All Products
Search

This Product

    :Troubleshoot failures to ping the IPv6 address of an ECS instance

    Document Center

    :Troubleshoot failures to ping the IPv6 address of an ECS instance

    Last Updated:Sep 18, 2025

    You may be unable to ping the IPv6 address of an Elastic Compute Service (ECS) instance for several reasons. This topic describes how to troubleshoot this issue.

    Symptoms

    After you enable an IPv6 address for an ECS instance, you cannot use the ping -6 command to reach the IPv6 address of the instance.

    Causes

    You may be unable to ping the IPv6 address of an ECS instance for the following reasons:

    • The IPv6 address of the ECS instance is not correctly configured.

    • The security group of the ECS instance is incorrectly configured.

    • IPv6 Internet bandwidth is not enabled for the instance. As a result, the instance cannot communicate with the Internet over IPv6.

    Step 1: Check the IPv6 configuration of the ECS instance

    1. Connect to the Linux instance using a VNC connection. For more information, see Connect to a Linux instance using a VNC connection.

    2. Run the following command to view and record the MAC address of the ECS instance. 

      curl http://100.100.100.200/latest/meta-data/mac && echo

    3. Run the following command to retrieve the metadata of the ECS instance. The metadata includes the IPv6 address, IPv6 gateway, and IPv6 CIDR block.

      Note

      Replace `[$MAC_ID]` with the MAC address that you obtained in the previous step. 

      curl http://100.100.100.200/latest/meta-data/network/interfaces/macs/[$MAC_ID]/ipv6s && echo \n && curl http://100.100.100.200/latest/meta-data/network/interfaces/macs/[$MAC_ID]/ipv6-gateway && echo \n && curl http://100.100.100.200/latest/meta-data/network/interfaces/macs/[$MAC_ID]/vswitch-ipv6-cidr-block && echo \n

      The command returns a similar output. image.png

    4. Run the following command to check whether the IPv6 address of the ECS instance is inconsistent with the IPv6 address in the metadata.

      Note

      This topic uses the eth0 network interface card (NIC) as an example. You must use the name of your actual NIC. 

      ifconfig eth0

      The output shows that the addresses are consistent. If they are inconsistent, configure the IPv6 address again. For more information, see Configure an IPv6 address. image (1).png

    5. Run the following command to check whether the IPv6 gateway of the ECS instance is inconsistent with the IPv6 gateway in the metadata. 

      route -6 -ne | grep ::/0

      The output shows that the gateways are consistent. If they are inconsistent, configure the IPv6 address again. For more information, see Configure an IPv6 address. Dingtalk_20201015114016.jpg

    6. Run the following command to check if the ECS server's IPv6 CIDR block does not match the one in the metadata. 

       route -6 -ne | grep eth0

      The output indicates that the CIDR blocks are consistent. If they are inconsistent, reconfigure the IPv6 address. For more information, see Configure an IPv6 address. Dingtalk_20201015141202.jpg

    Step 2: Check the security group configuration

    1. Go to ECS console - Security Groups.

    2. In the top navigation bar, select the region and resource group of the resource that you want to manage. 地域

    3. Find the target security group and click Manage Rules in the Actions column.

    4. On the security group details page, go to the Access Rule section and select the Inbound or Outbound tab.

      To use the ping command, you need to add a rule that sets Protocol to All ICMP-IPv6 and Access Source to the corresponding IPv6 address segment, for example, 2001:db8:1234:1a00::***. If this security group rule is missing, see Add a security group rule.

    Step 3: Check if IPv6 Internet bandwidth is enabled

    By default, the IPv6 address of an instance can be used only for private network communication. To access the Internet using the IPv6 address, you must enable IPv6 Internet bandwidth for the instance. For more information, see Enable IPv6 Internet bandwidth.

    Also, check whether Egress-only rules are configured for the IPv6 gateway. If you want to allow inbound traffic from the Internet to the IPv6 address of the instance, you must delete these rules.

    image

    Step 4: Confirm IPv6 connectivity

    Test public network connectivity

    Note

    When you test IPv6 network connectivity, make sure that both the server and the client support and have configured IPv6.

    ping -6 aliyun.com

    The following output indicates that the network connection is normal.ping -6

    Note

    In this example, the aliyun.com website supports IPv6. After your ECS instance is configured, you can access aliyun.com over IPv6.

    Test private network connectivity

    Note

    When you test IPv6 network connectivity, make sure that both the server and the client support and have configured IPv6. In this example, both the ECS01 and ECS02 instances must have IPv6 configured before they can communicate with each other.

    On instance ECS01, run the ping6 <Private IPv6 address of ECS02> command to ping the IPv6 address of ECS02 to test the private network connectivity.

    If you receive reply packets, the connection is successful. The test shows that private IPv6 communication from instance ECS01 to instance ECS02 is normal.pingecs02

    To test the private network connectivity, run the ping6 command on the ECS02 instance to ping the IPv6 address of ECS01.

    If you receive reply packets, the connection is successful. The test shows that private IPv6 communication from instance ECS02 to instance ECS01 is normal.pingecs01

    References