- Newest
- Most votes
- Most comments
Hello Chad, thank you for your post. I am sorry to hear about the issues you observed when attempting to access the Elastic IPs attached to your server.
I do see that the packets sent by traceroute reach the Amazon network:
% whois 99.82.176.52 | grep -i -m2 ^org
organisation: ARIN
Organization: Amazon.com, Inc. (AMAZO-4)
Despite the traceroute dying after reaching this host, this is not evidence of a routing issue. I was able to reproduce these results when using traceroute to evaluate the route from my home internet connection to an Elastic IP attached to an EC2 test instance. The last hop in my traceroute test was within the Amazon network, but there was no response from my Elastic IP. This was because traceroute uses UDP packets by default, and my EC2 instance's security group had no rules allowing inbound UDP connections. After I added a rule to my security group allowing UDP traffic, a subsequent traceroute test showed a successful connection to my Elastic IP.
With that said, I understand there may be another use case in which the connections you expect to work are failing. I would suggest you review the security group details for your EC2 instance to ensure the correct rules are in place.
If you would like assistance in reviewing the specific details of the issue, please feel welcome to submit a support case.
Hello chad_decker,
I am from the Premium Support Networking team. With regard to this issue, I would also encourage you to reach out directly via the support portal as this issue relates to specific resources under your account. Raising a case via the support portal will allow us to dive a bit deeper into the issue and provide you with further information.
Relevant content
- asked a year ago
- asked 5 years ago
- AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 10 months ago
Thanks for the tip on tracert. I didn't realize it uses UDP. That would explain the failed tracert.
I agree with your assessment that it may not be a routing issue.
That said, I'm not sure the reduction in inability to ping or access the elastic IP (via RDP, etc.) is a Security Group issue either. If it were, it would be a binary issue. I'd either be able to access the elastic IP or I wouldn't. But as it stands, my ability to connect to that IP from my home machine is intermittent. It'll work for a while and then drop out for ten minutes and then resume. It's a very strange issue.