All Products
Search

This Product

    Data Management:Configure an IP address whitelist

    Document Center

    Data Management:Configure an IP address whitelist

    Last Updated:Apr 08, 2024

    Before you connect to a database instance from Data Management (DMS), you must add the IP addresses and CIDR blocks of DMS to the IP address whitelist of the database instance.

    You can use the following methods to add the IP addresses and CIDR blocks of DMS to the IP address whitelist of a database instance:

    After the IP addresses and CIDR blocks of DMS are added to the IP address whitelist of a database instance, you may still fail to connect to the database instance from DMS. For more information about how to troubleshoot the issue, see the FAQ section of this topic.

    Automatically add the IP addresses and CIDR blocks of DMS to the IP address whitelist of a database instance

    Note

    The IP addresses and CIDR blocks of DMS can be automatically added to the IP address whitelist only for an ApsaraDB instance.

    When you log on to an ApsaraDB instance in DMS for the first time, DMS prompts you to add its own IP addresses and CIDR blocks to the IP address whitelist of the ApsaraDB instance. In this case, you can click Configure Whitelist in the message that appears. DMS automatically adds its own IP addresses and CIDR blocks to the whitelist. After that, the connection between the ApsaraDB instance and DMS is established. For more information, see Register an Alibaba Cloud database instance.

    If you are a database administrator (DBA) or a DMS administrator, you can also perform the following steps to configure an IP address whitelist:

    1. Log on to the DMS console V5.0.

    2. In the top navigation bar, choose Database Assets > Instances.

      Note

      If you use the DMS console in simple mode, move the pointer over the 2023-01-28_15-57-17.png icon in the upper-left corner of the console and choose All functions > Data Assets > Instances.

    3. On the Instance List tab of the Instances page, select one or more database instances for which you want to configure an IP address whitelist and click Configure Whitelist in the upper part of the tab.

    4. In the message that appears, click OK. The IP addresses and CIDR blocks of DMS are automatically added to the IP address whitelists of the selected database instances.

    Manually add the IP addresses and CIDR blocks of DMS to the IP address whitelist of a database instance

    Log on to the database instance to which you want to connect. Manually add the IP addresses and CIDR blocks of DMS to the IP address whitelist of the database instance. For more information about the IP addresses and CIDR blocks of DMS in different regions, see the DMS IP addresses and CIDR blocks section of this topic.

    For example, you can manually add the IP addresses and CIDR blocks of DMS to the IP address whitelist of an ApsaraDB RDS for MySQL instance. For more information, see Configure an IP address whitelist.

    DMS IP addresses and CIDR blocks

    When you add the IP addresses and CIDR blocks of DMS to the IP address whitelist of a database instance, we recommend that you add all the IP addresses and CIDR blocks of DMS in the specified region to the whitelist.

    Warning

    • You can add the public IP addresses of DMS. However, this may cause security risks. Proceed with caution.

    • We recommend that you increase the security of your account and limit the ports for inbound traffic. You can also connect to the database instance over Express Connect, VPN Gateway, or Smart Access Gateway.

    Table 1. IP addresses and CIDR blocks

    Region

    Access over Virtual Private Cloud (VPC) (Self-managed Elastic Compute Service (ECS)-hosted databases, ApsaraDB databases, and on-premises databases over Express Connect circuits)

    Access over the classic network (ECS-hosted databases and ApsaraDB databases)

    Public network

    China (Hangzhou)

    100.104.175.0/24,100.104.201.0/26,100.104.52.0/24,100.104.61.128/26,100.104.244.64/26,100.104.216.192/26,100.104.85.0/26

    11.193.54.0/24,10.143.32.0/24,10.143.34.0/24,10.137.42.0/24,10.152.29.0/24,10.6.226.32,10.6.226.33,10.187.128.215,10.187.128.216

    8.136.163.64/27,118.31.243.0/26,118.31.243.64/26,118.31.243.128/26,118.31.243.192/26

    China (Shanghai)

    100.104.5.0/24,100.104.205.0/24,100.104.226.128/26,100.104.149.64/26

    10.152.163.0/24,10.137.42.0/24,11.154.24.173

    139.224.4.85,139.224.4.79,101.133.205.192/26,47.102.181.128/26,47.102.181.192/26,47.102.234.0/26,47.102.234.64/26

    China (Nanjing - Local Region)

    100.104.182.128/26

    11.193.54.0/24,10.143.32.0/24,10.143.34.0/24,10.137.42.0/24,10.152.29.0/24,10.6.226.32,10.6.226.33,10.187.128.215,10.187.128.216

    8.136.163.64/27,118.31.243.0/26,118.31.243.64/26,118.31.243.128/26,118.31.243.192/26

    China (Qingdao)

    100.104.188.0/24,100.104.72.0/24,100.104.35.192/26

    10.151.203.0/24,10.137.42.0/24,10.245.213.244

    114.215.161.28,114.215.161.36,118.190.207.194,118.190.207.25,120.27.72.0/26,120.27.72.64/26,120.27.72.128/26,120.27.72.192/26

    China (Beijing)

    100.104.72.0/24,100.104.183.0/24,100.104.236.128/26,100.104.128.192/26,100.104.227.192/26

    11.192.101.0/24,10.137.42.0/24,11.115.125.224

    60.205.89.31,60.205.89.21,8.131.132.0/26,39.107.7.0/26,39.107.7.64/26,182.92.32.128/26,182.92.32.192/26

    China (Zhangjiakou)

    100.104.205.0/24,100.104.175.0/24

    11.192.243.0/24,11.193.233.87

    47.92.22.68,39.101.252.128/26,47.92.185.0/26,47.92.185.64/26,47.92.185.128/26,47.92.185.192/26

    China (Hohhot)

    100.104.205.0/24,100.104.72.0/24

    11.193.183.0/24,11.197.113.225

    39.104.29.35,39.104.78.173,39.104.79.122,39.104.86.0,39.104.62.152,39.104.72.87,39.99.77.0/26,39.99.77.64/26,39.99.77.128/26,39.104.220.192/26

    China (Ulanqab)

    100.104.10.192/26

    10.152.29.0/24

    8.136.163.64/27,118.31.243.0/26,118.31.243.64/26,118.31.243.128/26,118.31.243.192/26

    China (Chengdu)

    100.104.5.0/26

    11.195.52.68/24,11.119.156.53

    47.108.22.35,47.109.5.0/26,47.108.45.128/26,47.108.45.192/26,47.108.47.0/26,47.108.47.64/26

    China (Shenzhen)

    100.104.5.0/24,100.104.75.64/26,100.104.235.192/26,100.104.205.0/24,100.104.41.64/26

    10.152.27.0/24,10.137.42.0/24,10.245.164.219

    120.76.91.7,120.76.91.29,47.113.76.192/26,47.112.83.192/26,47.112.84.0/26,47.112.84.64/26,47.112.84.128/26

    China (Heyuan)

    100.104.96.64/26

    11.118.24.0/24,10.137.42.0/24,10.152.29.0/24

    8.136.163.64/27,118.31.243.0/26,118.31.243.64/26,118.31.243.128/26,118.31.243.192/26

    China (Guangzhou)

    100.104.248.128/26

    10.137.42.0/24,10.152.29.0/24,10.58.93.2

    8.134.79.141,8.134.79.143,8.134.0.64/26,8.134.0.128/26,8.134.0.192/26,8.134.5.0/26

    China (Wuhan - Local Region)

    100.104.193.128/26

    11.193.54.0/24,10.143.32.0/24,10.143.34.0/24,10.137.42.0/24,10.152.29.0/24,10.6.226.32,10.6.226.33,10.187.128.215,10.187.128.216

    8.136.163.64/27,118.31.243.0/26,118.31.243.64/26,118.31.243.128/26,118.31.243.192/26

    China (Hong Kong)

    100.104.205.0/24,100.104.233.0/24,100.104.177.192/26,100.104.158.192/26

    10.152.161.0/24,10.137.42.0/24,10.254.102.13

    47.89.61.33,47.89.61.59,47.243.0.32/28,47.56.45.128/26,47.56.45.192/26,47.90.24.0/26,47.90.24.64/26

    Singapore

    100.104.205.0/24,100.104.188.0/24,100.104.207.128/26,100.104.179.64/26,100.104.12.0/26

    10.152.166.0/24,10.137.42.0/24,10.88.51.209

    47.88.147.36,47.88.147.22,161.117.172.0/28,161.117.146.128/26,161.117.146.192/26,161.117.164.0/26,161.117.164.64/26

    Australia (Sydney)

    100.104.5.0/24,100.104.233.0/24,100.104.3.128/26

    11.192.100.0/24,11.195.117.227

    47.91.49.175,47.91.49.169,47.252.149.128/26,47.252.149.192/26,47.252.150.0/26,47.252.150.64/26

    Malaysia (Kuala Lumpur)

    100.104.175.0/24,100.104.5.0/24

    11.193.189.0/24,11.196.42.179

    47.254.212.25,47.250.34.128/28,47.250.30.0/26,47.250.30.64/26,47.250.30.128/26,47.250.30.192/26

    Indonesia (Jakarta)

    100.104.5.0/24,100.104.35.192/26,100.104.175.0/24

    11.194.48.0/22,11.59.138.151

    149.129.228.88,147.139.165.206,147.139.133.46,147.139.179.168,147.139.132.101,147.139.156.0/26,147.139.156.64/26,147.139.156.128/26,149.129.230.192/26

    India (Mumbai)

    100.104.205.0/24,100.104.8.0/24,100.104.127.0/26

    11.194.10.0/24,11.59.130.96

    149.129.164.77,147.139.26.0/28,147.139.23.0/26,147.139.23.64/26,147.139.23.128/26,149.129.165.192/26

    Japan (Tokyo)

    100.104.205.0/24,100.104.112.0/24,100.104.117.192/26,100.104.112.0/24,100.104.117.192/26

    11.192.147.0/24,11.192.148.0/24,11.192.149.0/24

    47.91.13.31,47.91.13.77,8.209.192.160/28,47.91.0.128/26,47.91.0.192/26,47.245.51.128/26,47.245.51.192/26

    US (Silicon Valley)

    100.104.205.0/24,100.104.48.128/26,100.104.175.0/24

    10.152.31.0/24,10.137.42.0/24,10.60.82.16

    47.89.224.28,47.89.224.56,47.88.1.17,47.88.6.196,47.88.10.217,47.88.15.174,47.88.98.0/26,47.88.98.64/26,47.88.98.128/26,47.88.98.192/26

    US (Virginia)

    100.104.205.0/24,100.104.233.0/24,100.104.240.128/26

    10.152.235.0/24,10.137.42.0/24,11.194.67.243

    47.88.98.24,47.88.98.20,47.253.64.0/28,47.252.71.128/26,47.252.71.192/26,47.252.90.0/26,47.252.90.64/26

    UK (London)

    100.104.5.0/24,100.104.133.64/26,100.104.207.128/26

    11.199.93.0/24,11.199.225.130

    8.208.17.76,8.208.75.64/28,8.208.73.0/26,8.208.73.64/26,8.208.73.128/26,8.208.73.192/26

    Germany (Frankfurt)

    100.104.233.0/24,100.104.5.0/24,100.104.193.128/26

    11.192.169.0/24,11.192.170.0/24,11.194.56.218

    47.91.83.56,47.91.83.15,47.245.155.0/28,8.209.86.0/26,47.254.165.64/26,47.254.165.128/26,47.254.165.192/26

    UAE (Dubai)

    100.104.5.0/24,100.104.205.0/24

    11.192.189.0/24,11.192.190.0/24,11.192.191.0/24

    47.91.102.19,47.91.103.51

    Philippines (Manila)

    100.104.36.0/26

    10.43.148.217,10.43.148.218

    8.212.136.64/26,8.212.136.128/26,8.212.136.192/26,8.212.137.0/26

    Thailand (Bangkok)

    100.104.106.192/26

    10.186.15.148,10.186.15.149

    8.213.162.64/26,8.213.162.128/26,8.213.162.192/26,8.213.163.0/26

    SAU (Riyadh)

    100.104.12.0/26

    10.187.119.182,10.187.119.183,10.187.115.137

    8.213.0.128/26,8.213.0.192/26,8.213.5.0/26,8.213.5.64/26,8.213.16.59,8.213.16.91,8.213.16.111,8.213.16.17,8.213.16.123,8.213.6.0/26,8.213.6.64/26,8.213.6.128/26,8.213.6.192/26

    China North 2 Finance (Preview)

    100.104.144.0/26

    10.254.13.200,10.254.13.201,10.254.22.182

    39.107.7.0/26,39.107.7.64/26,182.92.32.128/26,182.92.32.192/26,47.92.185.0/26,47.92.185.64/26,47.92.185.128/26,47.92.185.192/26

    China East 1 Finance

    100.104.175.0/24,100.104.52.0/24,100.104.216.192/26

    11.193.54.0/24,10.143.32.0/24,10.143.34.0/24,10.137.42.0/24,10.152.29.0/24

    116.62.251.150,47.96.59.4,47.96.58.245,116.62.250.113,116.62.249.73,118.31.243.0/26,118.31.243.64/26,118.31.243.128/26,118.31.243.192/26

    China North 1 Finance

    100.104.5.0/24

    10.152.29.0/24

    8.136.163.64/27,118.31.243.0/26,118.31.243.64/26,118.31.243.128/26,118.31.243.192/26

    China East 2 Finance

    100.104.72.0/24,100.104.175.0/24

    10.152.163.0/24,10.137.42.0/24,10.152.29.0/24,10.254.213.170

    139.224.122.227,139.224.123.13,139.224.124.107,139.224.123.165,47.102.181.128/26,47.102.181.192/26,47.102.234.0/26,47.102.234.64/26,47.103.170.128/26,47.103.170.192/26,47.103.171.0/26,47.103.171.64/26

    China South 1 Finance

    100.104.205.0/24,100.104.72.0/24

    10.152.27.0/24,10.137.42.0/24,10.152.29.0/24

    8.136.163.64/27,118.31.243.0/26,118.31.243.64/26,118.31.243.128/26,118.31.243.192/26

    FAQ

    • Q: What do I do if I fail to connect to a database instance from DMS after the IP addresses and CIDR blocks of DMS are added to the IP address whitelist of the database instance?

      A:

      • This is because the whitelist may take time to become effective. Try again later.

      • If you access the database instance over the Internet, add the IP addresses and CIDR blocks of DMS in the China (Hangzhou) region to the IP address whitelist of the database instance. Then, try to connect to the database instance again.

      • In the Add Instance or Edit dialog box, check the connection information such as the port number.

    • Q: What do I do if I fail to connect to an ApsaraDB RDS instance in the classic network from DMS and the ApsaraDB RDS instance can only be accessed by using a public endpoint?

      A: You can use one of the following methods to resolve this issue:

      • Add the IP addresses and CIDR blocks of DMS in the same region in which the ApsaraDB RDS instance resides to the IP address whitelist of the RDS instance. For more information, see Configure an IP address whitelist.

      • Apply for an internal endpoint for the ApsaraDB RDS instance in the ApsaraDB RDS console.