All Products
Search
Document Center

:ECS fails to connect to the RDS instance due to routing issues

Last Updated:Feb 25, 2021

Description

ECS and RDS instances are in the same VPC and region. Therefore, you cannot connect to the RDS instance by using the intranet address (which can be connected by using the internet address), and both the ping and telnet operations fail.

Causes

The routing table entry is changed because services such as Docker are installed.

solution

Alibaba Cloud reminds you that:

  • Before you perform operations that may cause risks, such as modifying instance configurations or data, we recommend that you check the disaster recovery and fault tolerance capabilities of the instances to ensure data security.
  • You can modify the configurations and data of instances including but not limited to Elastic Compute Service (ECS) and Relational Database Service (RDS) instances. Before the modification, we recommend that you create snapshots or enable RDS log backup.
  • If you have authorized or submitted security information such as the logon account and password in the Alibaba Cloud Management Console, we recommend that you modify such information in a timely manner.
  1. Log on to the problematic ECS instance and run the following command to use the ping command to test the internal IP address of the RDS instance.
    ping rm-XXX-mysql.rds.aliyuncs.com
    A similar output is displayed, which indicates that the intranet IP address of the RDS instance can be obtained even if you cannot ping the RDS instance.

  2. Run the following command to view the route table information of the ECS instance:
    route -n
    If a similar route entry is displayed in the system, check that a route entry is added for Docker and other services (you can also confirm it by comparing with the normal ECS instance route table).

  3. Run the following command to add a route entry.
    route add -net [$Network] gw [$Gateway] dev [$Network_Card]
    Note:
    • Make sure that adding this route entry in a running environment does not affect your current business.
    • [$Network] is the CIDR block where the RDS instance is located.
    • [$Gateway] is the Gateway address. You can use the internal endpoint of an ECS instance.
    • [$Network_Card] is the ECS instance must not use the intranet IP address of the network interface controller name is generally eth0.

  4. Run the following command to confirm that you can ping normally:
    ping rm-XXX-mysql.rds.aliyuncs.com

Applicability

  • ECS
  • RDS