Before you connect to a database instance from Data Management (DMS), you must add the IP addresses and CIDR blocks of DMS to the IP address whitelist of the database instance.
You can use the following methods to add the IP addresses and CIDR blocks of DMS to the IP address whitelist of a database instance:
Method 1: Automatically add the IP addresses and CIDR blocks of DMS to the IP address whitelist of a database instance in the DMS console.
Method 2: Manually add the IP addresses and CIDR blocks of DMS to the IP address whitelist of a database instance in the database instance. For more information about the IP addresses and CIDR blocks of DMS in different regions, see the DMS IP addresses and CIDR blocks section of this topic.
After the IP addresses and CIDR blocks of DMS are added to the IP address whitelist of a database instance, you may still fail to connect to the database instance from DMS. For more information about how to troubleshoot the issue, see the FAQ section of this topic.
Automatically add the IP addresses and CIDR blocks of DMS to the IP address whitelist of a database instance
The IP addresses and CIDR blocks of DMS can be automatically added to the IP address whitelist only for an ApsaraDB instance.
When you log on to an ApsaraDB instance in DMS for the first time, DMS prompts you to add its own IP addresses and CIDR blocks to the IP address whitelist of the ApsaraDB instance. In this case, you can click Configure Whitelist in the message that appears. DMS automatically adds its own IP addresses and CIDR blocks to the whitelist. After that, the connection between the ApsaraDB instance and DMS is established. For more information, see Register an Alibaba Cloud database instance.
If you are a database administrator (DBA) or a DMS administrator, you can also perform the following steps to configure an IP address whitelist:
- Log on to the DMS console V5.0.
In the top navigation bar, choose .
NoteIf you use the DMS console in simple mode, move the pointer over the icon in the upper-left corner of the console and choose
.On the Instance List tab of the Instances page, select one or more database instances for which you want to configure an IP address whitelist and click Configure Whitelist in the upper part of the tab.
In the message that appears, click OK. The IP addresses and CIDR blocks of DMS are automatically added to the IP address whitelists of the selected database instances.
Manually add the IP addresses and CIDR blocks of DMS to the IP address whitelist of a database instance
Log on to the database instance to which you want to connect. Manually add the IP addresses and CIDR blocks of DMS to the IP address whitelist of the database instance. For more information about the IP addresses and CIDR blocks of DMS in different regions, see the DMS IP addresses and CIDR blocks section of this topic.
For example, you can manually add the IP addresses and CIDR blocks of DMS to the IP address whitelist of an ApsaraDB RDS for MySQL instance. For more information, see Configure an IP address whitelist.
DMS IP addresses and CIDR blocks
When you add the IP addresses and CIDR blocks of DMS to the IP address whitelist of a database instance, we recommend that you add all the IP addresses and CIDR blocks of DMS in the specified region to the whitelist.
You can add the public IP addresses of DMS. However, this may cause security risks. Proceed with caution.
We recommend that you increase the security of your account and limit the ports for inbound traffic. You can also connect to the database instance over Express Connect, VPN Gateway, or Smart Access Gateway.
Region | Access over Virtual Private Cloud (VPC) (Self-managed Elastic Compute Service (ECS)-hosted databases, ApsaraDB databases, and on-premises databases over Express Connect circuits) | Access over the classic network (ECS-hosted databases and ApsaraDB databases) | Public network |
China (Hangzhou) | 100.104.175.0/24,100.104.201.0/26,100.104.52.0/24,100.104.61.128/26,100.104.244.64/26,100.104.216.192/26,100.104.85.0/26 | 11.193.54.0/24,10.143.32.0/24,10.143.34.0/24,10.137.42.0/24,10.152.29.0/24,10.6.226.32,10.6.226.33,10.187.128.215,10.187.128.216 | 8.136.163.64/27,118.31.243.0/26,118.31.243.64/26,118.31.243.128/26,118.31.243.192/26 |
China (Shanghai) | 100.104.5.0/24,100.104.205.0/24,100.104.226.128/26,100.104.149.64/26 | 10.152.163.0/24,10.137.42.0/24,11.154.24.173 | 139.224.4.85,139.224.4.79,101.133.205.192/26,47.102.181.128/26,47.102.181.192/26,47.102.234.0/26,47.102.234.64/26 |
China (Nanjing - Local Region) | 100.104.182.128/26 | 11.193.54.0/24,10.143.32.0/24,10.143.34.0/24,10.137.42.0/24,10.152.29.0/24,10.6.226.32,10.6.226.33,10.187.128.215,10.187.128.216 | 8.136.163.64/27,118.31.243.0/26,118.31.243.64/26,118.31.243.128/26,118.31.243.192/26 |
China (Qingdao) | 100.104.188.0/24,100.104.72.0/24,100.104.35.192/26 | 10.151.203.0/24,10.137.42.0/24,10.245.213.244 | 114.215.161.28,114.215.161.36,118.190.207.194,118.190.207.25,120.27.72.0/26,120.27.72.64/26,120.27.72.128/26,120.27.72.192/26 |
China (Beijing) | 100.104.72.0/24,100.104.183.0/24,100.104.236.128/26,100.104.128.192/26,100.104.227.192/26 | 11.192.101.0/24,10.137.42.0/24,11.115.125.224 | 60.205.89.31,60.205.89.21,8.131.132.0/26,39.107.7.0/26,39.107.7.64/26,182.92.32.128/26,182.92.32.192/26 |
China (Zhangjiakou) | 100.104.205.0/24,100.104.175.0/24 | 11.192.243.0/24,11.193.233.87 | 47.92.22.68,39.101.252.128/26,47.92.185.0/26,47.92.185.64/26,47.92.185.128/26,47.92.185.192/26 |
China (Hohhot) | 100.104.205.0/24,100.104.72.0/24 | 11.193.183.0/24,11.197.113.225 | 39.104.29.35,39.104.78.173,39.104.79.122,39.104.86.0,39.104.62.152,39.104.72.87,39.99.77.0/26,39.99.77.64/26,39.99.77.128/26,39.104.220.192/26 |
China (Ulanqab) | 100.104.10.192/26 | 10.152.29.0/24 | 8.136.163.64/27,118.31.243.0/26,118.31.243.64/26,118.31.243.128/26,118.31.243.192/26 |
China (Chengdu) | 100.104.5.0/26 | 11.195.52.68/24,11.119.156.53 | 47.108.22.35,47.109.5.0/26,47.108.45.128/26,47.108.45.192/26,47.108.47.0/26,47.108.47.64/26 |
China (Shenzhen) | 100.104.5.0/24,100.104.75.64/26,100.104.235.192/26,100.104.205.0/24,100.104.41.64/26 | 10.152.27.0/24,10.137.42.0/24,10.245.164.219 | 120.76.91.7,120.76.91.29,47.113.76.192/26,47.112.83.192/26,47.112.84.0/26,47.112.84.64/26,47.112.84.128/26 |
China (Heyuan) | 100.104.96.64/26 | 11.118.24.0/24,10.137.42.0/24,10.152.29.0/24 | 8.136.163.64/27,118.31.243.0/26,118.31.243.64/26,118.31.243.128/26,118.31.243.192/26 |
China (Guangzhou) | 100.104.248.128/26 | 10.137.42.0/24,10.152.29.0/24,10.58.93.2 | 8.134.79.141,8.134.79.143,8.134.0.64/26,8.134.0.128/26,8.134.0.192/26,8.134.5.0/26 |
China (Wuhan - Local Region) | 100.104.193.128/26 | 11.193.54.0/24,10.143.32.0/24,10.143.34.0/24,10.137.42.0/24,10.152.29.0/24,10.6.226.32,10.6.226.33,10.187.128.215,10.187.128.216 | 8.136.163.64/27,118.31.243.0/26,118.31.243.64/26,118.31.243.128/26,118.31.243.192/26 |
China (Hong Kong) | 100.104.205.0/24,100.104.233.0/24,100.104.177.192/26,100.104.158.192/26 | 10.152.161.0/24,10.137.42.0/24,10.254.102.13 | 47.89.61.33,47.89.61.59,47.243.0.32/28,47.56.45.128/26,47.56.45.192/26,47.90.24.0/26,47.90.24.64/26 |
Singapore | 100.104.205.0/24,100.104.188.0/24,100.104.207.128/26,100.104.179.64/26,100.104.12.0/26 | 10.152.166.0/24,10.137.42.0/24,10.88.51.209 | 47.88.147.36,47.88.147.22,161.117.172.0/28,161.117.146.128/26,161.117.146.192/26,161.117.164.0/26,161.117.164.64/26 |
Australia (Sydney) | 100.104.5.0/24,100.104.233.0/24,100.104.3.128/26 | 11.192.100.0/24,11.195.117.227 | 47.91.49.175,47.91.49.169,47.252.149.128/26,47.252.149.192/26,47.252.150.0/26,47.252.150.64/26 |
Malaysia (Kuala Lumpur) | 100.104.175.0/24,100.104.5.0/24 | 11.193.189.0/24,11.196.42.179 | 47.254.212.25,47.250.34.128/28,47.250.30.0/26,47.250.30.64/26,47.250.30.128/26,47.250.30.192/26 |
Indonesia (Jakarta) | 100.104.5.0/24,100.104.35.192/26,100.104.175.0/24 | 11.194.48.0/22,11.59.138.151 | 149.129.228.88,147.139.165.206,147.139.133.46,147.139.179.168,147.139.132.101,147.139.156.0/26,147.139.156.64/26,147.139.156.128/26,149.129.230.192/26 |
India (Mumbai) | 100.104.205.0/24,100.104.8.0/24,100.104.127.0/26 | 11.194.10.0/24,11.59.130.96 | 149.129.164.77,147.139.26.0/28,147.139.23.0/26,147.139.23.64/26,147.139.23.128/26,149.129.165.192/26 |
Japan (Tokyo) | 100.104.205.0/24,100.104.112.0/24,100.104.117.192/26,100.104.112.0/24,100.104.117.192/26 | 11.192.147.0/24,11.192.148.0/24,11.192.149.0/24 | 47.91.13.31,47.91.13.77,8.209.192.160/28,47.91.0.128/26,47.91.0.192/26,47.245.51.128/26,47.245.51.192/26 |
US (Silicon Valley) | 100.104.205.0/24,100.104.48.128/26,100.104.175.0/24 | 10.152.31.0/24,10.137.42.0/24,10.60.82.16 | 47.89.224.28,47.89.224.56,47.88.1.17,47.88.6.196,47.88.10.217,47.88.15.174,47.88.98.0/26,47.88.98.64/26,47.88.98.128/26,47.88.98.192/26 |
US (Virginia) | 100.104.205.0/24,100.104.233.0/24,100.104.240.128/26 | 10.152.235.0/24,10.137.42.0/24,11.194.67.243 | 47.88.98.24,47.88.98.20,47.253.64.0/28,47.252.71.128/26,47.252.71.192/26,47.252.90.0/26,47.252.90.64/26 |
UK (London) | 100.104.5.0/24,100.104.133.64/26,100.104.207.128/26 | 11.199.93.0/24,11.199.225.130 | 8.208.17.76,8.208.75.64/28,8.208.73.0/26,8.208.73.64/26,8.208.73.128/26,8.208.73.192/26 |
Germany (Frankfurt) | 100.104.233.0/24,100.104.5.0/24,100.104.193.128/26 | 11.192.169.0/24,11.192.170.0/24,11.194.56.218 | 47.91.83.56,47.91.83.15,47.245.155.0/28,8.209.86.0/26,47.254.165.64/26,47.254.165.128/26,47.254.165.192/26 |
UAE (Dubai) | 100.104.5.0/24,100.104.205.0/24 | 11.192.189.0/24,11.192.190.0/24,11.192.191.0/24 | 47.91.102.19,47.91.103.51 |
Philippines (Manila) | 100.104.36.0/26 | 10.43.148.217,10.43.148.218 | 8.212.136.64/26,8.212.136.128/26,8.212.136.192/26,8.212.137.0/26 |
Thailand (Bangkok) | 100.104.106.192/26 | 10.186.15.148,10.186.15.149 | 8.213.162.64/26,8.213.162.128/26,8.213.162.192/26,8.213.163.0/26 |
SAU (Riyadh) | 100.104.12.0/26 | 10.187.119.182,10.187.119.183,10.187.115.137 | 8.213.0.128/26,8.213.0.192/26,8.213.5.0/26,8.213.5.64/26,8.213.16.59,8.213.16.91,8.213.16.111,8.213.16.17,8.213.16.123,8.213.6.0/26,8.213.6.64/26,8.213.6.128/26,8.213.6.192/26 |
China North 2 Finance (Preview) | 100.104.144.0/26 | 10.254.13.200,10.254.13.201,10.254.22.182 | 39.107.7.0/26,39.107.7.64/26,182.92.32.128/26,182.92.32.192/26,47.92.185.0/26,47.92.185.64/26,47.92.185.128/26,47.92.185.192/26 |
China East 1 Finance | 100.104.175.0/24,100.104.52.0/24,100.104.216.192/26 | 11.193.54.0/24,10.143.32.0/24,10.143.34.0/24,10.137.42.0/24,10.152.29.0/24 | 116.62.251.150,47.96.59.4,47.96.58.245,116.62.250.113,116.62.249.73,118.31.243.0/26,118.31.243.64/26,118.31.243.128/26,118.31.243.192/26 |
China North 1 Finance | 100.104.5.0/24 | 10.152.29.0/24 | 8.136.163.64/27,118.31.243.0/26,118.31.243.64/26,118.31.243.128/26,118.31.243.192/26 |
China East 2 Finance | 100.104.72.0/24,100.104.175.0/24 | 10.152.163.0/24,10.137.42.0/24,10.152.29.0/24,10.254.213.170 | 139.224.122.227,139.224.123.13,139.224.124.107,139.224.123.165,47.102.181.128/26,47.102.181.192/26,47.102.234.0/26,47.102.234.64/26,47.103.170.128/26,47.103.170.192/26,47.103.171.0/26,47.103.171.64/26 |
China South 1 Finance | 100.104.205.0/24,100.104.72.0/24 | 10.152.27.0/24,10.137.42.0/24,10.152.29.0/24 | 8.136.163.64/27,118.31.243.0/26,118.31.243.64/26,118.31.243.128/26,118.31.243.192/26 |
FAQ
Q: What do I do if I fail to connect to a database instance from DMS after the IP addresses and CIDR blocks of DMS are added to the IP address whitelist of the database instance?
A:
This is because the whitelist may take time to become effective. Try again later.
If you access the database instance over the Internet, add the IP addresses and CIDR blocks of DMS in the China (Hangzhou) region to the IP address whitelist of the database instance. Then, try to connect to the database instance again.
In the Add Instance or Edit dialog box, check the connection information such as the port number.
Q: What do I do if I fail to connect to an ApsaraDB RDS instance in the classic network from DMS and the ApsaraDB RDS instance can only be accessed by using a public endpoint?
A: You can use one of the following methods to resolve this issue:
Add the IP addresses and CIDR blocks of DMS in the same region in which the ApsaraDB RDS instance resides to the IP address whitelist of the RDS instance. For more information, see Configure an IP address whitelist.
Apply for an internal endpoint for the ApsaraDB RDS instance in the ApsaraDB RDS console.