Use the hybrid access mode - ApsaraDB RDS - Alibaba Cloud Documentation Center

Hybrid access mode lets you migrate an ApsaraDB RDS for MySQL instance from the classic network to a Virtual Private Cloud (VPC) without service interruptions. During the migration window, both the classic network internal endpoint and the VPC internal endpoint remain active. Update your applications to use the VPC endpoint at your own pace, then release the classic network endpoint to complete the migration.

Important

RDS instances of the classic network type can no longer be renewed, upgraded, downgraded, or cloned from 00:00 on October 30, 2024. For more information, see [Product changes] Alibaba Cloud plans to phase out ApsaraDB RDS instances of the classic network type.

Important

If you can no longer renew your instance or change its specifications, check the following:

Network type changed to VPC, but classic network endpoint not deleted. Go to the Instances page, click the instance ID, and click Database Connection to delete the classic network endpoint.
Network type not changed to VPC before expiration. Submit a ticket to extend the validity period. After the extension, change the network type to VPC, delete the classic network endpoint, and then renew the instance.

Before you begin

Verify the following before starting the migration:

The RDS instance resides in the classic network
A VPC and a vSwitch are created in the zone where the RDS instance resides — see Create and manage a VPC

If your RDS instance has read-only instances, complete the hybrid access migration on the primary instance first, then migrate the read-only instances. VPC residency requirements differ by storage type:

Primary instance storage	Read-only instance VPC requirement
Premium Local SSDs	Same VPC or a different VPC
Cloud disks	Must be in the same VPC

Restrictions

While hybrid access mode is enabled:

Cannot change the network type back to classic network
Cannot change the zone of the RDS instance
Cannot switch between RDS High-availability Edition and RDS Enterprise Edition

How it works

When you switch from classic network to VPC without hybrid access, the internal endpoint IP address changes. This causes an instance switchover, and classic network-type Elastic Compute Service (ECS) instances immediately lose internal network access to the RDS instance.

Hybrid access avoids this disruption. The system retains the original classic network internal endpoint and generates a new VPC internal endpoint. Both endpoints remain active for as long as you need:

Classic network-type ECS instances connect using the classic network internal endpoint.
VPC-type ECS instances connect using the VPC internal endpoint.
The public endpoint is not affected.

When all your applications are using the VPC endpoint, release the classic network endpoint to complete the migration.

Direct change vs. hybrid access

Use the following comparison to decide whether hybrid access mode is right for your situation.

Affected item	Direct change (classic endpoint not retained)	Hybrid access (classic endpoint retained)
Instance connection	Momentarily disconnected; classic network-type ECS instances are immediately disconnected	Not affected; classic network-type ECS connections remain active until the classic endpoint expires
Internal endpoint	One endpoint — type changes from classic network to VPC, string unchanged	Two endpoints — classic network endpoint retained, VPC endpoint generated
Internal network access	Only VPC-type ECS instances can connect	Both classic network-type and VPC-type ECS instances can connect (using their respective endpoints); VPC-only after the classic endpoint expires
Public endpoint and internet access	Not affected	Not affected

Switch the network type to VPC

Log on to the ApsaraDB RDS console and go to the Instances page. Select the region where your RDS instance resides, then click the instance ID.
In the left-side navigation pane, click Database Connection.
Click Switch to VPC.

Note
If Switch to VPC is not displayed, verify that the instance meets the requirements listed in Before you begin.
In the dialog box, configure the following settings:
- VPC: Select the VPC where your ECS instances reside. If the ECS and RDS instances are in different VPCs, internal network communication requires Cloud Enterprise Network (CEN) or VPN Gateway. For more information, see Overview of Alibaba Cloud CEN or Establish IPsec-VPN connections between two VPCs (single-tunnel mode).
- vSwitch: Select a vSwitch in the zone where the RDS instance resides. If no vSwitches are available, create one first — see Create and manage vSwitches.
- Reserve original classic endpoint: Select this option to enable hybrid access mode.
Note
- Switching the network type does not cause an instance switchover. Classic network-type ECS connections remain active until the classic endpoint expires.
- Before the classic endpoint expires, add the VPC endpoint to applications running on VPC-type ECS instances to complete the migration with no downtime.
- If your instance runs MySQL 5.6 or MySQL 5.7 on RDS High-availability Edition with Premium Local SSDs, you must change the IP address whitelist mode to enhanced whitelist mode when you enable the hybrid access mode. Existing IP addresses are automatically copied to a new enhanced whitelist for the classic network. See Change to the enhanced whitelist mode.
Add the private IP address of each VPC-type ECS instance to an IP address whitelist of the VPC type on the RDS instance. If no VPC-type whitelist exists, create one.
Before the classic endpoint expires, add the VPC endpoint of the RDS instance to each VPC-type ECS instance.
Note
- For VPC-type ECS instances to connect over an internal network, the ECS and RDS instances must reside in the same region and the same VPC. Verify this using the VPC ID.
- To connect a classic network-type ECS instance to a VPC-type RDS instance, use ClassicLink or migrate the ECS instance to the same VPC. For more information, see Overview and Migrate ECS instances from the classic network to a VPC.

Change the expiration date of the classic network endpoint

During the hybrid access window, you can change the classic endpoint's validity period based on your business requirements. The new expiration date is calculated from the day you make the change.

Example: The classic endpoint is set to expire on August 18, 2017. On August 15, 2017, you extend the validity by 14 days. The new expiration date becomes August 29, 2017.

To change the expiration date:

Log on to the ApsaraDB RDS console and go to the Instances page. Select the region where your RDS instance resides, then click the instance ID.
In the left-side navigation pane, click Database Connection.
On the Instance Connection tab, click Change Expiration Time.
In the Change Expiration Time dialog box, select the new expiration date and click OK.

FAQ

Does switching from classic network to VPC affect the public endpoint or internet access?

No. The change only converts the internal (classic network) endpoint to a VPC endpoint. The public endpoint and internet access are not affected.