This topic describes how to troubleshoot the failure to connect to an ApsaraDB RDS instance.
Overview
You can perform the following operations to troubleshoot the failure:
Step 1: Check the instance status and instance connection information
Log on to the ApsaraDB RDS console. On the Instances page, view the status of your RDS instance. If your RDS instance is in an abnormal state, such as locked, resolve the issue based on the instructions provided in What do I do if my ApsaraDB RDS for MySQL instance is automatically locked due to exhausted storage capacity? If the RDS instance is locked, you cannot use your application to perform read or write operations on the instance. In this case, you can restart your RDS instance after you confirm that the restart does not affect your workloads. Proceed with caution.
In the code or tool that is used to connect to the RDS instance, check whether connection information is valid. Specifically, check whether the internal and public endpoints are valid. For more information, see How do I connect to an ApsaraDB RDS instance?
Step 2: Check whether the whitelist is correctly configured
Make sure that the IP address of the on-premises device that you want to connect to the RDS instance is added to an IP address whitelist of the RDS instance. Temporarily add the 0.0.0.0/0
entry to the IP address whitelist of the RDS instance. If the on-premises device can be connected to the RDS instance after 0.0.0.0/0 is added to the IP address whitelist, the device IP address that you added to the IP address whitelist is incorrect. In this case, remove the 0.0.0.0/0
entry and add the correct IP addresses to the whitelist. You can configure a whitelist based on the instructions provided in Step 2: Connect to an ApsaraDB RDS for MySQL instance. The following list describes the usage notes of the whitelist:
Only the
127.0.0.1
entry is added to the whitelist labeled default on the tab. The IP address 127.0.0.1 indicates that no devices are allowed to access the RDS instance. Therefore, you must add the IP address of the peer ECS instance to the whitelist.The
0.0.0.0
entry is added to the whitelist. The valid format is0.0.0.0/0
.Note0.0.0.0/0
indicates that all devices are allowed to access the RDS instance. Proceed with caution.Check whether the enhanced whitelist mode is enabled based on the instructions provided in Change the network isolation mode of an ApsaraDB RDS instance to the enhanced whitelist mode. If the enhanced whitelist mode is enabled, take note of the following items:
If the RDS instance uses the VPC-type internal endpoint, the private IP address of the ECS instance must be added to the IP address whitelist of the VPC type.
If the RDS instance uses the classic network-type internal endpoint, the private IP address of the ECS instance must be added to the IP address whitelist of the classic network type.
If the RDS instance uses the public endpoint, the public IP address of the ECS instance must be added to the IP address whitelist of the classic network type. The IP address whitelist of the VPC type is not suitable for Internet connections.
The public IP address that you add to an IP address whitelist is not the actual egress IP address due to the following reasons:
The public IP addresses dynamically change.
The tools or websites used to query public IP addresses provide incorrect IP addresses. For more information about the solutions, see the following topics:
Step 3: Check instance performance
You can check the performance monitoring of the RDS instance to determine whether instance resources are insufficient.
Check the number of connections to the RDS instance.
In most cases, connection exhaustion is caused by a large number of idle connections or active connections. You can check the maximum number of connections that is supported for each instance type in Primary ApsaraDB RDS instance types.
Check whether the connection settings in your code are reasonable and whether most connections are not closed in time. If the connection settings are unreasonable or most connections are not closed in time, instance resources are consumed, and connection exhaustion occurs. For more information about the causes and solutions, see What do I do if the number of connections to an ApsaraDB RDS for MySQL instance reaches the upper limit? or What do I do if excessive connections are established to an ApsaraDB RDS for PostgreSQL instance?
If your business is growing normally, we recommend that you upgrade the instance configuration.
NoteDuring the upgrade, a transient connection that lasts approximately 30 seconds may occur. We recommend that you configure your application to automatically reconnect to the instance to ensure service continuity. For more information, see Limits.
Check whether the network traffic is normal and whether high network traffic usage occurs. If this issue exists, view slow query logs and optimize slow SQL statements based on the query results.
For more information about other performance issues, see What do I do if the CPU utilization, memory usage, disk usage, or IOPS of an ApsaraDB RDS instance is high?
Step 4: Check the network and client of the on-premises device
Check the network
Run the
ping
ortelnet
command to test whether the internal or public endpoint of the RDS instance is reachable. For example:telnet <Public endpoint of the RDS instance> 3306
. If an error message indicating that the connection failed or the request timed out is displayed, the local firewall may block the port. Check your local firewall settings.Check the client
You can use other methods to connect to the RDS instance and check whether the issue caused by the client. For more information, see the following topics:
Failed to connect an ECS instance to an RDS instance over an internal network
If you cannot connect an ECS instance to an RDS instance over an internal network, you can resolve the issue based on the instructions provided in What do I do if I fail to connect to an ApsaraDB RDS instance?
Applicable scope
ApsaraDB RDS