This topic describes how to configure a route between Data Transmission Service (DTS) and Express Connect, VPN Gateway, or Smart Access Gateway in the Alibaba Cloud Management Console. You must configure a route if your source or destination database is connected to Alibaba Cloud over Express Connect, VPN Gateway, or Smart Access Gateway. After you configure the route, DTS is allowed to access the routed network.

Prerequisites

The on-premises network to which the user-created MySQL database belongs is connected to Alibaba Cloud over Express Connect, VPN Gateway, or Smart Access Gateway.

Note For more information, see Connect to local IDCs.

Configure a route between DTS and CEN

You cannot configure a route between DTS and Cloud Enterprise Network (CEN) in the Alibaba Cloud Management Console. To configure a route between DTS and CEN, you must call the ResolveAndRouteServiceInCen operation. For more information, see ResolveAndRouteServiceInCen.

Notice When you call the ResolveAndRouteServiceInCen operation, you must specify the CIDR blocks of DTS servers as the value of the Host request parameter. For more information, see Add the CIDR blocks of DTS servers to the security settings of on-premises databases.

Configure a route between DTS and Express Connect or Smart Access Gateway

  1. Log on to the Express Connect console.
  2. In the left-side navigation pane, choose Physical Connections > Virtual Border Routers (VBRs).
  3. Select the region where the virtual border router (VBR) resides and click the VBR ID.
  4. Click the Route Entries tab, and then click Add Route Entry.Add a route entry
  5. Modify the configurations of the route entry, and then click OK.
    Parameter Description
    Destination CIDR Block Enter the CIDR blocks of DTS servers.
    Note For more information about the CIDR blocks of DTS servers in each region, see Add the CIDR blocks of DTS servers to the security settings of on-premises databases.
    Next Hop Type Select VPC.

    The VBR forwards data to the selected VPC.

    Next Hop Select the next hop instance that receives the data.
  6. On the Advertised BGP Subnets tab, click Advertise BGP Subnet and enter the CIDR blocks of DTS servers. For more information, see Advertise the BGP CIDR block.

Configure a route between DTS and VPN Gateway

  1. Log on to the VPC console.
  2. In the left-side navigation pane, choose VPN > IPsec Connections.
  3. Modify the configurations of an IPsec connection. Enter the CIDR blocks of DTS servers in the Local Network field and change the VPN connection protocol to ikev2.
    Note For more information about the CIDR blocks of DTS servers in each region, see Add the CIDR blocks of DTS servers to the security settings of on-premises databases.
    Modify the configurations of an IPsec connection
  4. Download the new VPN configuration and modify the VPN configuration that is loaded to the local gateway. For more information, see Load the VPN configuration to the local gateway.
  5. Add a static route entry to the local gateway. The destination addresses are the CIDR blocks of DTS servers. The next hop is the new IPsec-VPN tunnel interface.