This topic describes how to change the network type of an ApsaraDB RDS for PPAS instance between classic network and VPC.

Network type

  • Classic network: RDS instances in the classic network are not isolated. You can only use whitelists to block unauthorized access to the instances.
  • VPC: Each Virtual Private Cloud (VPC) is an isolated network. We recommend that you select the VPC network type because it is more secure.

    You can customize the routing table, Classless Inter-Domain Routing (CIDR) blocks, and gateway in a VPC. To smoothly migrate applications to the cloud, you can use leased lines or VPNs to connect your own data center to a VPC to make a virtual data center on the cloud.

Note
  • You can select the classic network or VPC network type and switch between them free of charge.
  • Before you change the network type of an ApsaraDB RDS for PPAS instance, you must switch its network isolation mode to enhanced whitelist. For more information, see Switch to the enhanced whitelist mode for an RDS PPAS instance.

Change the network type from VPC to classic network

Precautions
  • After the network type is changed, the internal endpoint of your RDS instance remains unchanged, but the IP address associated with the internal endpoint changes.
  • After the network type of an RDS instance is changed to classic network, the Elastic Compute Service (ECS) instances that used to reside in the same VPC as your RDS instance cannot access your RDS instance by using the internal endpoint. Make sure that you update the endpoint in the application that needs to connect to the RDS instance.
  • When you change the network type, a 30-second brief disconnection may occur. To avoid interference to your business, change the network type during off-peak hours or make sure that your application is configured to automatically reconnect to the RDS instance.

Procedure

  1. Log on to the ApsaraDB for RDS console.
  2. In the top navigation bar, select the region where the target RDS instance resides.Select a region
  3. Find the target RDS instance and click its ID.
  4. In the left-side navigation pane, click Database Connection.
  5. In the Database Connection section, click Switch to Classic Network.
  6. In the dialog box that appears, click OK.

    After the network type is changed, only ECS instances in the classic network can access your RDS instance over an internal network. Configure the internal endpoint for these ECS instances.

  7. Configure a whitelist of your RDS instance to allow access from the ECS instances over the internal network.
    • If the network isolation mode of the RDS instance is standard whitelist, add the internal IP addresses of the ECS instances to any whitelist.
    • If the network isolation mode of the RDS instance is enhanced whitelist, add the internal IP addresses of the ECS instances to a classic network whitelist. If no classic network whitelist is available, create a whitelist.

Change the network type from classic network to VPC

Procedure

  1. Log on to the ApsaraDB for RDS console.
  2. In the top navigation bar, select the region where the target RDS instance resides.Select a region
  3. Find the target RDS instance and click its ID.
  4. In the left-side navigation pane, click Database Connection.
  5. Click Switch to VPC.
  6. In the Switch to VPC dialog box, select a VPC and VSwitch and specify whether to retain the classic network endpoint.
    • Select a VPC. We recommend that you select the VPC where your ECS instances reside. Otherwise, the ECS instances cannot communicate with the RDS instance over the internal network unless you enable communication by using Cloud Enterprise Network or VPN Gateway.
    • Select a VSwitch. If no VSwitches are available in the selected VPC, create one in the same zone where the RDS instance resides. For more information, see Create a VSwitch.
    • Determine whether to select Reserve Original Classic Network Endpoint based on the following table.
      Action Description
      Clear

      The classic network endpoint is not retained and will become a VPC endpoint.

      When you change the network type, a 30-second brief disconnection may occur, and connections between ECS instances in the classic network and the RDS instance are interrupted.
      Select

      The classic network endpoint is retained, and a new VPC endpoint is generated. In such cases, the RDS instance runs in hybrid access mode. Specifically, ECS instances both in the classic network and a VPC can access the RDS instance over the internal network.

      When you change the network type, no brief disconnection occurs. Connections between ECS instances in the classic network and the RDS instance remain available until the classic network endpoint expires.

      Before the classic network endpoint expires, you must add the new VPC endpoint to the ECS instances. This allows you to migrate your business to the VPC without interruption. The system will send a text message to the phone number bound to your Alibaba Cloud account every day within the seven days before the classic network endpoint expires.

      For more information, see Configure a hybrid access solution to smoothly migrate an RDS instance from the classic network to a VPC.

  7. Add the internal IP addresses of ECS instances in the selected VPC to a VPC whitelist. This allows the ECS instances to access the RDS instance over the internal network. If no VPC whitelists are available, create one.
    • If you have retained the classic network endpoint, add the VPC endpoint to the ECS instances before the classic network endpoint expires.
    • If you have not retained the classic network endpoint, connections between ECS instances in the classic network and the RDS instance over the internal network are interrupted. You must add the new endpoint to ECS instances in the VPC immediately after the network type is changed.
    Note If you want to connect ECS instances in the classic network to an RDS instance in a VPC over the internal network, you can establish connections by using ClassicLink or migrate the ECS instances to the same VPC as the RDS instance.

FAQ

How do I change the VPC of an RDS instance?

  1. You cannot directly change the VPC of an RDS instance. You can change the network type of the RDS instance from VPC to classic network .
  2. Change the network type back to select a new VPC.

Related operations

Operation Description
Switch network type Changes the network type of an ApsaraDB for RDS instance.