Change the network type of an ApsaraDB RDS for MySQL instance - RDS MySQL Database| Alibaba Cloud Documentation Center

For more information about how to change the network type of an RDS instance that runs a different database engine, see the following topics:

Impacts

If the database proxy feature is enabled on an RDS instance, a network type change may cause the following impacts. For more information, see Introduction to database proxies.


Proxy type	Impact
Shared proxy	After you change the network type of an RDS instance, the network type of the read/write splitting endpoint changes. For more information, see Use the dedicated proxy endpoints of an ApsaraDB RDS for MySQL instance to implement read/write splitting. Note Since April 1, 2021, Alibaba Cloud has stopped the updates and maintenance for the shared proxy feature of ApsaraDB RDS for MySQL. For more information, see [Notice] End of updates and maintenance for the shared proxy service. We recommend that you upgrade your RDS instance from shared proxy to dedicated proxy at the earliest opportunity. Then, you can use more features. For more information, see Upgrade an ApsaraDB RDS for MySQL instance from shared proxy to dedicated proxy.
Dedicated proxy	After you change the network type of an RDS instance, the network type of the read/write splitting endpoint remains unchanged. For more information, see Use the dedicated proxy endpoints of an ApsaraDB RDS for MySQL instance to implement read/write splitting. You can create proxy endpoints of different network types. For example, you can create a proxy endpoint of the classic network type and a proxy endpoint of the VPC network type on the same RDS instance. For more information, see Manage the dedicated proxy endpoints of an ApsaraDB RDS for MySQL instance.

Note You can view the type of proxy that is enabled for your RDS instance on the Database Proxy page of the ApsaraDB RDS console. For more information, see Upgrade an ApsaraDB RDS for MySQL instance from shared proxy to dedicated proxy.

Network types

Classic network: RDS instances in the classic network are not isolated by using network settings. You can block unauthorized access only by configuring IP address whitelists or security groups on these instances.
VPC: Each VPC is an isolated virtual network. A VPC provides higher security than the classic network. We recommend that you select the VPC network type.
You can customize route tables, Classless Inter-Domain Routing (CIDR) blocks, and gateways in a VPC. In addition, you can connect your data center to a VPC by using leased lines or virtual private networks (VPNs). The data center and the VPC comprise a virtual data center, which can be used to migrate your workloads to the cloud without interruptions.

Note

You can select the classic or VPC network type and switch your RDS instance between these network types free of charge.
After you change the network type of your RDS instance, you must add IP addresses to the IP address whitelists of the required network types. This applies if your RDS instance runs in enhanced whitelist mode. For more information, see Configure an IP address whitelist for an ApsaraDB RDS for MySQL instance.

View the network type

Visit the RDS instance list, select a region above, and click the target instance ID.
In the left-side navigation pane, click Database Connection.

Change the network type from VPC to classic network

Take note of the following precautions:

After you change the network type from VPC to classic network, the internal endpoint of your RDS instance remains unchanged. However, the IP address that is associated with the internal endpoint changes.
After you change the network type from VPC to classic network, you cannot connect a VPC-hosted Elastic Compute Service (ECS) instance to your RDS instance by using the internal endpoint. You must update the endpoint configuration on your application at the earliest opportunity.
When you change the network type from VPC to classic network, a transient connection error of 30 seconds may occur. We recommend that you change the network type during off-peak hours. Alternatively, make sure that your application is configured to automatically reconnect to your RDS instance. This prevents interruptions to your workloads.
If your RDS instance runs MySQL 5.7 or MySQL 8.0 on RDS High-availability Edition with standard or enhanced SSDs or runs MySQL 5.7 or MySQL 8.0 on RDS Basic Edition, you cannot change the network type from VPC to classic network.

To change the network type from VPC to classic network, perform the following steps:

Visit the RDS instance list, select a region above, and click the target instance ID.
In the left-side navigation pane, click Database Connection.
Click Switch to Classic Network.
In the dialog box that appears, click OK.

Note Wait until the network type change is complete. After the network type is changed from VPC to classic network, only a classic network-hosted ECS instance can connect to your RDS instance over an internal network. You must add the internal endpoint of your RDS instance to the ECS instance.
Configure an IP address whitelist to allow access from the required classic network-hosted ECS instance over an internal network.
- If your RDS instance runs in standard whitelist mode, you can add the private IP address of the classic network-hosted ECS instance to an IP address whitelist of the classic or VPC network type.
  
  Note You can go to the Instance Details tab of an ECS instance in the ECS console to view the private IP address of the ECS instance.
- If your RDS instance runs in enhanced whitelist mode, you can add the private IP address of the classic network-hosted ECS instance only to an IP address whitelist of the classic network type. For more information, see Switch an ApsaraDB RDS for MySQL instance to the enhanced whitelist mode. If no IP address whitelists of the classic network type are available, create one.
  
  Note You can go to the Instance Details tab of an ECS instance in the ECS console to view the private IP address of the ECS instance.

Change the network type from classic network to VPC

To change the network type from classic network to VPC, perform the following steps:

Visit the RDS instance list, select a region above, and click the target instance ID.
In the left-side navigation pane, click Database Connection.
Click Switch to VPC.

In the dialog box that appears, select a VPC and a vSwitch, and specify whether to retain the classic network endpoint.

Select a VPC. We recommend that you select the VPC where the required ECS instance resides. If the ECS and RDS instances reside in different VPCs, these instances cannot communicate over an internal network. In this case, if you want these instances to communicate over an internal network, you must create a Cloud Enterprise Network (CEN) instance or an IPsec-VPN connection between the VPCs of these instances. For more information, see Overview of CEN and Establish IPsec-VPN connections between two VPCs.
Select a vSwitch. If no vSwitches are available in the selected VPC, create a vSwitch in the same zone as your RDS instance. For more information, see Create a vSwitch.

Clear or select the Reserve original classic endpoint check box. For more information, see the following table.


Action	Description
Clear the Reserve original classic endpoint check box	The classic network endpoint is not retained and changes to a VPC endpoint. When you change the network type from classic network to VPC, a transient connection error of 30 seconds occurs. In this case, the connection between each classic network-hosted ECS instance and your RDS instance is closed.
Select the Reserve original classic endpoint check box	The classic network endpoint is retained, and a new VPC endpoint is generated. In this case, your RDS instance runs in hybrid access mode. Both classic network-hosted ECS instances and VPC-hosted ECS instances can connect to your RDS instance over an internal network. For more information, see Configure the hybrid access solution for an ApsaraDB RDS for MySQL instance. When you change the network type from classic network to VPC, no transient connection errors occur. The connection between each classic network-hosted ECS instance and your RDS instance remains available until the classic network endpoint expires. Before the classic network endpoint expires, you must add the VPC endpoint to your application that runs on a VPC-hosted ECS instance. This allows ApsaraDB RDS to migrate your workloads to the selected VPC without interruptions. For more information, see Configure the hybrid access solution for an ApsaraDB RDS for MySQL instance.

Add the private IP address of the required VPC-hosted ECS instance to an IP address whitelist of the VPC network type. This allows the ECS instance to connect to your RDS instance over an internal network. If no IP address whitelists of the VPC network type are available, create one.

Note You can go to the Instance Details tab of an ECS instance in the ECS console to view the private IP address of the ECS instance.
Add the VPC endpoint of your RDS instance to the required VPC-hosted ECS instance.
- If you have selected the Reserve original classic endpoint check box, you must add the VPC endpoint to your application that runs on the required VPC-hosted ECS instance before the classic network endpoint expires.
- If you have cleared the Reserve original classic endpoint check box, the connection between each classic network-hosted ECS instance and your RDS instance over an internal network is immediately closed after the network type is changed from classic network to VPC. You must add the VPC endpoint of your RDS instance to your application that runs on the required ECS instance.
Note If you want to connect a classic network-hosted ECS instance to your VPC-hosted RDS instance over an internal network, you can use ClassicLink to establish a connection. Alternatively, you can migrate the ECS instance to the same VPC as your RDS instance. For more information, see Overview of ClassicLink.

FAQ

How do I change the VPC of my RDS instance?
- If your RDS instance supports VPC and vSwitch changes, you can directly perform these changes. For more information, see Switch an ApsaraDB RDS for MySQL instance to a new VPC and a new vSwitch.
- If you can switch your RDS instance between the classic and VPC network types, perform the following steps:
  1. Switch your RDS instance from the VPC network type to the classic network type.
  2. Switch your RDS instance from the classic network type to the VPC network type. During this process, select the required VPC.
- If you cannot switch your RDS instance between the classic and VPC network types, perform the following steps:
  Purchase a new RDS instance. During this process, select the required VPC. Then, migrate the data of your RDS instance to the new RDS instance. For more information, see Migrate data between ApsaraDB RDS for MySQL instances.
Can an application access my VPC-hosted RDS instance over the Internet?
Yes, if the IP address of the application is added to an IP address whitelist of your RDS instance, the application can access your RDS instance over the Internet. This applies regardless of whether your RDS instance resides in a VPC or the classic network. For more information, see Configure an IP address whitelist for an ApsaraDB RDS for MySQL instance.
Can I change the network type of a read-only RDS instance and retain the classic network endpoint?
Yes, you can change the network type of a read-only RDS instance and retain the classic network endpoint.

Related operations


Operation	Description
Change the network type of an ApsaraDB for RDS instance	Changes the network type of an ApsaraDB RDS instance.

Prerequisites