"Destination Host Unreachable" error - Tair (Redis® OSS-Compatible)

If you receive a Destination Host Unreachable error when you ping the internal endpoint of a Tair instance, refer to the solutions in this topic.

Symptom

You cannot ping the internal endpoint of a Tair instance from an Elastic Compute Service (ECS) instance or a Docker container. The Destination Host Unreachable error is returned.

PING r-bp1****l7ein86xv6m.redis.rds.aliyuncs.com(172.17.0.31) 56(84) bytes of data.
From xxxx (172.17.0.1) icmp_seq=1 Destination Host Unreachable
From xxxx (172.17.0.1) icmp_seq=2 Destination Host Unreachable
From xxxx (172.17.0.1) icmp_seq=3 Destination Host Unreachable

Cause

This issue typically occurs because the internal CIDR block of the ECS instance or Docker container conflicts with the CIDR block of the Tair instance. To verify this, perform the following steps.

Ping the internal endpoint of the Tair instance to obtain its internal IP address.
In this example, the internal IP address of the Tair instance is 172.17.0.31.
Query the route table of the client.
For example, in a Docker container that runs on Linux, you can execute the route -n command to view the routing information. The output is similar to the following:
```
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         172.17.2.253    0.0.0.0         UG    0      0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     1002   0        0 eth0
172.17.0.0      0.0.0.0         255.255.255.0   U     0      0        0 br-350b446c181a
```
The output shows that the CIDR block of the br-350b446c181a network interface card (NIC) is 172.17.0.0/24. This CIDR block conflicts with the internal IP address of the Tair instance. As a result, Docker cannot route packets to the Tair instance.

Troubleshooting approach

Change the network configuration of the client or the Tair instance to resolve the conflict.

Solutions

Solution 1: Change the default CIDR block of the client service

This example uses a Docker container on Linux that uses the default `docker0` bridge.

Important

Stopping the Docker service or changing its default CIDR block interrupts your services. We recommend that you perform this operation during off-peak hours.
When you change the default CIDR block, ensure that it is compatible with the network settings of existing containers and applications to prevent connection issues.

Stop the Docker service.
```
sudo systemctl stop docker
```
Edit the Docker configuration file. The file is typically located at /etc/docker/daemon.json or /etc/docker/daemon.conf. The file name may vary.
```
sudo vim /etc/docker/daemon.json
```
Add the following content to the file. We recommend that you back up the original file before you make changes.
```
{
    "bip":"New CIDR block"
}
```
Change the CIDR block to one that does not conflict with the Tair instance. For example, if the internal IP address of the Tair instance is 172.17.0.31, you can set the new CIDR block to 192.168.0.1/24.
Save and close the configuration file.
Start the Docker service to apply the changes.
```
sudo systemctl start docker
```

Solution 2: Change the vSwitch of the Tair instance

You can change the vSwitch of the Tair instance to ensure that the vSwitch CIDR block does not conflict with the client's CIDR block.

Note

Because different VPCs cannot communicate over internal networks, you can change the vSwitch only if it is within the same VPC.
Changing the vSwitch causes a transient connection interruption that lasts about 30 seconds. We recommend that you perform this operation during off-peak hours and ensure that your application has an automatic reconnection mechanism.

References

Connect to Tair and Redis instances