This topic describes how to troubleshoot failures in connecting to an ApsaraDB RDS for MySQL instance from an Elastic Compute Service (ECS) instance.

When you set up a test environment to debug your business, you may fail to connect to your RDS instance from your ECS instance. The connection failures may occur due to various reasons. For example, the network type of your RDS instance is different from the network type of your ECS instance, or the IP address of your ECS instance is not added to an IP address whitelist of your RDS instance. This topic describes the most common causes of connection failures and the methods that you can use to troubleshoot the connection failures.

Different network types

  • The ECS instance resides in a virtual private cloud (VPC), and the RDS instance resides in the classic network.
    • Method 1: This is the recommended method. Migrate the RDS instance to the VPC to which the ECS instance belongs. For more information, see Switch the network type.
      Note If the ECS instance and the RDS instance both reside in VPCs, they must reside in the same VPC to communicate with each other over an internal network.
    • Method 2: Purchase an ECS instance that resides in the classic network, and connect to the RDS instance from the ECS instance that you purchase. ECS instances cannot be migrated from VPCs to the classic network. Take note that a VPC provides higher security than the classic network. We recommend that you use VPCs.
    • Method 3: Connect to the RDS instance from the ECS instance by using the public endpoint of the RDS instance. This method cannot ensure optimal performance, security, or stability.
  • The ECS instance resides in the classic network, and the RDS instance resides in a VPC.
    • Method 1: This is the recommended method. Migrate the ECS instance to the VPC to which the RDS instance belongs.
      Note If the ECS instance and the RDS instance both reside in VPCs, they must reside in the same VPC to communicate with each other over an internal network.
    • Method 2: Migrate the RDS instance to the classic network. Take note that a VPC provides higher security than the classic network. We recommend that you use VPCs.
    • Method 3: Use the ClassicLink feature to establish an internal network connection between the ECS instance and the RDS instance.
    • Method 4: Connect to the RDS instance from the ECS instance by using the public endpoint of the RDS instance. This method cannot ensure optimal performance, security, or stability.

Different VPCs

A VPC is an isolated network environment that is built on Alibaba Cloud. VPCs are logically isolated from each other. Therefore, when the ECS instance and the RDS instance both reside VPCs, they must reside in the same VPC to communicate with each other over an internal network.

  • Method 1: This is the recommended method. Migrate the RDS instance to the VPC to which the ECS instance belongs.

    You must change the network type of the RDS instance from VPC to classic network and then change the network type of the RDS instance from classic network back to VPC. When you change the network type of the RDS instance from classic network back to VPC, you must select the VPC to which the ECS instance belongs. For more information, see Change the VPC and vSwitch for an ApsaraDB RDS for MySQL instance or Switch the network type.

  • Method 2: Use Cloud Enterprise Network (CEN) to establish a connection between the VPC of the ECS instance and the VPC of the RDS instance.
  • Method 3: Connect to the RDS instance from the ECS instance over the Internet. This method cannot ensure optimal performance, security, or stability.

Different regions

If the ECS instance and the RDS instance reside in different regions, these instances cannot communicate with each other over an internal network.

  • Method 1: Apply for a refund for the original RDS or ECS instance. Then, purchase a new RDS or ECS instance based on your business requirements.
  • Method 2: Change the network types of the ECS instance and the RDS instance to VPC. Then, use CEN to establish a connection between the VPCs of the ECS instance and the VPC of the RDS instance.
  • Method 3: Connect to the RDS instance from the ECS instance over the Internet. This method cannot ensure optimal performance, security, or stability.

Incorrect IP address whitelist settings

  • On the Whitelist Settings tab of the Data Security page, the IP address whitelist labeled default contains only the IP address 127.0.0.1. The IP address 127.0.0.1 indicates that no devices are allowed to access the RDS instance. You must obtain the IP address of the ECS instance and add the IP address to an IP address whitelist of the RDS instance. For more information, see Configure an IP address whitelist for an ApsaraDB RDS for MySQL instance.
  • The 0.0.0.0 entry is added to an IP address whitelist of the RDS instance.
    Note If you want to allow all devices to access the RDS instance, you must add the 0.0.0.0/0 entry to an IP address whitelist of the RDS instance. Proceed with caution when you add this entry.
  • The enhanced whitelist mode is enabled for the RDS instance. In this case, take note of the following limits:
    • If the RDS instance resides in a VPC and is connected by using its internal endpoint, the private IP address of the ECS instance must be added to the IP address whitelist labeled default VPC.
    • If the RDS instance resides in the classic network and is connected by using its internal endpoint, the private IP address of the ECS instance must be added to the IP address whitelist labeled default Classic Network.
    • If the RDS instance resides in the classic network and is connected over the Internet, the public IP address of the ECS instance must be added to the IP address whitelist labeled default Classic Network.
  • The public IP address that you add to an IP address whitelist is invalid due to the following reasons:
    • The public IP address dynamically changes.
    • The tool or website that is used to query public IP addresses returns inaccurate results.

Domain name resolution failures or errors

If the DNS servers are faulty or the configurations of the network interface controller are modified, domain names may fail to be resolved or may be resolved into incorrect IP addresses. In this case, you can run the ping command or the telnet command to check the connectivity to the RDS instance.

ping <Domain name>
telnet <Domain name> <Port number>
            

Examples:

Test connectivity by using the ping commandTest connectivity by using the telnet command
If the RDS instance fails the connectivity test, perform the following operations to modify the configuration file of the network interface controller:
  1. Open the configuration file of the network interface controller in edit mode.
    vi /etc/sysconfig/network-scripts/<The name of the configuration file of the network interface controller>
    Note The network interface controller in the preceding command refers to the network interface controller of the ECS instance. You can run the ifconfig command to check the extension in the name of the configuration file of the network interface controller. The default extension is ifcfg-eth0.
  2. Add the following configurations to the end of the configuration file.
    DNS1=100.100.2.136
    DNS2=100.100.2.138
    Note If the DNS1 and DNS2 configuration items exist in the configuration file, you must change the values of these configuration items to the values that are shown in the preceding configurations.
    Modify DNS configurations
  3. Run the following command to restart the network service:
    systemctl restart network
  4. Run the following command to check whether the modification is successful:
     cat /etc/resolv.conf
    DNS modifications successful