What do I do if I cannot connect an ECS instance to a Redis instance?

Updated at: 2025-02-07 02:17

If you want to access a Redis instance from an Elastic Compute Service (ECS) instance over a virtual private cloud (VPC), the ECS instance must be in the same region and belong to the same VPC as the Redis instance. A whitelist and a valid account and password must also be configured for the Redis instance. This topic describes solutions to common issues that prevent an ECS instance from being connected to a Redis instance.

Troubleshooting process for ECS connection issues

image

Step 1: Check whether the error message is invalid password, WRONGPASS, or NOAUTH Authentication required

If the error message is connection timed out or no explicit error message is displayed, skip Step 1 and proceed to Step 2.

Error description

If the error message is invalid password, WRONGPASS invalid username-password pair, or NOAUTH Authentication required, the account and password are incorrect.

Solution

  • Use a password in the <user>:<password> format to re-establish the connection. For example, if the username of a custom account is testaccount and the password is Rp829dlwa, enter testaccount:Rp829dlwa as the password.

  • If a password error is still reported when you use a password in the <user>:<password> format to reconnect the ECS instance to the Redis instance, you may have entered an incorrect password. In this case, reset the password and use the new password to establish the connection. For more information about how to reset the password, see Change or reset the password.

Note

If you copy the password, it may cause formatting errors. Manually enter the password and try again.

Step 2: Run the ping command to check whether the ECS instance is connected to the Redis instance

Procedure

Log on to the ECS instance and run the ping command.

ping <host>

Example: ping r-bp1zx****.redis.rds.aliyuncs.com

Result description

If the ping operation is successful, the network is connected, as shown in the following figure. You can proceed to Step 3 for further troubleshooting.

Result illustrations

Linux

In Linux, the system continuously sends ping requests after the ping command is run. You can press Ctrl+C on the keyboard to stop the execution and collect statistics, as shown in the following figure.

image

Windows

In Windows, the system returns the test result after the ping command is run four times, as shown in the following figure.

image

If the ping operation fails, the network is not connected.

Common causes and solutions

  • The ECS instance and the Redis instance may belong to different VPCs.

    Check whether the ECS instance and the Redis instance belong to the same VPC. For more information, see How do I check whether an ECS instance and a Redis instance are of the same network type?

    If the ECS instance and the Redis instance belong to different VPCs, you can perform the following operations:

    • Change the VPC of the ECS instance. For more information, see Change the VPC of an ECS instance.

    • Connect the ECS instance to the Redis instance over the Internet. For information about how to apply for a public endpoint, see Apply for a public endpoint for an instance.

      Important

      Compared with the Internet, VPCs provide better security and performance. Therefore, we recommend that you use a VPC to connect to the Redis instance.

  • The outbound access rule of the security group of the ECS instance may block traffic to the vSwitch or VPC IP address of the Redis instance.

    Check whether the ECS security group has an outbound rule whose protocol type is ICMP (IPv4) and whether the rule blocks traffic to the vSwitch or VPC IP address of the Redis instance.

    If yes, allow access to the vSwitch or VPC IP address of the Redis instance. For more information, see Add a security group rule.

    Note

    To view the vSwitch or VPC IP address, click the ID of the VSwitch or VPC on the Instance Information page in the Redis console. On the page that appears, view the IPv4 CIDR block.

If the connection still fails, see Run the PING command to check the connection between an ECS instance and a Tair instance.

Step 3: Run the telnet command to check whether the service port is available

Procedure

Log on to the ECS instance and run the telnet command.

telnet <host> <port>

Example: telnet r-bp1zx****.redis.rds.aliyuncs.com 6379

Result description

If Connected to ... is returned or the telnet interface is displayed as shown in the following figure, the port is available.

Result illustrations

Linux

The following output indicates that the connection is established by using telnet on a Linux system.

image

Windows

The following output indicates that the connection is established by using telnet on a Windows system.

image

If the "Connection timed out" or "Connect failed" message is displayed, the connection fails.

Common causes and solutions

  • The whitelist is incorrectly configured or no whitelist is configured. For more information, see Step 4: Check the whitelist.

  • The outbound access rule of the security group of the ECS instance may block traffic on the service port of Redis.

    Check whether the ECS security group has an outbound rule whose protocol type is TCP and whether the rule blocks traffic to the service port of Redis. The default port number is 6379. If yes, allow access to the Redis instance over the port. For more information, see Add a security group rule.

If the connection still fails, see How do I use the telnet command to test connectivity to the port used by Tair?

Step 4: Check the whitelist

The common cause of connection failure is that the whitelist is incorrectly configured or no whitelist is configured. In the following two scenarios, we recommend that you check the whitelist.

  • The domain name can be pinged, but the telnet operation fails.

  • If you use redis-cli to connect to the VPC endpoint of the Redis instance from the ECS instance, the (error) ERR illegal address or (error) ERR client ip is not in whitelist error is reported.

Common causes

  • An incorrect IP address is configured.

    For example, you connect the ECS instance to the VPC endpoint of the Redis instance, but mistakenly add the public IP address of the ECS instance to the whitelist of the Redis instance. Alternatively, you connect the ECS instance to the public endpoint of the Redis instance, but mistakenly add the primary private IP address of the ECS instance to the whitelist of the Redis instance.

  • No whitelist is configured.

Solution 1

You can check whether the IP address of the ECS instance is added to the whitelist of the Redis instance by performing connection diagnostics. You can also add the IP address of the ECS instance to the whitelist. For more information, see Perform diagnostics on connections.

Important

When you select the IP address of the ECS instance, it is important to distinguish between VPC and public endpoints.

image

Solution 2

  1. Check whether the endpoint that you use is a VPC endpoint or a public endpoint. For more information, see View endpoints.

  2. If the endpoint is a VPC endpoint, add the primary private IP address of the ECS instance to the whitelist of the Redis instance. If the endpoint is a public endpoint, add the public IP address of the ECS instance to the whitelist of the Redis instance. For more information, see Configure whitelists.

    Note

    For information about how to query the IP address of an ECS instance, see Network FAQ.

References

  • On this page (1, T)
  • Troubleshooting process for ECS connection issues
  • Step 1: Check whether the error message is invalid password, WRONGPASS, or NOAUTH Authentication required
  • Error description
  • Solution
  • Step 2: Run the ping command to check whether the ECS instance is connected to the Redis instance
  • Procedure
  • Result description
  • Common causes and solutions
  • Step 3: Run the telnet command to check whether the service port is available
  • Procedure
  • Result description
  • Common causes and solutions
  • Step 4: Check the whitelist
  • Common causes
  • Solution 1
  • Solution 2
  • References
Feedback
phone Contact Us

Chat now with Alibaba Cloud Customer Service to assist you in finding the right products and services to meet your needs.

alicare alicarealicarealicare