tencent cloud

Feedback

General Troubleshooting Solutions

Last updated: 2024-11-05 09:46:38
    This document provides guidance on Direct Connect troubleshooting, helping you troubleshoot network connection failures.

    Troubleshooting Sequence

    Troubleshoot the following items in sequence:

    Troubleshooting Physical Layer Linkage Failures

    When you encounter port failure, fiber optic components exception at either or both ends, CRC, or packet error, follow the steps below to troubleshot physical layer linkage failures.
    1. Confirm that your IDC CPE device is started with open ports.
    2. Contact your DC connection provider and obtain the relevant certificates indicating the completed construction and network connectivity.
    3. Check that the fiber optic components in IDC are normal. Please submit a ticket to request the after-sales manager to check fiber optic components in the access point’s data center.
    4. Contact your DC connection provider and access point’s carrier to test link segments. Assume that a Direct Connect service connects IDC to the access point’s data center through the optic splice box outside the data center building, and then to the destination data center through Optical Distribution Frame (ODF), then the segment testing should be performed as follows: (1) Test that the ODF in your local IDC can communicate with the access devices. (2) If there are multiple ODFs in your local IDC, test that they can communicate with each other. (3) Contact your DC connection provider to check that the connection between your local IDC and the data center’s optic splice box works. (4) Contact the access point’s carrier to check that the optic splice box can communicate with ODF. (5) Contact the access point’s carrier to check that ODFs can communicate. (6) Contact the access point’s carrier to check that ODF can communicate with access devices at the access point.
    
    
    1. When VLAN ID is not 0:
    Ensure any Layer 2/Layer 3 devices between the carrier’s connection, Tencent Cloud access devices and local IDC access devices (including the IDC access device itself) have enabled VLAN relay for your VLAN tags, that is, identify and allow your VLAN tag.
    Ensure that any Layer 2/Layer 3 devices between the Tencent Cloud edge device and your local IDC edge device (including the IDC edge device itself) correctly relay without converting the VLAN.
    2. Check that the IP addresses are correctly configured. Ensure the IP addresses are correctly configured on the local access devices, which remain stable without MAC address flapping records.
    3. Ensure the layer-2 link detection protocols such as STP\\Loop-detection are disabled on IDC access devices; otherwise, ports may be blocked.

    Troubleshooting Network Layer or Transport Layer Failures

    1. Ensure that the IP addresses configured on both sides of the connection are in one subnet with the same subnet mask.
    2. Ensure that each side configured a unique IP address, and no IP is reused.
    3. If your connection has bidirectional forwarding Detection (BFD) enabled, ensure that the security policy of IDC devices allows the BFD message to pass.
    4. If your connection has NQA detection enabled, note that Tencent Cloud supports the ICMP-echo type. Ensure that the security policy of IDC devices allows the ICMP message to pass.
    Note:
    NQA detection is only supported in dedicated tunnel 2.0 currently. If you are using dedicated tunnel 1.0 and you want to enable NQA detection feature, please contact us.
    5. If a BGP session is required on both sides of the connection for propagating Tencent Cloud VPC routes and IDC routes:
    Correctly configure BGP ASN and BGP PEER IP on IDC devices.
    Configure the same BGP MD5 authentication key on both sides.
    Allow the BGP message to pass in the security policy of IDC devices.
    Open the TCP 179 port for the BGP session in the security policy.

    Troubleshooting Security Issues

    Check the ACL settings
    Ensure that the Tencent Cloud subnet ACL allows the traffic going from or to IDC hosts.
    Ensure that the IDC subnet ACL allows the traffic going from or to Tencent Cloud CVMs.
    Check the security group settings
    Ensure that the Tencent Cloud CVM security group allows the traffic going from or to IDC hosts.
    Ensure that the IDC security group allows the traffic going from or to Tencent Cloud CVMs.

    Troubleshooting Route Failures

    VPC-based direct connect gateway

    Static dedicated tunnel Check that IDC IP range is correctly configured on the dedicated tunnel and propagated to Tencent Cloud VPC. Otherwise, the Tencent Cloud VPC route to IDC server will be unreachable and cause business to be inaccessible.
    BGP dedicated tunnel Check that the direct connect gateway has obtained the IDC IP range according to the BGP protocol and propagated it to Tencent Cloud VPC. Otherwise, the Tencent Cloud VPC route to IDC server will be unreachable and cause business to be inaccessible.

    CCN-based direct connect gateway

    Static dedicated tunnel Check that IDC IP range is correctly configured on the dedicated tunnel and propagated to CCN. Otherwise, the Tencent Cloud VPC route to IDC server will be unreachable and cause business to be unaccessible.
    BGP dedicated tunnel Check that the dedicated tunnel BGP is correctly configured and the IDC IP range is synced to direct connect gateway and propagated to CCN. Otherwise, the Tencent Cloud VPC route to IDC server will be unreachable and cause business to be unaccessible.
    
    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support