I started several GCE instances and was unable to connect to even 1 of them using ssh. For debian wheezy instances the ssh server appeared to be not running ("nc IP 22" times out). Even though I enabled ICMP in default network, debian instances did not respond to ping.
CentOS instances responds to ping and I was able to get an ssh banner using nc intermittently. But connecting using ssh command repeatedly timed out.
I suspected a network outage but "gcutil listzones" showed that all the zones I was using, were UP (us-cental)
From https://groups.google.com/d/msg/gce-operations/coBWszq91j4/dRPq5_gJ3t4J:
We're investigating an issue with network connectivity to new Google Compute Engine instances. Currently-running instances are not affected. We will provide more information shortly.
Related
My GCP server is down. It was working last day. I can see the server in VM Instances but can not connect using SSH. All the client websites are down.
Can any one help ?
There is several reasons this could happen:
If your disk is full
sshd deamon isn't configured properly
If OS login is enabled on your instance
A firewall rule block port 20
Sometimes, you see some connection errors in the console, that worth to take a look.
EDIT:
I will need additional information if that still not working;
Take a look to your serial console logs and tell me if you have any relevant logs that can help like a kernel panic, issue with networking, permission denied, etc
Use Cloud Shell and try to connect to your VM instance with these commands:
gcloud compute firewall-rules create --network=default default-allow-ssh --allow tcp:22
gcloud compute ssh YOUR_INSTANCE_NAME --zone YOUR_ZONE -- -vvv
If you can't connect from cloud shell, try to ping your VM instance (internal IP & external IP)
I highly recommend to delete your screenshots showing information about your VM instance (Firewall rules, Project name, nmap scans, etc).
We have a cluster of Tomcat servers in AWS BeansTalk connected to AWS RDS (MySQL) with Multi-AZ availability.
Some days ago, the RDS instance had a patch applied to the OS which triggered a failover to another RDS instance based on the Multi-AZ availability.
The result was a Production system down during hours (it was at night) until we restarted the Tomcats in each instance. We had thousands of Connection refused errors to database.
According to AWS support, when a failover instance is launched, the endpoint is the same but its IP is changed, and my Tomcats had the old IP cached. So after restarting Tomcat the cache was cleared, the new IP was used and the connectivity issue was resolved. They refer me to this SO question.
That makes a lot of sense however I couldn't reproduce the issue in a controlled test with the same application in Production.
I changed the IP of a domain in /etc/hosts and my current BeansTalk Production Tomcat detected the IP change 30 seconds later, so it should have detected the RDS endpoint IP change too.
The Java ttl property in my BeansTalk environment is set as:
#networkaddress.cache.ttl=-1
So, by default it takes 30 secs as cache, that matches with my experiment.
[EDIT] As suggested in the comments, I've tried to simulate a failover through DNS. In this case, I've changed a CNAME record from a domain to another domain. I did the same test and Tomcat detected the change again 30 seconds later.
Do you have any idea why in this case the RDS endpoint IP change was not detected by Tomcat/JVM?
I have the following topology.
One Ubuntu 16.04. Instance on the Amazon AWS where my global MySQL Server is running. I want to use this Server as a Slave (Multi-Source Replication) for many local Master (Windows Machines MySQL Server).
For Testing Reasons I`ve Managed to make this running on one local Machine (with three different MySQL Server Running).
But now I want to make this Replication work on the mentioned global Server with the local ones. But it fails on the attempt to connect from the EC2 ubuntu Instance to the local Windows MySQL Server.
When I try to connect from my EC2 Instance to the local Computer with MySQL running on Port 3307 it keep saying:
ERROR 2003 (HY000): Can't connect to MySQL server on (113)
The strange Part is, that I can PING the Local Computer but not telnet it.
Telnet just says:
telnet: Unable to connect to remote host: No route to host
I can access the Global (EC2 / Ubuntu MySQL Server) from the local Machine but not the other way around.
I`ve already made a new Rule for this Port on the Windows Firewall Settings.
But the Port 3307 on the IPv4 Address seems to be still Closed.
I have no clue what I am missing to get a Connection from the EC2 Instance to my local Computer via TCP.
Do I have to open the Port Specific on the Router?
I hope for your help.
Best Regards.
It seems like your local computer is not visible, as your incoming ports to your local pc are closed. It may be a problem with your router, or your internet service provider, which is not allowing you to open ports(the most common one).
The possible solutions are:
1.) If your ports are not open due to the router
Try forwarding required ports to your pc.
Try Switching off your NAT firewall that may be blocking ports.
Try switching off your windows or antivirus firewall if any.
2.) If your ports are blocked by your Internet service provider.
Try getting help from ISP
Switch to a static IP connection if on dynamic.
Use a VPN service that provides an unblocked port service to all IPs.(This one solved my problem when I was struck in this situation.)
How can I troubleshoot GCE firewall issues? We're running some GCE servers and connecting to a non-google network via ipsec using google beta vpn service (although I had the same problem with GCE and my own StrongSwan instance in the past and could never fix it there either).
I'm trying to connect to 192.168.4.176 (a linux box with no firewall running) and I'm pretty sure google is blocking the traffic. The VPN is fine. I can ping 192.168.4.180. But I can't ping 192.168.4.176. And nc 192.168.4.176 22 just times out.
I can run a SSL VPN from a gce instance and can ping 192.168.4.176 without issue.
Here's a screenshot of the GCE network. I also tried routes/firewall rules with 192.168.4.1/24 but those didn't work either for connecting to .176 but .180 was fine. Any ideas on what to try?
Here are the gce network details
Here's the gce vpn screen
Here's the gce vpn detail screen
And from the remote network I can ping my 10.x gce instances from 192.168.4.180 (which I should since I'm allowing that). But I can't ping any gce 10.x addresses from 192.168.4.176 (which I interpret that the google firewall is blocking the traffic even though I have it configured to let it through).
can you confirm that the secret key for the .176 VPN is correctly configured on both ends?
the firewall rule for .176 VPN - is that added in GCE firewall section, mapping the right network where the VPN tunnel was created.
Does the VPN UI status show a Green tick mark for both the tunnels?
You could also View VPN Logs from GCP UI : from the UI Console,left menu Monitoring -> Logs, and then select "Compute Engine"-> "targetVPNgateway" and select the tunnels and "ipsec_events" dropdown. Check the log when you access the .176 VPN to observe the likely packet flow.
I am running VirtualBox on MacOS, I have a windows xp vm. I also have mysql database running inside the vm. The vm is configured to use Bridged Network Adapter.
When I am connected to a wi-fi network (at home), I am able to connect to the data running on the vm from my mac (host), by using the IP address of the vm in the connection string.
How do I do this when I am not connected to the network (when I am travelling on a train for example)?
What setting do I need to change on the VM so that my host can connect to the mysql database running on the xp vm?
There is no need for the VM to access the outside network etc... It is enough for the host to be able to access the database on the vm.
This can be solved by using port forwarding in VirtualBox with NAT as the networking mode.