Why can't I bind the public ip?

When I run consul agent -server -ui -bind=xxx.xx.xxx.xx ..., I get the error:

# consul agent -server -ui -bind=xxx.xx.xxx.xx -client= -bootstrap-expect=1 -data-dir=./data -node=server-1 
[ERROR] agent: Error starting agent: error="Failed to start Consul server: Failed to start RPC layer: listen tcp xxx.xx.xxx.xx:8300: bind: cannot assign requested address"

xxx.xx.xxx.xx is the public ip of my cloud server, I can successfully execute the ping command on the server or local computer, and my firewall has port 8300 open (firewall on centos and vpc on the cloud server)

If I do not set bind, I also get the error: Multiple private IPv4 addresses found. Please configure one with 'bind' and/or 'advertise'.

When I set bind to, it runs successfully.

Please help me, why is this, please!

Some clouds give public IP addresses directly to the servers involved.

Some clouds do not, and provide public IP access via NAT translation, in which case the public addresses are not present directly on the servers themselves and you need to bind to a related private IP instead.

It sounds like yours is one of the second type.

1 Like

Oh, yes, thanks!

It’s a tcp error message, the value of -bind is the address of the tcp listener, it has to be the ip assigned to the machine (the ip configured on one of the machine’s vNICs)
I can configure this public ip using -advertise.

Why does consul not allow the default bind value ( to be used when the machine has multiple ip’s, and what is the reason for this?

If the machine has more than one IP and is not specified with -bind, an error is reported:
==> Multiple private IPv4 addresses found. Please configure one with 'bind' and/or 'advertise'.

It looks like -advertise has this effect? Because with -advertise you don’t need to configure -bind again. -advertise does not seem to care that the destination address of the packet must be any of the local ip.

It does. However, the wildcard address is not one that can be connected to from other machines. Therefore, if you want to bind to the wildcard address, it then becomes mandatory for an advertise address (that this node can tell others to use to reach it) either be specified, or successfully autodetected.

Because it’s potentially OK for the node’s advertised address to be one reachable via NAT.

1 Like