This topic describes how to change the network type of an ApsaraDB RDS for PostgreSQL instance between classic network and VPC.

Network types

  • Classic network: RDS instances in the classic network are not isolated. You can only use whitelists to block unauthorized access to the instances.
  • VPC: Each Virtual Private Cloud (VPC) is an isolated network. We recommend that you use the VPC network type because it is more secure.

    You can configure routing tables, CIDR blocks, and gateways in a VPC. You can also connect on-premises data centers to VPCs by using a leased line or VPN. This allows you to migrate applications to the cloud without service interruption.

Note
  • You can use and switch between the classic network and VPC free of charge.
  • You must first switch to the enhanced whitelist mode on the ApsaraDB RDS for PostgreSQL instance before you change the network type. For more information, see Switch to the enhanced whitelist mode.

Change the network type from VPC to classic network

Precautions

  • After you change the network type from VPC to classic network, the internal endpoint of the RDS instance remains unchanged, but the IP address bound to the internal endpoint changes.
  • After the network type is changed, ECS instances in the same VPC as the RDS instance can no longer connect to the RDS instance by using the internal endpoint. You must update the endpoint for the applications deployed on the ECS instances.
  • When you change the network type, a 30-second brief disconnection may occur. To avoid interference to your business, change the network type during off-peak hours or make sure that your application is configured to automatically reconnect to the RDS instance.
  • RDS instances that run PostgreSQL 10, 11, or 12 on the Basic Edition do not support the classic network.

Procedure

  1. Log on to the ApsaraDB for RDS console.
  2. In the top navigation bar, select the region where the target RDS instance resides.
  3. Find the target RDS instance and click its ID.
  4. In the left-side navigation pane, click Database Connection.
  5. In the Database Connection section, click Switch to Classic Network.
  6. In the Switch to Classic Network dialog box, click OK.

    After the network type is changed to classic network, only ECS instances in the classic network can connect to the RDS instance by using the internal endpoint. You must configure the internal endpoint for the ECS instances.

  7. Configure a whitelist to allow ECS instances in the classic network to connect to the RDS instance by using the internal endpoint.
    • If the network isolation mode of the RDS instance is standard whitelist, add the private IP addresses of the ECS instances to any whitelist.
    • If the network isolation mode of the RDS instance is enhanced whitelist, add the private IP addresses of the ECS instances to a classic network whitelist. If no classic network whitelist is available, create a whitelist.

Change the network type from classic network to VPC

Procedure

  1. Log on to the ApsaraDB for RDS console.
  2. In the top navigation bar, select the region where the target RDS instance resides.
  3. Find the target RDS instance and click its ID.
  4. In the left-side navigation pane, click Database Connection.
  5. Click Switch to VPC.
  6. In the Switch to VPC dialog box, select a VPC and VSwitch and specify whether to retain the endpoint used in the classic network.
    • Select a VPC. We recommend that you select the VPC where your ECS instances reside. Otherwise, the ECS instances cannot communicate with the RDS instance over the internal network unless you enable communication by using Cloud Enterprise Network or VPN Gateway.
    • Select a VSwitch. If no VSwitches are available in the selected VPC, create one in the same zone where the RDS instance resides. For more information, see Create a VSwitch.
    • Determine whether to select Reserve Original Classic Network Endpoint based on the following table.
      Action Description
      Clear

      The endpoint used in the classic network is replaced with an endpoint in the VPC.

      When you change the network type, a 30-second brief disconnection may occur, and connections between ECS instances in the classic network and the RDS instance are interrupted.
      Select

      The endpoint used in the classic network is retained, and a new endpoint to be used in the VPC is generated. As shown in the following figure, hybrid access is allowed. ECS instances in both the classic network and the selected VPC can connect to the RDS instance over the internal network.

      When you change the network type, no brief disconnection occurs. Connections between ECS instances in the classic network and the RDS instance remain available until the endpoint used in the classic network expires.

      Before the endpoint used in the classic network expires, you must add the new endpoint used in the VPC to the ECS instances. This allows you to migrate your business to the VPC without interruption. Seven days before the endpoint used in the classic network expires, the system sends text messages to the phone number bound to your Alibaba Cloud account every day.

      For more information, see Configure a hybrid access solution to smoothly migrate the database from the classic network to a VPC.

  7. Add the private IP addresses of ECS instances in the selected VPC to a VPC whitelist. This allows the ECS instances to access the RDS instance over the internal network. If no VPC whitelists are available, create one.
    • If you have retained the classic network endpoint, add the VPC endpoint to the ECS instances before the classic network endpoint expires.
    • If you have not retained the classic network endpoint, connections between ECS instances in the classic network and the RDS instance over the internal network are interrupted. You must add the new endpoint to ECS instances in the VPC immediately after the network type is changed.
    Note If you want to connect ECS instances in the classic network to an RDS instance in a VPC over the internal network, you can use ClassicLink to establish connections or migrate the ECS instances to the same VPC as the RDS instance.

FAQ

How do I change the VPC of an RDS instance?

  • You cannot directly change the VPC. If you want to change the VPC of your RDS instance, you can change the network type from classic network to VPC and change it back. During this process, you can select another VPC.
  • You can also purchase a new RDS instance in another VPC and migrate data to the new instance. For more information, see Migrate data between RDS instances.

Related operations

Operation Description
ModifyDBInstanceNetworkType Changes the network type of an RDS instance.