated bandwidth, which affects all backends in the group | |
| Packet Loss Rate Due to Throttling on Endpoint Group | Packet loss on endpoint group IP addresses and the calculated packet loss rate | Determine whether packet loss at the endpoint group level is caused by throttling. If this item and High Bandwidth Usage of Endpoint Group both report high risk for the same endpoint group, consider increasing capacity | |
| Bandwidth Usage Check for Inter-region Connection | Bandwidth usage of inter-region connections | Monitor whether cross-region links are approaching saturation, which affects latency and throughput across acceleration regions | |
| Packet Loss Check for Inter-region Connection | Packet loss on inter-region connections and the calculated packet loss rate | Identify network instability on inter-region links that could explain access failures in specific acceleration regions | |
| Certificate diagnostics | Certification Expiration | Whether certificates for HTTPS listeners expire within 60 days | Get advance warning of certificate expiry before it causes HTTPS connection failures. For details, see Associate and manage certificates |
| Security policy diagnostics | Anti-DDoS Origin Basic Status | Whether accelerated IP addresses are protected by Anti-DDoS Origin Basic, and whether traffic scrubbing or blackholing is triggered | Identify whether a DDoS mitigation response — scrubbing or blackholing — is causing traffic drops on an accelerated IP |
| Interception by Cloud Firewall | Whether network activities related to accelerated IP addresses are protected by Cloud Firewall | Determine whether Cloud Firewall policies are blocking traffic that should reach your endpoints | |
| Penalty for Security Control | Whether network activities related to accelerated IP addresses are punished by Security Control of Alibaba Cloud Security | Check whether a security penalty is restricting traffic on your accelerated IPs | |
| Suspension for Security Reasons | Whether accelerated IP addresses are suspended due to security risks | Quickly confirm whether an IP suspension is the root cause of a sudden access failure | |
| Cost diagnostics | Alerts for Overdue Payments | Whether the GA instance or bandwidth plans have overdue payments | Catch payment issues before they trigger service suspension |
| Alerts for Expiration | Whether the GA instance expires within seven days | Plan renewals in advance to avoid unexpected service interruptions | |
| Access diagnostics | Health Check Status | The health status of endpoints | Identify which endpoints are unhealthy and causing traffic to fail over or drop. For details, see Enable and manage health checks |
| Access Errors | Whether the backend service returns timeout errors or error codes | Pinpoint whether access failures originate at the backend rather than in the network or GA configuration | |
| Traffic Check | Whether traffic is flowing from the Internet to the GA instance, based on access logs from the acceleration region | Verify end-to-end traffic arrival. If no inbound traffic is detected, the check indicates an access failure at the entry point. For details, see Work with access logs |
What's next
For more information about NIS diagnostics and how to review historical diagnostic records, see Work with instance diagnostics.