Before you connect to a database instance from Data Management (DMS), you must add the IP addresses and CIDR blocks of DMS to the IP address whitelist of the database instance.

You can use the following methods to add the IP addresses and CIDR blocks of DMS to the IP address whitelist of a database instance:

After the IP addresses and CIDR blocks of DMS for the specified region are added to the IP address whitelist of a database instance, you may still fail to connect to the database instance from DMS. For more information about how to troubleshoot the issue, see Fail to connect to a database instance from DMS.

Automatically add the IP addresses and CIDR blocks of DMS to the IP address whitelist of a database instance

Note The IP addresses and CIDR blocks of DMS can be automatically added to the IP address whitelist only for an ApsaraDB instance.

When you log on to an ApsaraDB instance in DMS for the first time, DMS prompts you to add its own IP addresses and CIDR blocks for the specified region to the IP address whitelist of the ApsaraDB instance. In this case, you can click Configure Whitelist in the message that appears. Then, DMS automatically adds its own IP addresses and CIDR blocks to the whitelist. After that, the connection between the ApsaraDB instance and DMS is established. For more information, see Register an ApsaraDB instance.

If you are a database administrator (DBA) or a DMS administrator, you can also perform the following steps to configure an IP address whitelist:

  1. Log on to the DMS console V5.0.
  2. In the top navigation bar, click Data Assets. In the left-side navigation pane, click Instance.
    Note If you are using the previous version of the DMS console, move the pointer over the More icon in the top navigation bar and choose System > Instance.
  3. On the Instance List tab of the Instances page, select one or more ApsaraDB instances for which you want to configure an IP address whitelist and click Configure Whitelist in the upper part of the tab.
  4. In the message that appears, click OK. The IP addresses and CIDR blocks of DMS are automatically added to the IP address whitelists of the selected ApsaraDB instances.

Manually add the IP addresses and CIDR blocks of DMS to the IP address whitelist of a database instance

Log on to the required database instance. Then, manually add the IP addresses and CIDR blocks of DMS to the IP address whitelist of the database instance. For more information about the IP addresses and CIDR blocks of DMS in different regions, see the IP addresses and CIDR blocks table in this topic.

For example, you can manually add the IP addresses and CIDR blocks of DMS to the IP address whitelist of an ApsaraDB RDS for MySQL instance. For more information, see Configure an IP address whitelist for an ApsaraDB RDS for MySQL instance.

DMS IP addresses and CIDR blocks

When you add the IP addresses and CIDR blocks of DMS to the IP address whitelist of a database instance, we recommend that you add all the IP addresses and CIDR blocks of DMS for the specified region to the whitelist.

Warning
  • You can add the public IP addresses of DMS. However, this may impose security risks. Proceed with caution.
  • We recommend that you increase the security of your account and limit the ports for inbound traffic. You can also connect to the database instance over Express Connect, VPN Gateway, or Smart Access Gateway.
Table 1. IP addresses and CIDR blocks
Region Self-managed databases on ECS instances, ApsaraDB instances, and on-premises databases accessible from Express Connect circuits, all in VPCs Self-managed databases on ECS instances and ApsaraDB instances, both on the classic network Databases accessible over the Internet
China (Hangzhou) 100.104.175.0/24,100.104.201.0/26,100.104.52.0/24,100.104.61.128/26,100.104.244.64/26,100.104.216.192/26,100.104.85.0/26 11.193.54.0/24,10.143.32.0/24,10.143.34.0/24,10.137.42.0/24,10.152.29.0/24 114.55.70.62,47.91.13.31,47.89.61.33,47.88.147.22,114.215.161.36,47.89.224.28,47.89.170.0/24,47.89.61.59,47.91.103.0/24,47.88.98.20,47.91.13.0/24,149.129.164.77/24,114.55.70.35,47.91.102.19,39.104.29.35/24,47.91.112.0/24,47.91.83.0/24,47.91.49.169,47.92.22.68,47.89.61.0/24,47.254.212.25/24,47.89.224.0/24,120.76.91.0/24,120.76.91.7,47.91.83.56,47.88.147.36,47.91.103.51,39.104.29.35,121.43.18.66,47.91.102.0/24,120.76.91.29,114.215.161.0/24,47.91.84.0/24,149.129.228.88/24,47.254.212.25,60.205.89.31,60.205.89.0/24,101.37.74.0/24,47.88.147.0/24,121.43.18.68,47.91.12.0/24,139.224.4.0/24,149.129.164.77,47.91.49.175,112.124.140.0/24,8.208.17.76,60.205.89.21,139.224.4.79,47.91.83.15,47.91.49.0/24,114.215.161.28,47.88.98.24,47.91.13.77,47.89.224.56,149.129.228.88,47.91.9.0/24,139.224.4.85,47.108.22.35,8.213.162.192/26,8.213.162.64/26,8.213.163.0/26,47.92.185.0/26,47.92.185.128/26,47.92.185.192/26,47.92.185.64/26,8.213.0.128/26,8.213.0.192/26,8.213.5.0/26,8.213.5.64/2,39.107.7.0/26,39.107.7.64/26,182.92.32.128/26,182.92.32.192/2,8.134.21.0/26,8.134.21.64/26,8.134.21.128/26,8.134.21.192/26
China (Shanghai) 100.104.5.0/24,100.104.205.0/24,100.104.226.128/26,100.104.149.64/26 10.152.163.0/24,10.137.42.0/24
China (Qingdao) 100.104.188.0/24,100.104.72.0/24,100.104.35.192/26 10.151.203.0/24,10.137.42.0/24
China (Beijing) 100.104.72.0/24,100.104.183.0/24,100.104.236.128/26,100.104.128.192/26,100.104.227.192/26 11.192.101.0/24,10.137.42.0/24
China (Zhangjiakou) 100.104.205.0/24,100.104.175.0/24 11.192.243.0/24
China (Hohhot) 100.104.205.0/24,100.104.72.0/24 11.193.183.0/24
China (Ulanqab) 100.104.10.192/26 10.152.29.0/24
China (Chengdu) 100.104.5.0/26 11.195.52.68/24
China (Shenzhen) 100.104.5.0/24,100.104.75.64/26,100.104.235.192/26,100.104.205.0/24,100.104.41.64/26 10.152.27.0/24,10.137.42.0/24
China (Heyuan) 100.104.96.64/26 11.118.24.0/24,10.137.42.0/24,10.152.29.0/24
China (Guangzhou) 100.104.248.128/26 10.137.42.0/24,10.152.29.0/24
China (Hong Kong) 100.104.205.0/24,100.104.233.0/24,100.104.177.192/26,100.104.158.192/26 10.152.161.0/24,10.137.42.0/24
Singapore (Singapore) 100.104.205.0/24,100.104.188.0/24,100.104.207.128/26,100.104.179.64/26,100.104.12.0/26 10.152.166.0/24,10.137.42.0/24
Australia (Sydney) 100.104.5.0/24,100.104.233.0/24,100.104.3.128/26 11.192.100.0/24
Malaysia (Kuala Lumpur) 100.104.175.0/24,100.104.5.0/24 11.193.189.0/24
Indonesia (Jakarta) 100.104.5.0/24,100.104.35.192/26,100.104.175.0/24 11.194.48.0/22
India (Mumbai) 100.104.205.0/24,100.104.8.0/24,100.104.127.0/26 11.194.10.0/24
Japan (Tokyo) 100.104.205.0/24,100.104.112.0/24,100.104.117.192/26,100.104.112.0/24,100.104.117.192/26 11.192.147.0/24,11.192.148.0/24,11.192.149.0/24
US (Silicon Valley) 100.104.205.0/24,100.104.48.128/26,100.104.175.0/24 10.152.31.0/24,10.137.42.0/24
US (Virginia) 100.104.205.0/24,100.104.233.0/24,100.104.240.128/26 10.152.235.0/24,10.137.42.0/24
UK (London) 100.104.5.0/24,100.104.133.64/26,100.104.207.128/26 11.199.93.0/24
Germany (Frankfurt) 100.104.233.0/24,100.104.5.0/24,100.104.193.128/26 11.192.169.0/24,11.192.170.0/24
UAE (Dubai) 100.104.5.0/24,100.104.205.0/24 11.192.189.0/24,11.192.190.0/24,11.192.191.0/24
Philippines (Manila) 100.104.36.0/26 10.43.148.217,10.43.148.218
Thailand (Bangkok) 100.104.106.192/26 10.186.15.148,10.186.15.149
SAU (Riyadh) 100.104.12.0/26 10.187.119.182,10.187.119.183
China North 2 Finance 100.104.144.0/26 10.254.13.200,10.254.13.201
China East 1 Finance 100.104.175.0/24,100.104.52.0/24,100.104.216.192/26 11.193.54.0/24,10.143.32.0/24,10.143.34.0/24,10.137.42.0/24,10.152.29.0/24
Alibaba Finance Cloud region for Haidian District 100.104.5.0/24 10.152.29.0/24
China East 2 Finance 100.104.72.0/24,100.104.175.0/24 10.152.163.0/24,10.137.42.0/24,10.152.29.0/24
China South 1 Finance 100.104.205.0/24,100.104.72.0/24 10.152.27.0/24,10.137.42.0/24,10.152.29.0/24

Fail to connect to a database instance from DMS

After the IP addresses and CIDR blocks of DMS for the specified region are added to the IP address whitelist of a database instance, you may still fail to connect to the database instance from DMS. In this case, troubleshoot the issue by performing the following operations:

  • Try again later because the whitelist may take time to become effective.
  • If you access the database instance over the Internet, add the IP addresses and CIDR blocks of DMS for the China (Hangzhou) region to the IP address whitelist of the database instance. Then, try to connect to the database instance again.
  • In the Add Instance or Edit dialog box, check the connection information such as the port number.