Change the network type of an ApsaraDB RDS for MySQL instance

Edit in GitHub

Last Updated: Aug 14, 2020 Edit in GitHub

This topic describes how to change the network type of an ApsaraDB RDS for MySQL instance between classic network and VPC.

For more information about how to change the network type in other database engines, see the following topics:

Network types

Classic network: RDS instances in the classic network are not isolated. You can block unauthorized access only by configuring IP address whitelists or security groups on these instances.
VPC: Each virtual private cloud (VPC) is an isolated network. We recommend that you select the VPC network type because it is more secure than the classic network.
You can configure route tables, Classless Inter-Domain Routing (CIDR) blocks, and gateways in a VPC. To smoothly migrate applications to the cloud, you can connect your own data center to a VPC by using use leased lines or VPNs. This allows you to build a virtual data center on the cloud.

Note

You can select the classic or VPC network type and change between the two network types free of charge.
Before you change the network type, you must switch the RDS instance to the enhanced whitelist mode. For more information, see Switch to the enhanced whitelist mode for an ApsaraDB RDS for MySQL instance.

Change the network type from VPC to classic network

Precautions

After you change the network type from VPC to classic network, the internal endpoint of the RDS instance remains unchanged. However, the IP address bound to the internal endpoint changes.
After you change the network type from VPC to classic network, you cannot access the RDS instance by using the internal endpoint. This applies to an Alibaba Cloud Elastic Compute Service (ECS) instance that no longer resides in the same VPC as the RDS instance. Make sure that you immediately update the endpoint information on your application after you change the network type.
When you change the network type from VPC to classic network, a transient connection error of about 30 seconds may occur. To avoid interruptions to your workloads, we recommend that you perform the network type change during off-peak hours. Alternatively, make sure that your application is configured to automatically reconnect to the RDS instance.
If the RDS instance runs MySQL 5.7 or 8.0 on RDS High-availability Edition with standard or enhanced SSDs or runs MySQL 8.0 on RDS Basic Edition, you cannot change the network type from VPC to classic network.

Procedure

Log on to the ApsaraDB for RDS console.
In the left-side navigation pane, click Instances. In the top navigation bar, select the region where the target RDS instance resides.
Find the target instance and click the instance ID.
In the left-side navigation pane, click Database Connection.
Click Switch to Classic Network.
In the dialog box that appears, click OK.

After you change the network type, only a classic network-housed ECS instance can access the RDS instance over an internal network. You must modify the ECS instance to configure the internal endpoint that is used to connect to the RDS instance.
Configure an IP address whitelist to allow access from a classic network-housed ECS instance over an internal network.
- If the RDS instance runs in standard whitelist mode, you can add the private IP address of the classic network-housed ECS instance to an IP address whitelist of the classic or VPC network type.
- If the RDS instance runs in enhanced whitelist mode, you can add the private IP address of the classic network-housed ECS instance only to an IP address whitelist of the classic network type. For more information, see Switch to the enhanced whitelist mode for an ApsaraDB RDS for MySQL instance. If no IP address whitelists of the classic network type are available, create one.

Change the network type from classic network to VPC

Procedure

Log on to the ApsaraDB for RDS console.
In the left-side navigation pane, click Instances. In the top navigation bar, select the region where the target RDS instance resides.
Find the target instance and click the instance ID.
In the left-side navigation pane, click Database Connection.
Click Switch to VPC.

In the dialog box that appears, select a VPC and a VSwitch, and then specify whether to retain the classic network endpoint.

Select a VPC. We recommend that you select the VPC where the required ECS instance resides. If the ECS and RDS instances reside in different VPCs, these instances cannot communicate over an internal network unless you create a Cloud Enterprise Network (CEN) or gateway between the VPCs of these instances. For more information, see Alibaba Cloud CEN tutorials and Establish a connection between two VPCs.
Select a VSwitch. If no VSwitches are available in the selected VPC, create one in the same zone where the RDS instance resides. For more information, see Create a VSwitch.

Clear or select the Reserve Original Classic Network Endpoint option. For more information, see the following table.


Action	Description
Clear the Reserve Original Classic Network Endpoint option	The classic network endpoint is not retained and will become a VPC endpoint. When you change the network type from classic network to VPC, a transient connection error of about 30 seconds will occur. In this case, the connection between each classic network-housed ECS instance and the RDS instance is closed.
Select the Reserve Original Classic Network Endpoint option	The classic network endpoint is retained, and a new VPC endpoint is generated. In this case, the RDS instance runs in hybrid access mode. This indicates that both classic network- and VPC-housed ECS instances can access the RDS instance over internal networks. When you change the network type from classic network to VPC, no transient connection errors will occur. The connection between each classic network-housed ECS instance and the RDS instance remains available until the classic network endpoint expires. Before the classic network endpoint expires, you must add the VPC endpoint to the required ECS instance. This allows you to migrate your workloads to the selected VPC without interruptions. In addition, before the classic network endpoint expires, the system will send a text message to the phone number that is bound to your Alibaba Cloud account for seven consecutive days. For more information, see Configure a hybrid access solution to smoothly migrate an RDS instance from the classic network to a VPC.

Add the private IP address of the required ECS instance in the selected VPC to an IP address whitelist of the VPC network type. This allows the ECS instance to access the RDS instance over an internal network. If no IP address whitelists of the VPC network type are available, create one.
Add the VPC endpoint of the RDS instance to the required ECS instance.
- If you have selected the Reserve Original Classic Network Endpoint option, add the generated VPC endpoint to each VPC-housed ECS instance before the classic network endpoint expires.
- If you have cleared the Reserve Original Classic Network Endpoint option, the connection between each classic network-housed ECS instance and the RDS instance is immediately closed after you change the network type. You must immediately add the generated VPC endpoint to each VPC-housed ECS instance after you change the network type.
Note If you want to connect a classic network-housed ECS instance to the VPC-housed RDS instance over an internal network, you can use ClassicLink to establish a connection. Alternatively, you can migrate the ECS instance to the same VPC as the RDS instance. For more information, see Overview.

FAQ

How do I change the VPC of my RDS instance?
- If your RDS instance supports VPC and VSwitch changes, you can directly perform these changes. For more information, see Switch to a new VPC and VSwitch for an RDS MySQL instance.
- If your RDS instance supports changes between the classic and VPC network types, follow these steps:
  1. Change the network type from VPC to classic network.
  2. Change the network type from classic network to VPC with the required VPC selected.
- If your RDS instance does not support changes between the classic and VPC network types, follow these steps:
  Purchase a new RDS instance with the required VPC selected. Then, migrate the data of your RDS instance to the new RDS instance. For more information, see Migrate data between ApsaraDB for RDS instances.
Can applications access my VPC-housed RDS instance over the Internet?
Yes, if the IP addresses of the applications are added to an IP address whitelist of your RDS instance, the applications can access your RDS instance over the Internet. This applies regardless of whether your RDS instance resides in a VPC or the classic network. For more information, see Configure a whitelist for an ApsaraDB RDS for MySQL instance.

Related operations


Operation	Description
Switch network type	Changes the network type of an ApsaraDB for RDS instance.