- Newest
- Most votes
- Most comments
You can use the VPC Reachability Analyzer to test the path between your subnets. This will help identify the problem.
How Reachability Analyzer works
Reachability Analyzer analyzes the path between a source and destination by building a model of the network configuration, and then checking for reachability based on the configuration. It does not send packets or analyze the data plane.
To use Reachability Analyzer, you specify the path for the traffic from a source to a destination. For example, you could specify an internet gateway as the source, an EC2 instance as the destination, 22 as the destination port, and TCP as the protocol. This would allow you to verify that you can connect to the EC2 instance through the internet gateway using SSH.
If there are multiple reachable paths between a source and a destination, Reachability Analyzer identifies and displays the shortest path. You can analyze the path again, specifying an intermediate component, to find an alternative reachable path that traverses the intermediate component.
If the path is not reachable, Reachability Analyzer displays information about the component or combination of components that is blocking the path. There might be additional components blocking the path.
Relevant content
- Accepted Answerasked 2 months ago
- Accepted Answerasked 7 months ago
- Accepted Answerasked a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
Should i run it from the instance in the problematic subnet and specify one of the IPs in the datacenter as a destination?
For Path Source you should select an EC2 instance in the subnet that cannot reach your data center.
For Path destination select IP Address and Enter IP address use an IP address within your data center.
Reachability Analyzer shows it as reachable, however there is no connection. Both ICMP and HTTP on port 80 cant connect.
This would lead me to believe the problem is on the datacenter side of the connection. Try troubleshooting from the CPE across the s2s VPN connection.
So by using the Reachability analyzer, we basically confirmed that the instance does go through the correct route and passes throught the correct gateway?