Elastic Compute Service:Network FAQs

What is the packet loss rate when instances within different regions communicate over the Internet?

When instances within different regions communicate over the Internet, a p99 of the hourly packet loss rate of less than 0.0001% can be expected.

How is the network latency for instances within the same region that communicate over the internal network?

You can achieve minimal latency when instances within the same zone and region communicate with each other over the internal network. The one-way latency at the 99th percentile is less than 180 μs for communication between instances within the same zone.

How is the performance of connections guaranteed for instances for which the maximum number of connections is not specified?

What do I do if the performance of an ECS instance is unstable when a UDP PPS test or TCP bandwidth test is performed on the instance?

When a network performance test is performed on an ECS instance, the test result may be affected by a number of factors. These factors include the common performance tuning methods such as non-uniform memory access (NUMA) topology adaptation, binding vCPUs for tasks, and binding vCPUs for interrupts.

For example, during a single-stream TCP bandwidth test, if a receive task such as a netserver process and a network interface controller (NIC) receive queue interrupt are bound to the same vCPU, the NIC triggers an interrupt to interrupt the receive task when the NIC receives data frames. If the receive task is frequently interrupted, the test result may not meet your expectations. In this case, you can bind the receive task and the NIC receive queue interrupt to different vCPUs and obtain a better test result by using the performance advantages of multiple vCPUs.

Is public bandwidth exclusive to each ECS instance, or is public bandwidth shared among multiple instances?

The public bandwidth of each instance is exclusive to the instance. The bandwidth resources you purchased are exclusive for your ECS instance and are not shared with other accounts. This ensures network stability and speed.

Why is 200 Kbit/s of inbound traffic already consumed on a new ECS instance?

This traffic was generated by Address Resolution Protocol (ARP) broadcast packets. Each ECS instance is assigned to a large CIDR block. When the gateway receives an ARP request packet for an ECS instance, the gateway broadcasts this packet to all ECS instances within the same CIDR block. The new instance also receives the packet. If the request is not destined for the new instance, the instance does not reply with an ARP reply packet.

How do I view the Internet traffic bills of an ECS instance?

Why is the bandwidth usage of my ECS instance displayed in the CloudMonitor console different from that displayed in the ECS console?

ECS instances function as backend servers of Server Load Balancer (SLB) instances and use the Layer 7 HTTP forwarding model. In this forwarding model, SLB instances forward client requests to ECS instances, and the ECS instances use their own outbound bandwidth to return responses to the corresponding users. The bandwidth consumed by these responses is not displayed in the ECS console, but the traffic generated by the responses counts towards the outbound traffic of the SLB instances and is displayed in the CloudMonitor console. Therefore, the bandwidth usage of your ECS instance displayed in the CloudMonitor console is different from that displayed in the ECS console.

My ECS instance has been stopped. Why am I still being charged for its outbound traffic on a pay-as-you-go basis?

• Problem description: Your instance is in the Stopped state in the ECS console but is in the Cleaning state in the Anti-DDoS Basic console. You are charged for outbound traffic from the instance on a pay-as-you-go basis every hour.

• Cause: HTTP flood protection is enabled for the ECS instance. When HTTP flood protection is enabled, the security mechanism sends probe packets to potential attack sources. Therefore, a large volume of outbound traffic is generated.

• Solution: Disable HTTP flood protection for the ECS instance. For more information, see Configure HTTP flood protection.

How do I enable public bandwidth for an ECS instance?

To enable public bandwidth for an ECS instance, you can specify a public bandwidth for the ECS instance when creating it or modify the public bandwidth configurations of the ECS instance after it is created. With either of the mentioned methods, the ECS instance receives a static public IP address with public bandwidth enabled. For more information, see Assign a static public IP address and Modify the public bandwidth configurations of an instance associated with an auto-assigned public IP address.

You can also enable public bandwidth for an ECS instance by associating an Elastic IP address (EIP) with the ECS instance or by creating an Internet NAT gateway for it. For more information, see Associate one or more EIPs with an instance and Create and manage an Internet NAT gateway. Additionally, public bandwidth can be enabled for IPv6 addresses. For more information, see Step 3: Enable IPv6 public bandwidth.

How do I query the IP addresses of ECS instances?

• Linux instances

  Run the ifconfig command to view NIC information. You can view the IP addresses, subnet masks, gateways, Domain Name System (DNS) servers, and MAC addresses in the command output.

• Windows instances

  In Command Prompt, run the ipconfig /all command to view NIC information. You can view the IP addresses, subnet masks, gateways, DNS servers, and MAC addresses in the command output.

For more information, see View IP addresses.

How do I disable the public NIC of an ECS instance?

• Linux instance

  1. Run the ifconfig command to view the name of the public NIC of the instance.

  2. Run the ifdown command to disable the public NIC. For example, if the name of the public NIC is eth1, enter ifdown eth1.

     Note

     You can run the ifup command to re-enable the NIC. For example, if the name of the public NIC is eth1, enter ifup eth1.

• Windows instance

  1. In Command Prompt, run the ipconfig command to view information about the public NIC.

  2. Open the Control Panel and click View network status and tasks in the Network and Internet section. In the Network and Sharing Center window, click Change adapter settings in the left-side navigation pane to disable the public NIC.

How do I configure an IPv6 address for an ECS instance?

For more information, see Configure an IPv6 address for an ECS instance.

When I attempt to access a website on an ECS instance, a message similar to "Sorry, your access has been blocked because the requested URL may pose a security threat to the website" appears. Why?

• Problem description: When you attempt to access a website built on an ECS instance, you are prompted with a message similar to "Sorry, your access has been blocked because the requested URL may pose a security threat to the website."

• Cause: Web Application Firewall (WAF) has identified your access request to the URL as an attack and blocked your access.

• Solution: Add the source public IP address that you use to access the website to the WAF whitelist. For more information, see Avoid Anti-DDoS Basic false positives by using a whitelist.

After I configure a secondary private IP address for a Windows instance, the instance cannot connect to the Internet. Why?

• Problem description: After you configure a secondary private IP address for a Windows instance, the instance cannot connect to the Internet.

• Cause: In Windows 2008 and later, the longest prefix match algorithm is used to select next hop IP addresses based on destination IP addresses of outbound traffic. This may lead to network connection failures.

• Solution: Run the Netsh command with skipassource set to true to configure a secondary private IP address for the Windows instance.

  Netsh command:

  Netsh int ipv4 add address <Interface> <IP Addr> [<Netmask>] [skipassource=true]

  The following table describes the parameters in the Netsh command.

  Parameter	Description	Example value
  <Interface>	The network interface with which to associate the secondary private IP address	'Ethernet'
  <IP Addr>	The secondary private IP address	192.168.0.100
  <Netmask>	The mask of the secondary private IP address	255.255.255.0

  Sample command:

  Netsh int ipv4 add address 'Ethernet' 192.168.0.100 255.255.255.0 skipassource=true

An abnormal logon has been detected on one of my ECS instances. What do I do?

How do I request reverse lookup for an ECS instance?

Reverse lookup is used in mail services to reject mail from IP addresses mapped to unregistered domain names. Most spammers use dynamic IP addresses or IP addresses mapped to unregistered domain names to send unwanted mail and avoid being tracked. When reverse lookup is enabled on a mail server, the server rejects mail sent from dynamic IP addresses or unregistered domain names to reduce the amount of spams received.

You can submit a ticket to request reverse lookup for your ECS instance. To make your ticket easier to process, we recommend that you specify the region, public IP address, and registered domain name of your ECS instance in the ticket.

dig -x 121.196.255.** +trace +nodnssec

1.255.196.121.in-addr.arpa. 3600 IN PTR ops.alidns.com.

Can an IP address point to multiple reverse lookup domain names?

No, each IP address can point only to a single reverse lookup domain name. For example, you cannot configure the IP address 121.196.255.** to resolve to multiple domain names such as mail.abc.com, mail.ospf.com, and mail.zebra.com.

Can I change the public IPv4 address of an instance after the instance has been created?

You can change the public IPv4 address of an instance within 6 hours after the instance is created. For more information, see Change the public IP address of an instance.

Why am I unable to find the option to change the public IP address of an ECS instance in the ECS console?

• Within 6 hours after a pay-as-you-go instance is created: If the billing method of an instance is pay-as-you-go and the network type of the instance is VPC, you must enable the standard mode for the instance when you stop the instance. If you enable the economical mode for the instance, the Change Public IP Address option is not displayed in the ECS console.

• More than 6 hours after the instance is created: You cannot change the public IP address, and the Change Public IP Address option is not displayed.

Can I change the private IP address of an instance?

• You can change the private IP addresses of instances in VPCs. For more information, see Primary private IP address.

• You cannot change the private IP addresses of instances in the classic network.

If no public IPv4 address was assigned to an ECS instance when the instance was being created, how do I assign a public IP address to the instance?

• Apply for an EIP and associate the EIP with the instance. For more information, see Apply for an EIP.

• Modify the public bandwidth of the instance to allocate an auto-assigned public IP address to the instance. For information about how to modify the public bandwidth of subscription instances, see Overview of instance configuration changes. For information about how to modify the public bandwidth of pay-as-you-go instances, see Modify the bandwidth configurations of pay-as-you-go instances.

Do all ECS instances support classic network and VPC as network types?

No. If you purchase your first ECS instance after 17:00, June 14, 2017 (UTC+8), you cannot select classic network as the network type.

Can I change the network type of an ECS instance?

ECS instances can be migrated only from the classic network to a VPC. For more information, see Migrate ECS instances from the classic network to a VPC.

How can I view the resource quota?

For more information about how to view the limits and quotas of resources, see Limits.