This topic describes how to troubleshoot failures in connecting to an ApsaraDB RDS for MySQL instance from an Elastic Compute Service (ECS) instance.
When you set up a test environment to debug your business, you may fail to connect to your RDS instance from your ECS instance. The connection failures may occur due to various reasons. For example, the network type of your RDS instance is different from the network type of your ECS instance, or the IP address of your ECS instance is not added to an IP address whitelist of your RDS instance. This topic describes the most common causes of connection failures and the methods that you can use to troubleshoot the connection failures.
Different network types
- The ECS instance resides in a virtual private cloud (VPC), and the RDS instance resides in the classic network.
- Method 1: Migrate the RDS instance to the VPC to which the ECS instance belongs. For more information, see Change the network type of an ApsaraDB RDS instance. This is the recommended method. Note If the ECS instance and the RDS instance both reside in VPCs, they must reside in the same VPC to communicate with each other over an internal network.
- Method 2: Purchase an ECS instance that resides in the classic network, and connect to the RDS instance from the ECS instance. ECS instances cannot be migrated from VPCs to the classic network. A VPC provides higher security than the classic network. We recommend that you use the VPC network type.
- Method 3: Connect to the RDS instance from the ECS instance by using the public endpoint of the RDS instance. This method cannot ensure optimal performance, security, or stability.
- Method 1: Migrate the RDS instance to the VPC to which the ECS instance belongs. For more information, see Change the network type of an ApsaraDB RDS instance. This is the recommended method.
- The ECS instance resides in the classic network, and the RDS instance resides in a VPC.
- Method 1: Migrate the ECS instance to the VPC to which the RDS instance belongs. This is the recommended method. Note If the ECS instance and the RDS instance both reside in VPCs, they must reside in the same VPC to communicate with each other over an internal network.
- Method 2: Migrate the RDS instance to the classic network. A VPC provides higher security than the classic network. We recommend that you use the VPC network type.
- Method 3: Use the ClassicLink feature to establish an internal network connection between the ECS instance and the RDS instance. For more information, see Overview of ClassicLink.
- Method 4: Connect to the RDS instance from the ECS instance by using the public endpoint of the RDS instance. This method cannot ensure optimal performance, security, or stability.
- Method 1: Migrate the ECS instance to the VPC to which the RDS instance belongs. This is the recommended method.
Different VPCs
A VPC is an isolated network environment that is built on Alibaba Cloud. VPCs are logically isolated from each other. If the ECS instance and the RDS instance both reside VPCs, they must reside in the same VPC to communicate with each other over an internal network.
- Method 1: Migrate the RDS instance to the VPC to which the ECS instance belongs. This is the recommended method.
You must change the network type of the RDS instance from VPC to classic network and then change the network type of the RDS instance from classic network back to VPC. When you change the network type of the RDS instance from classic network back to VPC, you must select the VPC to which the ECS instance belongs. For more information, see Change the VPC and vSwitch for an ApsaraDB RDS for MySQL instance or Change the network type of an ApsaraDB RDS instance.
- Method 2: Create a Cloud Enterprise Network (CEN) instance to establish a private connection between the VPCs of the ECS instance and the RDS instance. For more information, see Use CEN to enable intra-region network communication.
- Method 3: Connect to the RDS instance from the ECS instance over the Internet. This method cannot ensure optimal performance, security, or stability.
Different regions
If the ECS instance and the RDS instance reside in different regions, these instances cannot communicate with each other over an internal network.
- Method 1: Request a refund for the original RDS or ECS instance. Then, purchase a new RDS instance or ECS instance based on your business requirements.
- Method 2: Change the network types of the ECS instance and the RDS instance to VPC. Then, create a CEN instance to enable communication between the VPCs. For more information, see Change the network type of an ApsaraDB RDS instance and Use CEN to enable intra-region network communication.
- Method 3: Connect to the RDS instance from the ECS instance over the Internet. This method cannot ensure optimal performance, security, or stability.
Incorrect IP address whitelist settings
- The IP address whitelist labeled default contains only the IP address 127.0.0.1. This IP address indicates that no devices are allowed to access the RDS instance. Therefore, you must add IP addresses to the whitelist. For more information, see Configure an IP address whitelist for an ApsaraDB RDS for MySQL instance.
- The 0.0.0.0 entry is added to an IP address whitelist of the RDS instance. Important If you add the 0.0.0.0/0 entry to an IP address whitelist of the RDS instance, all devices are allowed to access the RDS instance. Proceed with caution.
- The enhanced whitelist mode is enabled for the RDS instance. In this case, take note of the following limits:
- If the RDS instance resides in a VPC and is connected by using its internal endpoint, the private IP address of the ECS instance must be added to the IP address whitelist of the VPC type.
- If the RDS instance resides in the classic network and is connected by using its internal endpoint, the private IP address of the ECS instance must be added to the IP address whitelist of the classic network type.
- If the RDS instance resides in the classic network and is connected over the Internet, the public IP address of the ECS instance must be added to the IP address whitelist of the classic network type.
- The public IP address that you add to an IP address whitelist is invalid Possible causes:
- The public IP address dynamically changes.
- The tool or website that is used to query public IP addresses returns inaccurate results.
For more information, see the following topics:- Why am I unable to connect to my ApsaraDB RDS for MySQL or ApsaraDB RDS for MariaDB instance from a local server over the Internet?
- How SQL Server determines the public IP address of an external Server or client
- How do I obtain the public IP address of an on-premises device that is connected to an ApsaraDB RDS for PostgreSQL instance?
Domain name resolution failures or errors
If the Domain Name System (DNS) servers are faulty or the configurations of the network interface controller (NIC) are modified, domain names may fail to be resolved or may be resolved into incorrect IP addresses. In this case, you can run the ping command or the telnet command to check the connectivity to the RDS instance.
ping <Domain name>
telnet <Domain name> <Port number>
Example:
- Open the configuration file in edit mode.
vi /etc/sysconfig/network-scripts/<The name of the configuration file for the NIC>Note The NIC in the command refers to the NIC of the ECS instance. You can run theifconfigcommand to check the file name extension of the configuration file. The default file name extension is ifcfg-eth0. - Add the following settings to the end of the configuration file.
DNS1=100.100.XX.XX DNS2=100.100.XX.XXNote If the DNS1 and DNS2 configuration items exist in the configuration file, you must change the values of these configuration items to the values that are shown in the settings.
- Run the following command to restart the network service:
sudo systemctl restart network - Run the following command to check whether the modification is successful:
cat /etc/resolv.conf