2. Click a CVM instance ID to enter the details page.
3. Click the Security group tab to check whether access is allowed in the ICMP protocol and the inbound and outbound security group rules for the source/destination IPs.
If there is no corresponding protocol rule, or the rule is Reject, click Edit to modify the security group rule for the protocol, and then ping again to see whether the problem is solved.
If the inbound and outbound rules of the security group are correct, proceed to the next step.
Rejected:
Allowed:
Checking the network ACL rules associated with the subnet
2. Click a CVM instance ID to enter the details page.
3. Go to Instance details > Basic information, click the subnet ID in Network information section.
4. On the Basic information tab, check whether the subnet is bound to a network ACL. On the "ACL rule" tab, check whether there are rules that reject the ICMP protocol, and whether the source/destination IPs are allowed in the inbound and outbound ACL rules.
If an ACL is bound and ICMP is rejected in the ACL, or there is no ICMP rule in the ACL, then click the ACL ID to enter the ACL page, allow the corresponding protocol and source/destination IPs, and move the rule to the first place so that it will be matched first. Then, ping again to see whether the problem is solved, and if not, proceed to the next step.
If no ACL is bound, or the ACL rule already allows the corresponding protocol and IPs, proceed to the next step.
Checking for container route in CVM instances
1. Navigate to the Cloud Server Console, click Login on the right side of the cloud server, follow the interface prompts to enter the password or key, log in to the cloud server in a standard manner, and execute the route command to view the internal routing table of the system.
2. Check whether there is a Docker container route in the system with the same IP range as the subnet of the accessed CVM instance.
If yes, this problem is caused by the conflict with the container route. You need to delete the corresponding subnet.
