Common network issues - Cloud Backup - Alibaba Cloud Documentation Center

This topic describes the common network issues that may occur in Cloud Backup clients.

Background information

When you install an Cloud Backup client in various on-premises environments that are not in an Alibaba Cloud virtual private cloud (VPC), you may encounter various unknown and complex network issues. Examples: The firewall blocks the connections to domain names or ports and causes backup failures. The firewall limits the network transmission speed and causes some requests to time out. The network behavior detection tool detects and modifies the content of some HTTP requests. If the upstream bandwidth is insufficient, request timeout or backup failure occurs.

Overview

Issue

Diagnostic tool

Client log

Analysis and solution

The following error message is displayed in the console: Failed to open the backup vault.

The following issues are detected by the diagnostic tool:

i/o timeout
An existing connection was forcibly closed by the remote host
No connection could be made because the target machine actively refused it.

The following error messages appear in client logs:

i/o timeout
An existing connection was forcibly closed by the remote host
No connection could be made because the target machine actively refused it.

The request from the Cloud Backup client to a domain name fails. Possible causes:

The firewall rules disable specific domain names or ports.
The network bandwidth is insufficient.
The upstream or downstream bandwidth is throttled.
A large number of backup jobs are running concurrently, which occupies the bandwidth.
Antivirus software may affect the backup service.
The proxy configured for the local host does not work properly.
The network behavior detection tool detects illegal content and denies the request.
The Express Connect circuit fails.
The virtual private network (VPN) or the Cloud Enterprise Network (CEN) instance fails.

For more information about how to troubleshoot these issues, see Troubleshoot request failures.

The following error message is displayed in the console: Failed to open the backup vault.

The following issues are detected by the diagnostic tool:

This is usually a temporary error during hostname resolution and means that the local server did not receive a response from an authoritative server.

The following error message appears in client logs:

This is usually a temporary error during hostname resolution and means that the local server did not receive a response from an authoritative server.

A domain name fails to be resolved by the DNS server. Possible causes:

The DNS server cannot be connected or a timeout error occurs.
The configuration of the DNS server is invalid.
The firewall or network rules deny access.

For more information about how to troubleshoot these issues, see Troubleshoot DNS resolution failures.

Troubleshoot request failures

Check the connectivity of the network and the domain name and port of the Cloud Backup client.
1. Check the firewall rules of your network.
  Configure a whitelist or Allow rule for the domain name and port of the Cloud Backup client.
  If the domain name detected by the diagnostic tool starts with http, check the domain name and port 80. If the domain name starts with https, check the domain name and port 443.
2. Check whether antivirus software is running.
  Antivirus software may affect the normal running of the Cloud Backup client process and cause exceptions. We recommend that you disable the antivirus software and try again.
3. Check whether an HTTP, SOCKS5, or TCP proxy is configured and whether the proxy works properly.
  The proxy must be able to act as an intermediary by using the domain name and port of the Cloud Backup client.
4. If you use a CEN instance to implement network interconnection, contact CEN technical support to make sure that the domain name and port of the Cloud Backup client are accessible.
5. If you use an Alibaba Cloud VPN gateway to implement network interconnection, contact VPN Gateway technical support to make sure that the domain name and port of the Cloud Backup client are accessible.
Run the telnet command to access the domain name and port, and check the upstream bandwidth available for data backup or downstream bandwidth available for data restoration in the current network.
The domain name can be the public domain name of the control network detected by the Diagnostic tool for Cloud Backup clients. For example, you can run the following telnet command to access the domain name and port:
```
telnet post-cn-mp90rcien05.mqtt.aliyuncs.com 80
```
1. If the network is monitored, check the network traffic at the point in time when data is backed up or restored.
2. If you use the Internet, we recommend that you consult the carrier or network administrator to obtain the network traffic information.
3. If you use CEN or VPN Gateway, check the bandwidth and view the monitoring data in the CEN or VPN Gateway console.
Check whether the current bandwidth is insufficient based on the bandwidth and the number of concurrent jobs.
For example, the upstream bandwidth is 20 MB/s, whereas only 10 MB/s is available for data backup. If the data volume is large, request failures may occur.
If you cannot obtain the accurate information about the bandwidth (especially the upstream bandwidth), we recommend that you run the probe command in ossutil to check the network traffic.
1. Obtain the domain name and AccessKey pair.
  The domain name can be the public domain name of the control network detected by the Diagnostic tool for Cloud Backup clients.
2. Download and install ossutil.
  For more information, see Download and install ossutil.
3. Check the upload bandwidth.
  Create a temporary bucket named examplebucket, upload a temporary object to examplebucket, and obtain a recommended number of concurrent upload jobs based on the hardware specification of the current device and the upload bandwidth. Sample command:
```
./ossutil64 probe --probe-item upload-speed --bucketname examplebucket
```
  Sample output:
```
cpu core count:2 
parallel:2,average speed:679.72(KB/s),current speed:1344.00(KB/s),max speed:1440.00(KB/s)) 
parallel:3,average speed:643.31(KB/s),current speed:704.00(KB/s),max speed:1632.00(KB/s)) 
parallel:4,average speed:646.62(KB/s),current speed:512.00(KB/s),max speed:1600.00(KB/s)) 
suggest parallel is 2, max average speed is 679.72(KB/s)
```
If you have confirmed that the request failure is caused by insufficient bandwidth, we recommend that you perform the following operations.
1. Increase the bandwidth.
2. Configure the retry_times and retry_interval parameters to increase the interval and number of timeout retries. This allows you to increase the probability of successful backup.
  For more information about how to configure the retry_times and retry_interval parameters, see the FAQ section in Back up files from ECS instances.
3. Adjust the execution time of backup jobs to perform backups when the network is idle.
4. If you have multiple Cloud Backup clients and backup jobs, schedule the execution time of backup jobs to make full use of the bandwidth.

Troubleshoot DNS resolution failures

Check the DNS configuration of the local host.
If no private DNS server is configured, we recommend that you set the Alibaba Cloud public DNS address 223.5.5.5.
Check the firewall rules. Configure a whitelist or Allow rule for the domain name and port of the Cloud Backup client.
Consult the network administrator and confirm whether other limits are configured.
Make sure that the domain name detected by the diagnostic tool can be resolved and run the backup plan again.