This topic describes how to switch an ApsaraDB RDS for MySQL instance between the classic network type and the virtual private cloud (VPC) network type.

For more information about how to change the network type of an RDS instance that runs another database engine, see the following topics:

Network types

  • Classic network: RDS instances in the classic network are not isolated by using network settings. You can block unauthorized access only by configuring IP address whitelists or security groups on these instances.
  • VPC: Each VPC is an isolated virtual network. A VPC provides higher security than the classic network. We recommend that you select the VPC network type.

    You can customize route tables, Classless Inter-Domain Routing (CIDR) blocks, and gateways in a VPC. In addition, you can connect your self-managed data center to a VPC by using leased lines or VPNs. The self-managed data center and the VPC comprise a virtual data center. You can migrate your workloads to the cloud without interruptions by using the virtual data center.

Note
  • You can select the classic or VPC network type and switch your RDS instance between these network types free of charge.
  • After you change the network type of your RDS instance, you must add IP addresses to IP address whitelists of the required network types. This applies if your RDS instance runs in enhanced whitelist mode. For more information, see Configure an IP address whitelist for an ApsaraDB RDS for MySQL instance.

View the network type

Go to the Database Connection page.
  1. Log on to the ApsaraDB for RDS console. In the left-side navigation pane, click Instances. In the top navigation bar, select the region where your RDS instance resides.
    选择地域
  2. Find your RDS instance and click its ID. In the left-side navigation pane, click Database Connection.
    View the network type in the new ApsaraDB RDS consoleView the network type in the original ApsaraDB RDS console

Change the network type from VPC to classic network

Take note of the following precautions:
  • After you change the network type from VPC to classic network, the internal endpoint of your RDS instance remains unchanged. However, the IP address that is bound to the internal endpoint changes.
  • After you change the network type from VPC to classic network, you cannot connect a VPC-hosted Elastic Compute Service (ECS) instance to your RDS instance by using the internal endpoint. You must update the endpoint configuration on your application at your earliest opportunity.
  • When you change the network type from VPC to classic network, a transient connection error of 30 seconds may occur. We recommend that you change the network type during off-peak hours. Alternatively, make sure that your application is configured to automatically reconnect to your RDS instance. This prevents interruptions to your workloads.
  • If your RDS instance runs MySQL 5.7 or MySQL 8.0 on RDS High-availability Edition with standard or enhanced SSDs or runs MySQL 8.0 on RDS Basic Edition, you cannot change the network type from VPC to classic network.

To change the network type from VPC to classic network, perform the following steps:

  1. Go to the Database Connection page.
    1. Log on to the ApsaraDB for RDS console. In the left-side navigation pane, click Instances. In the top navigation bar, select the region where your RDS instance resides.
      选择地域
    2. Find your RDS instance and click its ID. In the left-side navigation pane, click Database Connection.
  2. Click Switch to Classic Network.
  3. In the dialog box that appears, click OK.
    Note Wait until the network type change is complete. After the network type is changed from VPC to classic network, only a classic network-hosted ECS instance can connect to your RDS instance over an internal network. You must add the internal endpoint of your RDS instance to the ECS instance.
  4. Configure an IP address whitelist to allow access from the required classic network-hosted ECS instance over an internal network.
    • If your RDS instance runs in standard whitelist mode, add the private IP address of the classic network-hosted ECS instance to an IP address whitelist of the classic or VPC network type.
      Note You can go to the Instance Details page of an ECS instance in the ECS console to view the private IP address of the ECS instance.
    • If your RDS instance runs in enhanced whitelist mode, you can add the private IP address of the classic network-hosted ECS instance only to an IP address whitelist of the classic network type. For more information, see Switch an ApsaraDB RDS for MySQL instance to the enhanced whitelist mode. If no IP address whitelists of the classic network type are available, create one.
      Note You can go to the Instance Details page of an ECS instance in the ECS console to view the private IP address of the ECS instance.

Change the network type from classic network to VPC

Procedure

  1. Go to the Database Connection page.
    1. Log on to the ApsaraDB for RDS console. In the left-side navigation pane, click Instances. In the top navigation bar, select the region where your RDS instance resides.
      选择地域
    2. Find your RDS instance and click its ID. In the left-side navigation pane, click Database Connection.
  2. Click Switch to VPC.
  3. In the dialog box that appears, select a VPC and a vSwitch, and specify whether to retain the classic network endpoint.
    • Select a VPC. We recommend that you select the VPC where the required ECS instance resides. If the ECS and RDS instances reside in different VPCs, these instances cannot communicate over an internal network. However, you create a Cloud Enterprise Network (CEN) instance or an IPsec-VPN connection between the VPCs of these instances. This allows these instances to communicate over an internal network. For more information, see Overview and Establish IPsec-VPN connections between two VPCs.
    • Select a vSwitch. If no vSwitches are available in the selected VPC, create a vSwitch in the same zone as your RDS instance. For more information, see Create a vSwitch.
    • Clear or select the Reserve original classic endpoint option. For more information, see the following table.
      Action Description
      Clear the Reserve original classic endpoint option

      The classic network endpoint is not retained and changes to a VPC endpoint.

      When you change the network type from classic network to VPC, a transient connection error of 30 seconds occurs. In this case, the connection between each classic network-hosted ECS instance and your RDS instance is closed.
      Select the Reserve original classic endpoint option

      The classic network endpoint is retained, and a new VPC endpoint is generated. In this case, your RDS instance runs in hybrid access mode. Both classic network-hosted ECS instances and VPC-hosted ECS instances can connect to your RDS instance over an internal network. For more information, see Configure the hybrid access solution for an ApsaraDB RDS for MySQL instance.

      When you change the network type from classic network to VPC, no transient connection errors occur. The connection between each classic network-hosted ECS instance and your RDS instance remains available until the classic network endpoint expires.

      Before the classic network endpoint expires, you must add the VPC endpoint to your application that runs on a VPC-hosted ECS instance. This allows ApsaraDB RDS to migrate your workloads to the selected VPC without interruptions.

      For more information, see Configure the hybrid access solution for an ApsaraDB RDS for MySQL instance.

  4. Add the private IP address of the required VPC-hosted ECS instance to an IP address whitelist of the VPC network type. This allows the ECS instance to connect to your RDS instance over an internal network. If no IP address whitelists of the VPC network type are available, create one.
    Note You can go to the Instance Details page of an ECS instance in the ECS console to view the private IP address of the ECS instance.
    ecs ip
  5. Add the VPC endpoint of your RDS instance to the required VPC-hosted ECS instance.
    • If you have selected the Reserve original classic endpoint option, you must add the VPC endpoint to your application that runs on the required VPC-hosted ECS instance before the classic network endpoint expires.
    • If you have cleared the Reserve original classic endpoint option, the connection between each classic network-hosted ECS instance and your RDS instance over an internal network is immediately closed after the network type is changed from classic network to VPC. You must add the VPC endpoint of your RDS instance to your application that runs on the required ECS instance.
    Note If you want to connect a classic network-hosted ECS instance to your VPC-hosted RDS instance over an internal network, you can use ClassicLink to establish a connection. Alternatively, you can migrate the ECS instance to the same VPC as your RDS instance. For more information, see Overview.

FAQ

  • How do I change the VPC of my RDS instance?
    • If your RDS instance supports VPC and vSwitch changes, you can directly perform these changes. For more information, see the "Switch an ApsaraDB RDS for MySQL instance to a new VPC and a new vSwitch" section of this topic.
    • If you can switch your RDS instance between the classic and VPC network types, perform the following steps:
      1. Switch your RDS instance from the VPC network type to the classic network type.
      2. Switch your RDS instance from the classic network type to the VPC network type. During this process, select the required VPC.
    • If you cannot switch your RDS instance between the classic and VPC network types, perform the following steps:

      Purchase a new RDS instance. During this process, select the required VPC. Then, migrate the data of your RDS instance to the new RDS instance. For more information, see Migrate data between ApsaraDB RDS for MySQL instances.

  • Can an application access my VPC-hosted RDS instance over the Internet?

    Yes, if the IP address of the application is added to an IP address whitelist of your RDS instance, the application can access your RDS instance over the Internet. This applies regardless of whether your RDS instance resides in a VPC or the classic network. For more information, see Configure an IP address whitelist for an ApsaraDB RDS for MySQL instance.

  • Can I change the network type of a read-only RDS instance and retain the classic network endpoint?

    Yes, you can change the network type of a read-only RDS instance and retain the classic network endpoint.

Related operations

Operation Description
Change the network type of an ApsaraDB for RDS instance Changes the network type of an ApsaraDB RDS instance.