This topic describes how to change the network type of an ApsaraDB RDS for MySQL instance between classic network and VPC.
For more information about how to change the network type in other database engines, see the following topics:
- Change the network type of an ApsaraDB RDS for SQL Server instance
- Change the network type of an ApsaraDB RDS for PostgreSQL instance
- Change the network type of an ApsaraDB RDS for PPAS instance
Network types
- Classic network: RDS instances in the classic network are not isolated. You can only use whitelists to block unauthorized access to the instances.
- VPC: Each Virtual Private Cloud (VPC) is an isolated network. We recommend that you
use the VPC network type because it is more secure.
You can configure routing tables, Classless Inter-Domain Routing (CIDR) blocks, and gateways in a VPC. You can also connect on-premises data centers to VPCs by using a leased line or VPN. This allows you to migrate applications to the cloud without service interruption.
- You can use and switch between the classic network and VPC free of charge.
- You must first switch to the enhanced whitelist mode on the ApsaraDB RDS for MySQL instance before you change the network type. For more information, see Switch to the enhanced whitelist mode for an ApsaraDB RDS for MySQL instance.
Change the network type from VPC to classic network
- After you change the network type from VPC to classic network, the internal endpoint of the RDS instance remains unchanged, but the IP address bound to the internal endpoint changes.
- After the network type is changed, ECS instances in the same VPC as the RDS instance can no longer connect to the RDS instance by using the internal endpoint. You must update the endpoint for the applications deployed on the ECS instances.
- When you change the network type, a 30-second brief disconnection may occur. To avoid interference to your business, change the network type during off-peak hours or make sure that your application is configured to automatically reconnect to the RDS instance.
- The following RDS instances do not support the classic network: instances that run MySQL 5.7 or 8.0 on the High-availability Edition with standard or enhanced SSDs, and instances that run MySQL 8.0 on the Basic Edition.
Procedure
- Log on to the ApsaraDB for RDS console.
- In the top navigation bar, select the region where the target RDS instance resides.
- Find the target RDS instance and click its ID.
- In the left-side navigation pane, click Database Connection.
- In the Database Connection section, click Switch to Classic Network.
- In the message that appears, click OK.
After the network type is changed to classic network, only ECS instances in the classic network can connect to the RDS instance by using the internal endpoint. You must configure the internal endpoint for the ECS instances.
- Configure a whitelist to allow ECS instances in the classic network to connect to
the RDS instance by using the internal endpoint.
- If the network isolation mode of the RDS instance is standard whitelist, add the private
IP addresses of the ECS instances to any whitelist.
- If the network isolation mode of the RDS instance is enhanced whitelist, add the private IP addresses of the ECS instances to a classic network whitelist.
If no classic network whitelist is available, create a whitelist.
- If the network isolation mode of the RDS instance is standard whitelist, add the private
IP addresses of the ECS instances to any whitelist.
Change the network type from classic network to VPC
Procedure
- Log on to the ApsaraDB for RDS console.
- In the top navigation bar, select the region where the target RDS instance resides.
- Find the target RDS instance and click its ID.
- In the left-side navigation pane, click Database Connection.
- Click Switch to VPC.
- In the dialog box that appears, select a VPC and a VSwitch and specify whether to
retain the endpoint used in the classic network.
- Select a VPC. We recommend that you select the VPC where your ECS instances reside. Otherwise, the ECS instances cannot communicate with the RDS instance over the internal network unless you enable communication by using Cloud Enterprise Network or VPN Gateway.
- Select a VSwitch. If no VSwitches are available in the selected VPC, create a VSwitch
in the same zone where the RDS instance resides. For more information, see Create a VSwitch.
- Determine whether to select Reserve Original Classic Network Endpoint based on the following table.
Action Description Clear The endpoint used in the classic network is replaced with an endpoint in the VPC.
When you change the network type, a 30-second brief disconnection may occur, and connections between ECS instances in the classic network and the RDS instance are interrupted.Select The endpoint used in the classic network is retained, and a new endpoint to be used in the VPC is generated. As shown in the following figure, hybrid access is allowed. ECS instances in both the classic network and the selected VPC can connect to the RDS instance over the internal network.
When you change the network type, no brief disconnection occurs. Connections between ECS instances in the classic network and the RDS instance remain available until the endpoint used in the classic network expires.
Before the endpoint used in the classic network expires, you must add the new endpoint used in the VPC to the ECS instances. This allows you to migrate your business to the VPC without interruption. Seven days before the endpoint used in the classic network expires, the system sends text messages to the phone number bound to your Alibaba Cloud account every day.
For more information, see Configure a hybrid access solution to smoothly migrate an RDS instance from the classic network to a VPC.
- Add the private IP addresses of ECS instances in the selected VPC to a VPC whitelist.
This allows the ECS instances to access the RDS instance over the internal network.
If no VPC whitelists are available, create a VPC whitelist.
- Add the VPC endpoint of the RDS instance to ECS instances.
- If you have retained the classic network endpoint, add the VPC endpoint to the ECS instances before the classic network endpoint expires.
- If you have not retained the classic network endpoint, connections between ECS instances in the classic network and the RDS instance over the internal network are interrupted. You must add the new endpoint to ECS instances in the VPC immediately after the network type is changed.
Note If you want to connect ECS instances in the classic network to an RDS instance in a VPC over the internal network, you can use ClassicLink to establish a connection or migrate the ECS instances to the same VPC as the RDS instance.
FAQ
- How do I change the VPC of my RDS instance?
- You can change the VPC and VSwitch if your RDS instance supports the changes. For more information, see Switch to a new VPC and VSwitch for an RDS MySQL instance.
- If your RDS instance supports direct network type changes:
- Switch the network type from VPC to Classic Network.
- Switch the network type from Classic Network to VPC with the destination VPC selected.
- If your RDS instance does not support direct network type changes:
Purchase a new RDS instance in another VPC and migrate data to the new instance. For more information, see Migrate data between ApsaraDB for RDS instances.
- Can applications access my RDS instance in a VPC over the Internet?
If the IP addresses of the applications are added to a whitelist of your RDS instance, the applications can access your RDS instance over the Internet no matter whether your RDS instance resides in a VPC or the classic network. For more information, see Configure a whitelist for an ApsaraDB RDS for MySQL instance.
Related operations
| Operation | Description |
|---|---|
| ModifyDBInstanceNetworkType | Changes the network type of an RDS instance. |