This topic describes how to allow DTS to access the network that is connected over Express Connect, VPN Gateway, or Smart Access Gateway. You must perform this operation if you use a user-created database that is connected to Alibaba Cloud over Express Connect, VPN Gateway, or Smart Access Gateway.

Prerequisites

The on-premises network to which the user-created database belongs is connected to Alibaba Cloud over Express Connect, VPN Gateway, or Smart Access Gateway.

Note For more information, see Connect to local IDCs.

Allow DTS to access the network connected over Express Connect or Smart Access Gateway

  1. Log on to the Express Connect console.
  2. In the left-side navigation pane, choose Physical Connections > Virtual Border Routers (VBRs).
  3. Select the region where the target VBR resides and click the VBR ID.
  4. Click the Route Entries tab, and then click Add Route Entry.Add a route entry
  5. Modify the configurations of the route entry, and then click OK.
    Parameter Description
    Destination CIDR Block Enter the CIDR blocks of DTS servers.
    Note For more information about the CIDR blocks of DTS servers in each region, see Add the CIDR blocks of DTS servers to the security settings of on-premises databases.
    Next Hop Type Select VPC.

    Data sent to a destination CIDR block is forwarded to the selected VPC.

    Next Hop Select the next hop instance to receive requests.
  6. On the Advertised BGP Subnets tab, click Advertise BGP Subnet and enter the CIDR blocks of DTS servers. For more information, see Advertise the BGP CIDR block.

Allow DTS to access the network connected over VPN Gateway

  1. Log on to the VPC console.
  2. In the left-side navigation pane, choose VPN > IPsec Connections.
  3. Modify the configurations of an IPsec connection. Add the CIDR blocks of DTS servers to the value of the Local Network parameter and change the VPN connection protocol to ikev2.
    Note For more information about the CIDR blocks of DTS servers in each region, see Add the CIDR blocks of DTS servers to the security settings of on-premises databases.
    Modify the configurations of an IPsec connection
  4. Download the new VPN configuration and modify the VPN configuration that is loaded to the local gateway. For more information, see Load the VPN configuration to the local gateway.
  5. Add a static route entry to the local gateway. The destination addresses are the CIDR blocks of DTS servers. The next hop is the new IPsec-VPN tunnel interface.