Deploy and Debug Alinux ECS with Networking

Scenario

Developers use this workflow when provisioning high-performance Alibaba Cloud Linux (Alinux) workloads that require fine-grained network control, such as low-latency microservices or data processing nodes. It combines infrastructure provisioning, OS-level kernel tuning, and systematic debugging to ensure stable connectivity and optimal throughput from day one.

Integration steps

1. Launch the Alinux instance: Provision the instance using the ECS API with the official Alinux image.

aliyun ecs RunInstances --RegionId cn-hangzhou --ImageId aliyun_3_x64_20G_alibase_*.qcow2 --InstanceType ecs.c7.xlarge --SecurityGroupId sg-xxx --VSwitchId vsw-xxx

2. Attach a secondary ENI: Create and bind an Elastic Network Interface for isolated traffic.

aliyun ecs CreateNetworkInterface --VSwitchId vsw-xxx --SecurityGroupId sg-xxx aliyun ecs AttachNetworkInterface --InstanceId i-xxx --NetworkInterfaceId eni-xxx

3. Assign a Public IP (EIP): Allocate and associate an EIP for outbound package management and debugging.

aliyun vpc AllocateEipAddress --RegionId cn-hangzhou aliyun vpc AssociateEipAddress --AllocationId eip-xxx --InstanceId i-xxx

4. Configure Security Group Rules: Explicitly allow SSH and ICMP for initial validation.

aliyun ecs AuthorizeSecurityGroup --SecurityGroupId sg-xxx --IpProtocol tcp --PortRange 22/22 --SourceCidrIp 0.0.0.0/0

5. Tune Kernel Parameters: SSH into the instance and apply Alinux-optimized network stack settings.

sudo sysctl -w net.core.rmem_max=16777216 net.core.wmem_max=16777216 net.ipv4.tcp_tw_reuse=1 echo "net.core.rmem_max=16777216" | sudo tee -a /etc/sysctl.conf && sudo sysctl -p

6. Validate & Troubleshoot: If sysctl -p throws unknown key or connectivity drops, cross-reference OS logs with cloud state.

journalctl -u network --no-pager | grep -i error ip route show && ping -c 3 8.8.8.8 Use aliyun ecs DescribeInstanceStatus and aliyun ecs DescribeNetworkInterfaces to verify cloud-side resource alignment.

Architecture

The ECS control plane orchestrates virtualized infrastructure (ENI, Security Groups, EIP) and injects it into the guest OS via virtio drivers. Alinux manages the network stack initialization, routing table population, and kernel parameter enforcement. Troubleshooting flows bidirectionally: OS-level diagnostics (journalctl, sysctl, ip) validate local configuration, while ECS APIs (DescribeInstanceStatus, DescribeNetworkInterfaces) verify cloud-side state, enabling rapid isolation of misconfigurations.

Prerequisites

• Alibaba Cloud CLI (aliyun) configured with valid AccessKey/SecretKey
• RAM role with AliyunECSFullAccess and AliyunVPCFullAccess
• Pre-existing VPC and VSwitch in the target region
• Alinux 3.x image ID and an SSH key pair
• Basic Linux networking knowledge (ip, sysctl, journalctl)

Common pitfalls

• ENI not visible in OS: Cloud attachment alone doesn’t auto-configure the guest OS; you must manually activate the interface (sudo ip link set eth1 up) and configure DHCP.
• Security Group blocking ICMP/SSH: Default SGs often drop inbound traffic; explicitly authorize tcp/22 and icmp/-1/-1 before testing connectivity.
• sysctl -p fails with unknown key: Alinux 3 deprecated older keys like net.ipv4.tcp_tw_recycle; verify kernel version compatibility before applying legacy configs.
• YUM repository routing failures: In VPC environments, ensure the instance has a NAT gateway or EIP for outbound package downloads; classic network routing rules do not apply.

Typical questions

• deploy alinux ECS and configure network
• ECS实例部署配置网络
• set up ECS with custom networking and tune kernel
• ECS启动后网络不通怎么排查
• Alibaba Cloud Linux instance lifecycle and networking
• ECS内核调优和网络配置
• provision ECS fix ping failure
• ECS部署排障全流程