The instance diagnostics feature can be used to comprehensively analyze cloud service instances. For example, the instance diagnostics feature can be used to analyze the configurations, status, fees, and security policies of instances. In addition, the feature provides you with diagnostic results and suggestions on fixing issues.
Background information
You can use the instance diagnostics feature to analyze the following types of instances:
Classic Load Balancer (CLB) instances
Application Load Balancer (ALB) instances
Network Load Balancer (NLB) instances
NAT gateways
Elastic IP addresses (EIPs)
Global Accelerator (GA) instances
VPN gateways
Virtual border routers (VBRs)
Transit routers
Analyze an instance
Log on to the NIS console.
In the left-side navigation pane, choose .
On the Instance Diagnostics page, click Diagnose Instance.
If this is the first time that you analyze an instance, the system automatically creates the service-linked role AliyunServiceRoleForNis. For more information, see Service-linked roles.
In the Instance Health Diagnostics dialog box, configure the parameters described in the following table and click Start.
Parameter
Description
Type
The type of the instance that you want to analyze. Valid values:
CLB: CLB instances
ALB: ALB instances
NLB: NLB instances
NAT Gateway: enhanced Internet NAT gateways
EIP: EIPs
Global Accelerator: GA instances
VPN: VPN gateways
Virtual Border Router: VBRs
Transit Router: transit routers
Region
The region of the instance that you want to analyze.
Instance
The instance that you want to analyze in the specified region.
In the Diagnostic Details panel, view the progress, summary, and details about the analysis of the instance.
For example, you select a CLB instance that is created in the China (Qingdao) region, and no listener is configured for the CLB instance. After the system analyzes the instance, the Diagnostic Details panel displays the following message: Some diagnostic items of the instance show anomalies. Resolve the issues at the earliest opportunity.
In the Diagnostic Items section of the Diagnostic Details panel, you can select Show All Diagnostic Items to view all diagnostic items of the instance and the diagnostic results of these items. For more information, see the Diagnostic items section of this topic.
(Optional) If you want to check the Internet connectivity between an EIP and an Internet service provider (ISP), perform the following steps:
In the Diagnostic Details panel, click Internet Diagnostics.
In the dialog box that appears, select an option from the Access Area drop-down list and click OK.
To check the Internet connectivity between ISPs in the Chinese mainland and the EIP that you want to analyze, set the Access Area parameter to Chinese Mainland. To check the Internet connectivity between ISPs outside the Chinese mainland and the EIP that you want to analyze, set the Access Area parameter to Outside Chinese Mainland. If access fails, the system provides you with possible causes, as well as suggestions on how to solve the issues.
Diagnostic items
The following table describes the main diagnostic items.
Item | Description |
Health check diagnostics | Checks the health check status of the listeners for Server Load Balancer (SLB) instances. |
Configuration diagnostics | Checks the status and configurations of instances. |
Quota diagnostics | Checks whether the bandwidth exceeds the quota and checks the packet loss, the number of connections, the number of queries, and the bandwidth utilization. |
Certificate diagnostics | Checks whether the certificates of instances are valid. |
Security policy diagnostics | Checks whether relevant security policies are added to instances. These security policies include Anti-DDoS Basic protection, Cloud Firewall interception, and Security Control punishment. |
Fee diagnostics | Checks whether instances are about to expire or overdue. |
Access diagnostics | Checks the number of connections, percentage of handshake failures, bandwidth, and distribution of error codes during service access. |
Route diagnostics | Checks whether the routes of network instances connected to the same transit router overlap with each other and whether the destination-based routes of transit routers match the destination-based routes of virtual private clouds (VPCs). |
For more information about the diagnostic items for different types of instances, see
Related operations
You can perform the following operations on the Instance Diagnostics page:
View a diagnostic report
Find the instance whose diagnostic report you want to view and click View Report in the Actions column. Then, you can view the report in the Diagnostic Details panel.
Analyze an instance again
To analyze an instance again, click Re-diagnose in the Actions column of the instance.
Delete the diagnostic records of an instance
To delete all diagnostic records of an instance, click Delete in the Actions column of the instance. In the message that appears, click OK.
FAQ
Can the instance diagnostics feature analyze the historical status of an instance within a specified period of time?
No, the instance diagnostics feature cannot analyze the historical status of an instance within a specified time period.
This feature can analyze the status of an instance only within the last 15 minutes.
For example, an EIP becomes unavailable at 09:00 and recovers at 09:30. If you analyze the EIP at 10:00, the feature can analyze the status of the EIP only from 09:45 to 10:00. The feature cannot identify the cause of exceptions that occur from 09:00 to 09:30.
Why does the diagnostic result show that the status of the health check feature is abnormal after I analyze a CLB instance that is configured with health checks? Can I use the instance diagnostics feature to identify the cause of an exception?
You can use the instance diagnostics feature to analyze the health check status of the listeners that are configured for a CLB instance. If health checks are not configured or a backend server is unhealthy, the health check status of the CLB instance is abnormal.
If the health check status of a CLB instance is abnormal, you can use the further diagnostics feature to identify the cause. For example, if backend services are not enabled on the listener ports of your CLB instance or network filtering settings such as iptables are configured in the operating systems of the backend servers that are associated with your CLB instance, you can use the further diagnostics feature to identify the cause.
Why am I unable to use the further diagnostics feature for specific CLB instances?
You can use the further diagnostics feature only for CLB backend servers that run CentOS, Ubuntu, and Alibaba Cloud Linux. This feature does not support CLB backend servers that run other operating systems such as Windows.
What are the scenarios for EIP diagnostics?
When the EIP of an Elastic Compute Service (ECS) instance is inaccessible over the Internet, you can analyze the EIP to identify the cause and fix the issue based on the diagnostic items and suggestions. Possible causes:
The EIP is under DDoS attacks. The volume of DDoS attacks reaches the threshold of Anti-DDoS Origin. In this way, blackhole filtering is triggered.
The EIP is blocked due to violations of security regulations.
The bandwidth usage of the EIP exceeds the upper limit of the bandwidth plan that is associated with the EIP.