tencent cloud

PrevNext

Feedback

search by keyword

Recent Pages

Documentation
Tencent Cloud Observability Platform
    Documentation

    CVM Is Unreachable When Pinged

    Last updated: 2023-07-12 11:05:33
    This document is currently invalid. Please refer to the documentation page of the product.

      Overview

      This document describes the troubleshooting methods and solutions for when you receive a “ping unreachable” event alarm notification from CVM. You can resolve an alarm as instructed in Troubleshooting Directions. If you feel disturbed by the alarm notifications, you can disable the alarm feature.

      Causes of the Alarms and their Corresponding Solutions

      The causes of the “ping ureachable” alarms and their corresponding solutions are detailed below:

      Cause of the Alarm Solution
      CVM instance failure, kernel failure, or high bandwidth load Troubleshoot as instructed in Step 1 to fix the exception, or disable the alarm feature.
      CVM instance shutdown Troubleshoot as instructed in Step 2 to start the CVM instance, or disable the alarm feature.
      ICMP restricted in the security group associated with the CVM instance Troubleshoot as instructed in Step 3 to modify the ICMP configuration of the security group, or disable the alarm feature.
      ICMP restricted by Windows Firewall or
      the Linux kernel parameter or the iptables of the CVM instance      		 Troubleshoot as instructed in Step 4 to lift the corresponding restriction, or disable the alarm feature.
      Note:

      The network ping status of a CVM instance is automatically monitored by the alarm system of Tencent Cloud Observability Platform, which is irrelevant to whether a public IP is configured for the CVM instance.

      Troubleshooting Directions

      Step 1: Check the CVM instance monitoring data

      1. Log in to the Tencent Cloud Observability Platform Console.
      2. Click Cloud Virtual Machine > ID/CVM Name of the alarm to view whether there are exceptions such as breakpoints or overly high metric values in the CVM instance monitoring data.

      Step 2: Check the CVM instance status

      Note:

      Currently, the “ping unreachable” alarms caused by manual shutdown are not excluded from the Tencent Cloud Observability Platform event alarms, which will be optimized in the future.

      1. Log in to the CVM Console.
      2. On the "Instances" page, check whether the status of the instance related to the “ping unreachable” alarm is normal.

      Step 3: Check the ICMP settings in the security group

      1. Log in to the CVM Console.
      2. On the "Instances" page, select the ID/name of the instance where the “ping unreachable” alarm was triggered to access the instance details page.
      3. Select the Security Groups tab to access the security group management page of the instance. Then, check whether the ICMP port protocol is refused or allowed in the inbound and outbound rules of the security group of the instance, as shown below:
        • The ICMP port protocol is allowed in the system default security group. If you manually refuse the ICMP protocol in the default security group or do not add the ICMP protocol in the custom security group, the “ping unreachable” alarms will be triggered. You can click Edit rule in the top-right corner to add/modify the ICMP port protocol on the security group rule management page, as shown below:
        • If the ICMP port protocol restriction in the security group has been modified but the problem persists, please proceed to the next step to check whether there are restrictions in the CVM instance Windows firewall or the Linux kernel parameter and the iptables settings.

      Step 4: Check the firewall or the Linux kernel parameter and the iptables settings

      Windows

      1. Log in to the CVM instance.
      2. Open Control Panel, select "Small icons" as the view mode, and click Windows Firewall, as shown below:
      3. On the "Windows Firewall" page, select Advanced settings as shown below:
      4. In the "Windows Firewall with Advanced Security" window that pops up, check whether the ICMP inbound/outbound rules are restricted.
        As shown below, if the "WinAgent:ICMP" inbound/outbound rules are disabled, the “ping unreachable” alarm was caused by the restriction in the Windows Firewall. You can right-click the rules to enable them.

      Linux

      Note:

      Whether pings are allowed on Linux is subject to both the kernel and the iptables settings. If either of them disables pings, the “ping unreachable” alarms will be triggered.

      Check the kernel parameter

      1. Log in to the CVM instance.
      2. Run the following command to view the icmp_echo_ignore_all settings of the system:
        cat /proc/sys/net/ipv4/icmp_echo_ignore_all
      • If 0 is returned, the system allows all ICMP echo requests. In this case, please check the iptables settings.
      • If 1 is returned, the system rejects all ICMP echo requests, which indicates that the “ping unreachable” alarm was caused by the restriction in the Linux kernel parameter. In this case, please enable ICMP as instructed in step 3.
      1. Run the following command using an account with root privileges to modify the settings of the icmp_echo_ignore_all kernel parameter:
        echo "0" >/proc/sys/net/ipv4/icmp_echo_ignore_all

      Check the iptables settings

      1. Run the following command to check whether the current firewall rules of the CVM instance and the corresponding ICMP rules are restricted:

        iptables -L
        • If the returned result is as follows, ICMP is not restricted in iptables:
        • If the returned result is as follows, ICMP is restricted in iptables, which indicates that the “ping unreachable” alarm was caused by the ICMP restriction in Linux iptables. In this case, please enable ICMP in iptables as instructed in step 2.

      2. Run the following command to enable ICMP in iptables:

        #Chain INPUT
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
#Chain OUTPUT
iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT

      If the problem persists after all the steps above are completed, please submit a ticket for assistance.

      Disabling the Alarm Feature

      Disabling the alarm policy

      If you feel disturbed by the metric alarms or the event alarms of an alarm policy, you can disable the policy by following the steps below:

      1. Access the Alarm Policy page in the Tencent Cloud Observability Platform Console.
      2. Find the name of the alarm policy that triggered the alarm, toggle off the switch in the Alarm On/Off column, and click OK to disable the alarm policy.

      Only disabling event alarms

      If you only need the metric alarms in an alarm policy, you can disable the event alarms by following the steps below:

      1. Access the Alarm Policy page in the Tencent Cloud Observability Platform Console.
      2. Click the name of the alarm policy that triggered the alarm to access the alarm policy management page.
      3. Click Edit in the top-right corner of the “Trigger Condition” section. In the pop-up window, uncheck “Event Alarm” and click Save as shown below:
      Contact Us

      Contact our sales team or business advisors to help your business.

      Contact Us
      Technical Support

      Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

      Submit a Ticket
      7x24 Phone Support
      Copyright © 2013-2024 Tencent Cloud. All Rights Reserved.
      Privacy PolicyLegalCookie Policy