This topic explains how to troubleshoot connection failures to an RDS instance.
Overview
To troubleshoot the issue, check the following five areas:
Step 1: Check instance status and connection information
-
Log on to the ApsaraDB for RDS console. On the Instances page, check the status of the RDS instance to ensure it is running. If the instance state is abnormal or locked, troubleshoot the issue. If an instance is locked, see Troubleshoot an automatic lock on an ApsaraDB for RDS for MySQL instance caused by insufficient storage. While the instance is locked, your application cannot read from or write to it. If your business allows, you can restart the instance. Perform this operation with caution.
-
In your database connection code or client tool, verify the connection information, including the internal and public endpoints. For more information, see Connect to an ApsaraDB for RDS instance.
On the instance details page, click Database Connection in the left-side navigation pane. In the Endpoints section, view the internal and public endpoints. An endpoint is formatted as
rm-xxx.mysql.rds.aliyuncs.comand the port is3306.
Step 2: Verify whitelist configuration
Ensure that you have added the correct IP address of your local device to the IP whitelist of the RDS instance. As a test, temporarily add 0.0.0.0/0 to the whitelist. If the connection succeeds, the original whitelist was misconfigured. Remove the 0.0.0.0/0 entry and add the correct IP address. For more information about how to configure a whitelist, see Configure an IP address whitelist. Note the following points about whitelists:
-
By default, the whitelist on the page contains only the IP address
127.0.0.1. This address prevents any device from accessing the RDS instance. You must add the IP address of your client, such as an ECS instance, to the whitelist. -
If you added
0.0.0.0, this format is incorrect. The correct format is0.0.0.0/0.Note0.0.0.0/0allows access from any IP address. Use this with caution. -
Check whether the high-security whitelist mode is enabled. If this mode is enabled, perform the following checks:
-
If you are using an internal endpoint in a Virtual Private Cloud (VPC), ensure that the internal IP address of the ECS instance is added to a VPC whitelist group.
-
If you are using an internal endpoint in a classic network, ensure that the internal IP address of the ECS instance is added to a classic network whitelist group.
-
If you are connecting over the public network, ensure that the public IP address of your device is added to a classic network whitelist group. VPC whitelist groups do not apply to public network connections.
-
-
The public IP address in the whitelist might not be your device's actual outbound IP address. This discrepancy can occur for the following reasons:
-
The public IP address is not static and may change.
-
The public IP address provided by an IP lookup tool or website may be inaccurate. To find the correct outbound public IP address, see the following topics:
-
Step 3: Check database performance
Review the RDS instance's performance monitoring data for insufficient resources.
-
Check the current number of connections.
-
The maximum number of connections can be exhausted by too many idle or active connections. Check Primary instance specifications for the maximum number of connections supported by your instance specification.
-
Review your application code to ensure that connections are configured and closed properly. Unclosed connections can exhaust RDS resources and exhaust the connection limit. For more information, see Handle a full connection pool for an ApsaraDB for RDS for MySQL instance or Handle an excessive number of connections to an ApsaraDB for RDS for PostgreSQL instance.
-
-
If normal business growth is causing the connection issue, upgrade the instance specifications.
NoteThe upgrade process may cause a transient disconnection that lasts about 30 seconds. To ensure service continuity, implement an automatic reconnection mechanism in your application. For more information, see Usage notes.
-
Check whether the network traffic is normal or excessively high. If traffic is high, view the slow log details to identify and optimize slow SQL queries. For more information, see View the details of slow SQL query logs.
-
For other performance issues, see Resolve high usage of CPU, memory, storage, and IOPS.
Step 4: Check network and client
-
Check the network
Use the
pingortelnetcommand to test connectivity to the internal or public endpoint of the RDS instance. For example, runtelnet <Public endpoint of the RDS instance> 3306. If a "Connection timed out" or "Unable to connect" error occurs, a local firewall may be blocking the port. Check your local firewall settings. -
Check the client
Connect to the database using a different client tool to determine if the issue is client-specific. For more information, see the following topics:
ECS to RDS internal network access
If an ECS instance cannot access an RDS instance over the internal network, see Resolve instance connection issues.
Applies to
ApsaraDB for RDS