Compared with Elastic Compute Service (ECS) instances that reside in the classic network, ECS instances that reside in virtual private clouds (VPCs) are more secure and support additional features such as associating elastic IP addresses (EIPs). This topic describes how to use a migration plan to migrate one or more ECS instances from the classic network to a VPC.
Prerequisites
The ECS instances that you want to migrate from the classic network to a VPC meet the following requirements:- No local disks are attached to the instances. If local disks are attached to the instances, submit a ticket to contact Alibaba Cloud technical support to migrate the instances. Note For information about how to check whether local disks are attached to an instance, see the FAQ section of this topic.
- An amount of public bandwidth that is greater than 0 Mbit/s is allocated to the instances. If an ECS instance has a public IP address and a public bandwidth of 0 Mbit/s, you must upgrade the public bandwidth before you migrate the instance. For more information, see Modify public bandwidth.
- The instances reside in one of the following regions that support the migration plan feature: China (Qingdao), China (Beijing), China (Hangzhou), China (Shanghai), China (Shenzhen), China (Hong Kong), US (Silicon Valley), and Singapore (Singapore). Important Some ECS instances that reside in Hangzhou Zone C cannot be migrated from the classic network to VPCs.
Preparations
- Create snapshots for the disks on the ECS instances to be migrated to back up data. For more information, see Create a snapshot of a disk.Note You are charged for the snapshots. For information about the pricing of snapshots, see Snapshots.
- Optional:If an ECS instance that you want to migrate is associated with an Alibaba Cloud database service, you must enable the hybrid access mode for the database service in advance.
In hybrid access mode, Alibaba Cloud database services can be accessed by ECS instances that reside in the classic network or VPCs. For more information, see Hybrid access to ApsaraDB services.
- Optional:If an ECS instance that you want to migrate is associated with an Alibaba Cloud database service (such as ApsaraDB RDS) that provides the whitelist feature, you must add the CIDR block of the destination vSwitch to a whitelist of the database service in advance.
For more information, see Configure a whitelist.
- Optional:To ensure that services can be quickly restored after migration, we recommend that you configure application services to automatically start on instance startup and monitor the availability of the application services.
- Disable or uninstall server security software on the ECS instances to be migrated. Note The device drivers of ECS instances are updated when the instances are migrated. You must disable or uninstall security software such as Safedog, Huweishen, and Yunsuo on the instances in advance.
- Reserve at least 500 MiB of free space on the system disk of each ECS instance that you want to migrate. If less than 500 MiB of free space is reserved on the system disk of each ECS instance that you want to migrate, virtualization drivers may fail to be installed and may be unable to start.
- Make sure that the destination vSwitch has sufficient internal IP addresses available. The number of the available internal IP addresses must be greater than that of ECS instances to be migrated.
Step 1: Understand the impacts of the migration
Item | Description |
---|---|
Period of time that is required to migrate an instance | Approximately 15 minutes are required from the time when the instance is stopped in the classic network until the time when the instance is migrated to a VPC and started in the VPC. Important
|
Instance status | During the migration process, the instance that is migrated is stopped and then started again. We recommend that you migrate your instance during off-peak hours. |
Network type | After an instance is migrated, the network type of the instance changes from classic network to VPC. For information about VPCs, see What is a VPC?. |
Software authorization codes | After an instance is migrated, the authorization codes of software on the instance may change. |
Public and internal IP addresses |
|
Device names of disks |
|
Fees |
|
Others |
|
Step 2: Create a migration plan
- Log on to the ECS console.
- In the left-side navigation pane, choose .
- In the top navigation bar, select a region.
- Click Create Migration Plan.
- On the Precautions dialog box, select I have read and understood the precautions. and click Create Migration Plan.
- In the Configure Migration Plan step, configure parameters and click Next.
- In the Select Instances step, select ECS instances and click Next. If you set Retain Internal IP Address to (Default) Yes and allow mutual access over the internal network between migrated instances and unmigrated instances that are included in the migration plan, you must select all ECS instances in the classic network that require mutual access over the internal network. You can schedule different migration times for the instances to specify the order in which to migrate the instances.Note ECS instances in the classic network that are not included in the migration plan cannot communicate with the ECS instances that are migrated to the specified VPC. After the migration plan is created, ECS instances cannot be added to the plan.
In the following figure, the section that is labeled ① indicate the instances that you want to migrate in the first batch, and the section that is labeled ② indicates the instances that you want to migrate in subsequent batches.
- In the Scheduled Migration step, specify the migration time for the instances and click Verify. The instances are stopped and then started again during the migration process. We recommend that you schedule the migration task for your instances during off-peak hours. A unique migration time can be specified for each instance.
- To specify a migration time for only a single instance, click Schedule Migration Time in the Actions column corresponding to the instance.
- To specify a migration time for multiple instances that you want to migrate in a batch, select the instances and click Batch Schedule Migration Time.
- To specify the migration time for all instances, click Set Unified Migration Time.
Important- For ECS instances that need to remain in the classic network and communicate with the ECS instances that are migrated by this migration plan, specify a late migration time. Before the migration time, determine whether to migrate the ECS instances from the classic network.
- The following limits apply to the migration time that can be specified for each instance:
- The migration time cannot be earlier than the local time.
- The migration time cannot be later than the expiration time of the instance.
After the migration plan is created, the replicas of some disks are checked. The period of time that is required by the check is determined based on the disk size and the number of disks that are queued for the check. The migration starts after the check is complete. Follow the on-screen instructions to specify the migration time.
- In the Verify dialog box, read the migration considerations and verify whether your migration plan meets the specified requirements.
- If your migration plan meets the specified requirements, select options and click Confirm and Create.
- If your migration plan does not meet the requirements, error messages are displayed. You can troubleshoot the errors based on the error messages and modify parameters to create the migration plan again.
Step 3: Complete the migration

- Stop the ECS instances to be migrated.
- Migrate the computing and network resources of the ECS instances.
- Start the migrated ECS instances.
- Continue to migrate the disk data of the ECS instances.
- Complete the migration.
Step 4: Verify the migration result
- In the left-side navigation pane, choose .
- Find the migrated ECS instances and click the ID of each of these instances.
- On the Instance Details page, check whether the network type of the instance is VPC. If the instance is migrated to the specified VPC, the network type of the instance changes to VPC.
- Check the internal network and business runtime environments.
Scenario Migration plan What to do next Migrate all ECS instances from the classic network to a VPC - Set Destination VPC or Create a VPC to (Default) Automatically create a VPC, CIDR block: 10.0.0.0/8.
- Set Ensure interconnections between the migrated instances and the classic network-type instances to (Default) No.
Check whether your business system runs normally. Migrate some ECS instances to a VPC and retain other ECS instances in the classic network - Set Destination VPC or Create a VPC to (Default) Automatically create a VPC, CIDR block: 10.0.0.0/8.
- Set Ensure interconnections between the migrated instances and the classic network-type instances to Yes.
Check whether your business system runs normally. Other scenario Set Destination VPC or Create a VPC to a VPC that is associated with a CIDR block other than 10.0.0.0/8. - Check network connectivity.
- In this scenario, Retain Internal IP Address cannot be set to No. If your business is connected by using internal IP addresses, you must configure new internal IP addresses.
- Check whether your business system runs normally.
What to do next
- If an ECS instance runs a Linux operating system and is assigned a different internal IP address after the instance is migrated, you must modify the /etc/hosts file of the instance.
- Run the
vi /etc/hosts
command to open the hosts file. - Press the I key to enter the edit mode.
- Change the original internal IP address to the new internal IP address for the instance.
- Press the Esc key to exit the edit mode.
- Enter :wq and press the Enter key.
- Run the
- If you set Retain Internal IP Address to No in the migration plan, remove the internal IP addresses that are no longer used from the whitelists of other cloud services after the migration.
Common services that support whitelists include ApsaraDB RDS, SLB, and Object Storage Service (OSS).
- If an instance is migrated across zones, its connectivity with other Alibaba Cloud services such as ApsaraDB RDS, ApsaraDB for Redis, and ApsaraDB for MongoDB may be affected. Adjust application configurations in a timely manner. For example, you can migrate the corresponding RDS instances to the same zone as the ECS instance to ensure connectivity.
For more information, see Migrate an ApsaraDB RDS for MySQL instance across zones in the same region.
- If you have not restarted an instance or upgraded its kernel for an extended period of time, problems may occur after the instance is migrated. For example, a file system check (fsck) may be performed, configuration changes may become invalid, or the instance may be unable to start.
- Optional:Software authorization codes change because network interfaces are deleted.
If software is associated with a MAC address on your ECS instance and the software vendor approves the migration certificate that is issued by Alibaba Cloud, you can re-authorize the instance to use the software. If an error occurs, you must modify the configurations or roll back the instance.
- Optional:If you have not restarted an ECS instance for an extended period of time or after the kernel is upgraded, the system checks the file systems of the instance and updates the configurations of the instance when the instance is restarted. If your ECS instance cannot be started, Submit a ticket in a timely manner to contact Alibaba Cloud.
FAQ
Why am I unable to open websites, use services, or read data from or write data to databases on an instance after the instance is migrated from the classic network to a VPC?
This issue may occur because traffic is not allowed on the required communication ports in the new security groups of your instance. We recommend that you clone the original security group rules of the instance from the classic network. For more information, see Clone a security group.
After an instance is migrated, some software cannot be used and I am prompted that the authorization code is expired or invalid or that no authorization code exists for the software. Why?
- The software vendor did not approve the migration certificate that is issued by Alibaba Cloud. We recommend that you contact the software vendor or channel partner to submit a verification form for re-authorization.
- The software is associated with a MAC address to register to your instance. Some software is registered by using associated MAC addresses to valid environments. After an ECS instance is migrated to a VPC, only the public or private MAC address of the instance is retained. If the MAC address with which a piece of software is associated for registration is deleted, an authorization error occurs. We recommend that you contact the software vendor to check whether the software is associated with a MAC address to be registered to your instance. If the software is associated with a MAC address to be registered to your instance, you must re-associate the MAC address of the instance with the software. For more information, see Overview.
Why am I no longer able to use the FTP service on an instance after the instance is migrated?
- Convert the system-assigned public IP address of the instance to an EIP.
- Associate an EIP with a secondary ENI of the instance in cut-through mode.
What do I do if I cannot find data disks on some Windows instances after the instances are migrated.
After some Windows instances are migrated, the disks that are attached to the instances are disconnected. We recommend that you perform the following steps to configure the disks to automatically reconnect online. For more information, see Methods for processing offline disks on Windows ECS instances.
- Log on to the ECS console.
- In the left-side navigation pane, choose .
- Click Create or Run Command to create and run a Cloud Assistant command. In the Create Command panel, configure the parameters. The following table describes the parameters. For the parameters that are not described in the table, accept the default values. For more information, see Use the immediate execution feature.
Parameter Value Command Type PowerShell Command Content @("san policy=onlineall") |diskpart
Select Instances One or more Windows instances. - Click Execute and Save.
Why am I unable to transfer files to an instance or from an instance over FTP after the instance is migrated from the classic network to a VPC?
ECS instances in the classic network have both public network interfaces and private network interfaces. ECS instances in VPCs have only private network interfaces. If your applications are configured to recognize only public IP addresses, you must reconfigure the applications.
Most FTP clients access FTP servers in passive mode. In passive mode, FTP servers must communicate their IP addresses to FTP clients. In VPCs, public IP addresses cannot be recognized and FTP servers send their internal IP addresses to FTP clients. When the clients use the internal IP addresses to access the servers, errors occur.
listen_ipv6=NO
pasv_address=<PublicIP>
How do I check whether local disks are attached to an instance?
- Log on to the ECS console.
- In the left-side navigation pane, choose .
- On the Instances page, find the instance and check the Specifications column for local disk information. If local disk information is displayed in the Specifications column, local disks are attached to the instance. If no local disk information is displayed in the Specifications column, local disks are not attached to the instance.