This topic describes how to change the network type of an RDS for MySQL instance.
Network types
- Classic network: Instances in a classic network are not isolated. Access control is implemented for instances by using whitelists.
- Virtual Private Cloud (VPC): A VPC is an isolated network environment. We recommend
that you use VPC because it is more secure.
You can customize the routing table, IP address range, and gateway of the VPC. To smoothly migrate applications to the cloud, you can use a leased line or VPN to connect your own data center to a VPC on the cloud to make a virtual data center.
- You can use the classic network or VPC and switch between the network types for free.
- For PostgreSQL instances, you must switch the IP whitelist mode to the enhanced whitelist mode before switching the network type. For more information, see Switch to the enhanced whitelist mode for an RDS for MySQL instance.
Switch from VPC to classic network
- After the network type of an RDS instance is switched to classic network, the endpoints remain unchanged, but the corresponding IP addresses change.
- After the network type of an RDS instance is switched to classic network, ECS instances in VPCs cannot access the RDS instance by using the internal endpoint. Make sure that you change the endpoint on the application.
- Switching the network type may result in a disconnection of 30 seconds. To avoid impacts that arise from this operation, we recommend that you perform the switching during off-peak hours, or configure automatic reconnection policies for your application.
- Instances of PostgreSQL 11 High-availability Edition (cloud disk), PostgreSQL 10 High-availability Edition (cloud disk), and PostgreSQL 10 Basic Edition do not support the classic network. Therefore, you cannot switch these instances to the classic network.
Procedure
- Log on to the ApsaraDB for RDS console.
- In the upper-left corner, select the region where the target RDS instance is located.
- Find the target RDS instance and click the instance ID.
- In the left-side navigation pane, click Database Connection.
- In the Database Connection section, click Switch to Classic Network.
- In the message that appears, click OK.
After the network type is switched, only ECS instances in classic networks can access the RDS instance over the internal network. Make sure that you configure the endpoint of the RDS instance on the ECS instance in the classic network.
- Configure the whitelist of the RDS instance to allow access from the ECS instance
over the internal network.
- If the RDS instance applies the standard whitelist mode, as shown in the following
figure, you must add the internal endpoint of the ECS instance in the classic network
to any whitelist of the RDS instance.
- If the RDS instance applies the enhanced whitelist mode, as shown in the following figure, you must add the internal endpoint of the ECS
instance in the classic network to the default classic network whitelist of the RDS instance. If there is no classic network whitelist, you must create a
new whitelist.
- If the RDS instance applies the standard whitelist mode, as shown in the following
figure, you must add the internal endpoint of the ECS instance in the classic network
to any whitelist of the RDS instance.
Switch from classic network to VPC
Procedure
- Log on to the ApsaraDB for RDS console.
- In the upper-left corner, select the region where the target RDS instance is located.
- Find the target RDS instance and click the instance ID.
- In the left-side navigation pane, click Database Connection .
- Click Switch to VPC.
- In the dialog box that appears, select a VPC and a VSwitch, and specify whether to
retain the classic network address.
- Select a VPC. We recommend that you select the VPC where your ECS instance is located. Otherwise, the ECS and RDS instances cannot connect to each other over the internal network unless Express Connect or VPN Gateway are created to connect the two VPCs.
- Select a VSwitch. If there is no VSwitch in the VPC that you select, as shown in the
following figure, you must create a VSwitch in the zone where the instance is located.
For more information, see Manage VSwitches.
- Select or clear Reserve Original Classic Endpoint as needed. The following table describes the details.
Action Description Clear The classic network address is not retained. The original classic network address is changed to the VPC address.
If you do not retain the classic network address, the RDS instance will be disconnected for 30 seconds, and the access from the ECS instance in the classic network to the RDS instance over the internal network is immediately disconnected when you switch the network type.Select The classic network address is retained, and a new VPC address is generated, as shown in the following figure. It indicates that the hybrid access mode is enabled, and the RDS instance can be accessed by ECS instances in both a classic network and a VPC.
If you retain the classic network address, the RDS instance will not be disconnected when you switch the network type. The internal access from the ECS instance in the classic network to the RDS instance is only disconnected when the classic network address expires.
Before the classic network address expires, make sure that the VPC address has been configured in the ECS instance in the VPC to smoothly migrate your services to the VPC. The system will send an SMS message to the phone number bound to your Alibaba Cloud account every day in the seven days before the classic network address expires.
For more information, see Configure a hybrid access solution to smoothly migrate an RDS instance from the classic network to a VPC.
- Add the internal IP address of the ECS instance in the VPC to the VPC whitelist of the RDS instance, so that the ECS instance can access the RDS instance over the
internal network, as shown in the following figure. If there is no VPC whitelist,
you must create a new whitelist.
- Perform one of the following operations as needed:
- If you retain the classic network address, you must configure the VPC address of the RDS instance in the ECS instance that is in the VPC.
- If you do not retain the classic network address, the access from the ECS instance in the classic network to the RDS instance over the internal network is immediately disconnected when you switch the network type. You must configure the VPC address of the RDS instance in the ECS instance that is in the VPC.
Note If you need to use the ECS instance in the classic network to access the RDS instance in the VPC, you can use the ClassicLink function or migrate the ECS instance to the VPC.
Related operations
| Operation | Description |
|---|---|
| ModifyDBInstanceNetworkType | Used to switch the network type of an RDS instance. |