edit-icon download-icon

Resolve access failures

Last Updated: Feb 12, 2018

If an error occurs accessing Server Load Balancer (SLB), potential causes and steps you can take to resolve the issues are as follows:

  • Cause: No listeners are configured after creating an SLB instance.

    Resolution: You must configure listeners for your instance. To configure listeners, see Listeners overview. If you do not configure listeners for a created SLB instance, the client cannot access the SLB instance.

  • Cause: Incorrect backend Linux ECS kernel configuration of the Layer-4 SLB instance.

    The rp_filter feature of the Linux kernel must be disabled for the backend Linux ECS instances added to a Layer-4 SLB instance. Otherwise, telnet to the service port of SLB from the frontend may fail, while the instance is indicated as healthy.

    The rp_filter feature of the Linux kernel is used for implementing Unicast Reverse Path Forwarding (URPF). The rp_filter verifies the direction of reverse-path data packets to avoid attacks using a forged IP address. However, this feature may conflict with the underlying Linux Virtual Server (LVS) routing policy of SLB and result in access exceptions.

    Resolution: Make sure that the values of the following three parameters in the system configuration file of the Linux ECS server are set to zero. Edit /etc/sysctl.conf and then run sysctl -p to make the configuration take effect.

    1. net.ipv4.conf.default.rp_filter = 0
    2. net.ipv4.conf.all.rp_filter = 0
    3. net.ipv4.conf.eth0.rp_filter = 0
  • Cause: Incorrect backend Windows ECS configuration of the Layer-4 SLB instance.

    For the Layer-4 SLB, a backend ECS instance cannot act as both the real server and the client to access the SLB instance.

    This may cause the related access requests to be forwarded to the same ECS instance, resulting in a data access loop. The ECS instance will fail to access the SLB instance.


    1. Install Windows Loopback Adapter: Right-click Computer > Properties. On the Control Panel page, click Device Manager > Add Hardware > Install hardware that I manually select from the list > Show All Devices. Then select and install the device shown in the following figure.


    2. Enable Weak Host Model and run the following command to check the Idx of all network interfaces.

      netsh interface ipv4 show interface

    3. Configure weakhostsend=enabled, and weakhostsend=enabled for all network interfaces. For example, configure the adapter with the Idx of 12 as follows:

      1. netsh interface ipv4 set interface 12 weakhostsend=enabled
      2. netsh interface ipv4 set interface 12 weakhostreceive=enabled
  • Cause: Exceptions in the local network of the client or the intermediate link of the carrier.

    For the Internet SLB, exception in the network of the client or in the network of the carrier may also lead to the failure of client access.

    Resolution: Test the network access of SLB in different regions and different network environments. If the access fails only when accessing SLB from your local network, the access failure may be caused by your local network. You can do further troubleshooting and analysis by using methods such as continuous ping tests or MTR route tracking.

Thank you! We've received your feedback.