This topic describes how to connect an on-premises database to Data Transmission Service (DTS) by using Cloud Enterprise Network (CEN). To establish the connection, you must connect the database to Alibaba Cloud over Express Connect or Smart Access Gateway (SAG) and deploy DTS in a virtual private cloud (VPC).

Background information

The cloud services discussed in this topic refer to the Alibaba Cloud services that use the 100.64.0.0/10 CIDR block to provide services, such as Object Storage Service (OSS), Log Service, and Data Transmission Service (DTS). If an on-premises network needs to access a cloud service, you must attach the VBR or CCN instance associated with the on-premises network to a CEN instance, and then attach a virtual private cloud (VPC) to the CEN instance. The VPC and the cloud resource must belong to the same region. This way, your on-premises network can access the VPC and access the cloud service through the VPC. Access cloud services

Prerequisites

  • The on-premises network to which the self-managed database belongs is connected to Alibaba Cloud over Express Connect or SAG.
    Note For more information, see Connect an on-premises database to Alibaba Cloud.
  • A CEN instance is created. For more information, see Create a CEN instance.
  • A VPC that belongs to the region where DTS is deployed is attached to the CEN instance.
    Note For example, you have three VPCs in a region: VPC 1, VPC 2, and VPC 3. All of the VPCs are attached to the CEN instance. VPC 1 has been used to access other cloud services such as Object Storage Service (OSS) and Server Load Balancer (SLB). When you configure a DTS task, you must set the Connected VPC parameter to VPC 1.
  • The virtual border router (VBR) or Cloud Connect Network (CCN) instance that is connected to the on-premises network is attached to the CEN instance. For more information, see Attach a network instance.

Procedure

  1. Log on to the CEN console.
  2. On the Instances page, find the CEN instance that you want to manage and click the instance ID.
  3. On the Basic Settings > Transit Router tab, click the ID of the transit router that resides in the region where DTS is deployed.
  4. On the transit router details page, click the Cloud Services tab.
  5. On the Cloud Services tab, click Configure AnyTunnel.
  6. In the Configure AnyTunnel dialog box, set the parameters and then click OK. The following table describes the parameters.
    Parameter Description
    Service IP Address Enter the IP addresses or CIDR blocks that correspond to the region where DTS is deployed. The IP addresses or CIDR blocks must belong to 100.64.0.0/10. For example, if you deploy DTS in the China (Hangzhou) region, you must enter the following CIDR blocks: 100.104.52.0/24, 100.104.61.128/26, 100.104.244.64/26, 100.104.216.192/26, 100.104.85.0/26, and 100.104.221.128/26. For more information about IP addresses or CIDR blocks in other regions, see Add the CIDR blocks of DTS servers to the security settings of on-premises databases.
    Note You can enter only one IP address or CIDR block at a time. To add multiple IP addresses or CIDR blocks, you must repeat Step 6.
    Service Region Select the region where the DTS instance resides.
    Notice You must set the Service Region parameter to the destination region regardless of whether you migrate or synchronize data within the same region or across different regions. For example, if you use DTS to migrate or synchronize data from a self-managed database in the China (Hangzhou) or China (Beijing) region to an ApsaraDB RDS for MySQL instance in the China (Hangzhou) region, you must set the Service Region parameter to China (Hangzhou). In addition, you must set the Host VPC parameter to a VPC that belongs to the China (Hangzhou) region.
    Host VPC Select the VPC that is attached to the CEN instance. After you set all the parameters described in this table, the on-premises network that is connected to the VBR or CCN instance can access DTS over the VPC.
    Note
    • If you use DTS to synchronize data across regions, for example, from a self-managed database in the China (Beijing) region to an ApsaraDB RDS for MySQL instance in the China (Hangzhou) region, you must set the Host VPC parameter to a VPC that belongs to the China (Hangzhou) region. The VPC must be attached to the CEN instance to ensure that the self-managed database can access DTS over the VPC.
    • For example, you have three VPCs in a region: VPC 1, VPC 2, and VPC 3. All of the VPCs are attached to the CEN instance. VPC 1 has been used to access other cloud services such as Object Storage Service (OSS) and Server Load Balancer (SLB). When you configure a DTS task, you must set the Connected VPC parameter to VPC 1.
    Access Region Select the region where the VBR or CCN instance that is used to access DTS resides.
    Notice If the self-managed database is connected to Alibaba Cloud by using a VBR instance, you can use CEN to access DTS only in the region where the VBR instance resides.
    Description Enter the description of DTS.

    The description can be empty or 2 to 256 characters in length. It must start with an uppercase or lowercase letter, and can contain digits, hyphens (-), periods (.), and underscores (_). It cannot start with http:// or https://.

What to do next

When you configure data migration, data synchronization, or change tracking, select Self-managed database connected over CEN as the instance type, and set the following parameters. You can use the on-premises database as the source or destination database. For more information, see Overview of data migration scenarios or Overview of data synchronization scenarios.

Parameter Description
CEN Instance ID Select the ID of the CEN instance.
Connected VPC Select the VPC that is configured for the Host VPC parameter.
Database Type Select the type of the self-managed database.
IP Address Enter the server IP address of the self-managed database.
Port Number Enter the server port number of the self-managed database.
Database Account Enter the username of the self-managed database.
Database password Enter the password of the self-managed database.

FAQ

Q: Why am I unable to connect an on-premises database to DTS over Express Connect even after I have configured an ACL in the firewall settings of the VPC to allow all access?

A: You can perform the following operations to troubleshoot the issue:
  • Check whether all the required CIDR blocks of DTS are added when you set the Service IP Address parameter in the CEN console. Add a route to allow the on-premises database to access DTS and then configure the DTS task again. For more information, see Procedure.
  • Check whether the ACL in the firewall settings of the VPC is configured to allow access from DTS. DTS may fail to establish a connection with the on-premises database because the packets of DTS servers are blocked. When you configure the ACL, you must set the source IP addresses to the CIDR blocks of DTS and set the destination IP addresses to the CIDR blocks of the on-premises database. Then, the DTS servers can connect to the on-premises database as expected.