Add the CIDR blocks of DTS servers

If you want to use Data Transmission Service (DTS) to transfer data and your source or destination database accepts connections only from specific IP addresses, you must configure the security settings of your database to allow access from DTS servers. For example, you must add the CIDR blocks of DTS servers to the security settings of your database, such as firewall, IP address whitelist, and security group.

Background information

Access methods

DTS supports the following six access methods:Alibaba Cloud Instance, Self-managed Database on ECS, Public IP Address, Express Connect, VPN Gateway, or Smart Access Gateway, Cloud Enterprise Network (CEN), and Database Gateway. The Access Method varies based on the task type, database type, and combination of the source and destination databases. The access methods displayed in the DTS console prevail.

You can select an Access Method to connect your database to DTS based on the database type.

Note

If the source or destination database of a data migration or change tracking instance is a self-managed database that resides in a region not supported by DTS, and you set Access Method to Public IP Address, you can select any region from the Instance Region drop-down list, and add the CIDR blocks of DTS servers to the security settings of your self-managed database. We recommend that you select the China (Hangzhou) region.

For Alibaba Cloud databases, such as ApsaraDB RDS for MySQL, PolarDB for MySQL, and ApsaraDB for MongoDB, we recommend that you set Access Method to Alibaba Cloud Instance to connect your database to DTS.
For self-managed databases that are deployed on Elastic Compute Service (ECS) instances, we recommend that you set Access Method to Self-managed Database on ECS.
For on-premises databases that are deployed in data centers, we recommend that you set Access Method to Public IP Address, Express Connect, VPN Gateway, or Smart Access Gateway, Cloud Enterprise Network (CEN), or Database Gateway based on your business requirements. We recommend that you enable public access for your on-premises database to accept access only from DTS servers, and set Access Method to Public IP Address to connect your database to DTS.
For third-party cloud databases, we recommend that you enable public access for your database and set Access Method to Public IP Address to connect your database to DTS.

Methods for adding the CIDR blocks of DTS servers

The CIDR blocks of DTS servers can be manually or automatically added. Whether you have to manually add the CIDR blocks depends on the Access Method parameter that is specified for the source or destination database.

Access method	Whether CIDR blocks must be manually added	Description

Access method	Whether CIDR blocks must be manually added	Description
Alibaba Cloud Instance	No Note MaxCompute projects and ApsaraDB for OceanBase instances are excluded.	The system automatically adds the CIDR blocks of DTS servers to the whitelist of Alibaba Cloud database instances, excluding MaxCompute projects and ApsaraDB for OceanBase instances. Note You must manually add the CIDR blocks of DTS servers to the IP address whitelist of MaxCompute to allow DTS to access MaxCompute. For more information, see the Configure an IP address whitelist to allow access from Alibaba Cloud services to MaxCompute section of the Manage IP address whitelists topic. You must manually add the CIDR blocks of DTS servers to the IP address whitelist of ApsaraDB for OceanBase to allow DTS to access ApsaraDB for OceanBase. The CIDS blocks to be added are the same as those for databases whose Access Method is Express Connect, VPN Gateway, or Smart Access Gateway. For more information, see Create a whitelist group and the CIDR blocks of DTS servers section of this topic.
Self-managed Database on ECS	No Note Databases that are hosted on multiple ECS instances are excluded.	The system automatically adds the CIDR blocks of DTS servers to the security group rules of the ECS instance. Make sure that the ECS instance can access the database. Note If your self-managed database is deployed on multiple ECS instances, you must manually add the CIDR blocks of DTS servers to the security group rules of each ECS instance. For more information, see Create a security group and Associate security groups with an instance (primary ENI).
Public IP Address	Yes	You must manually add the CIDS blocks of DTS servers to the security settings of the database. For more information, see the Add CIDR blocks section of this topic. Note You must also make preparations before you configure a DTS instance. For more information, see Preparation overview.
Express Connect, VPN Gateway, or Smart Access Gateway
Cloud Enterprise Network (CEN)
Database Gateway	Yes	You must manually add the IP addresses of all gateway nodes to the security settings of the database. Note To obtain the IP address of a gateway node, go to the Gateway details page of a database gateway. In the Gateway node cluster section, view the IP address of a gateway node in the Host column. You must also make preparations before you configure a DTS instance. For more information, see Preparation overview.

Names of IP address whitelists that are automatically created by DTS

When DTS attempts to connect to an Alibaba Cloud database instance, such as when you click Test Connectivity and Proceed in the DTS console, DTS automatically creates an IP address whitelist that includes the CIDR blocks of DTS servers for the database instance. The following table lists the Alibaba Cloud database instances for which DTS can automatically create IP address whitelists and the names of the whitelists.

Important

The IP address whitelist that is automatically created for a database instance by DTS applies to only connections between DTS and the database instance. If you use the whitelist to control access from another service, the service may be interrupted.
The names of the IP address whitelists automatically created by DTS contain "dts" or "DTS".

Database instance	Access method	Whitelist or security group name

Database instance	Access method	Whitelist or security group name
RDS MySQL RDS PostgreSQL RDS MariaDB RDS SQL Server	Alibaba Cloud Instance	rdsdts
PolarDB for MySQL cluster PolarDB for PostgreSQL cluster PolarDB for PostgreSQL (Compatible with Oracle) cluster		dtspolardb
AnalyticDB for MySQL V3.0 cluster		dts_adb_v3
AnalyticDB for PostgreSQL instance		dts
ApsaraDB for MongoDB instance		ddsdts
Tair (Redis OSS-Compatible)		dts_group
PolarDB-X 1.0		drdsdts
PolarDB-X 2.0		polardb_x_dts
ApsaraMQ for Kafka instance		dts_kafka
Elasticsearch cluster		dts_group
Lindorm instance		ali_dts_group
ApsaraDB for ClickHouse cluster		dts_clickhouse
ApsaraDB for SelectDB instance		dts_selectdb
ECS instance	Self-managed Database on ECS	SG-DTS-GROUP-****

Usage notes

If the source or destination database of a DTS instance is connected to DTS over Cloud Enterprise Network (CEN) or Express Connect, VPN Gateway, or Smart Access Gateway, you must add all the IP addresses and CIDR blocks of DTS servers to the following locations when you use DTS for the first time and receive DTS whitelist expansion notifications.
- The IP addresses or CIDR blocks of CEN. For more information, see the "Enable access to a cloud service from a Basic Edition transit router" section of the Manage access to cloud services topic.
- The local CIDR block of IPsec-VPN connections. For more information, see Create and manage IPsec-VPN connections in single-tunnel mode.
- The IP address whitelist of on-premises databases.
If the source or destination database of a DTS instance is connected to DTS by using a Public IP Address, you must add all the IP addresses and CIDR blocks of DTS servers to the IP address whitelist of the database instance when you use DTS for the first time and receive DTS whitelist expansion notifications.
Make sure that the CIDR blocks and IP addresses are added to the network environment of the corresponding region for the DTS instance. Otherwise, after a disaster recovery of the DTS task, new devices may not be able to connect to the instance. As a result, task delays or interruptions occur.
If the CIDR blocks of DTS servers are automatically or manually added to the IP address whitelist of a database instance or the security group rules of an ECS instance, security risks may arise. Therefore, before you use DTS to migrate data, you must understand the potential risks and take preventive measures, including but not limited to the following measures: enhance the security of your account and password, limit the ports that are exposed, authenticate API calls, regularly check the whitelist or ECS security group rules and forbid unauthorized CIDR blocks, and connect the database to DTS by using Express Connect, VPN Gateway, or Smart Access Gateway.
DTS may add or delete the automatically created IP address whitelists or security groups based on business requirements and security risks. Do not use the IP address whitelists or the security groups to control access from another service. The service level agreement (SLA) of DTS does not cover the issues caused by applying the IP address whitelists or security groups to another service. For information about the names of IP address whitelists or security groups automatically created by DTS, see the Names of IP address whitelists that are automatically created by DTS of this section.

Add CIDR blocks

Procedure

Check whether the CIDR blocks of DTS servers must be manually added to the IP address whitelist of the source or destination database.
Access Method

Check the regions to which the CIDR blocks of DTS servers belong.

Task type	Database whose security settings you want to add CIDR blocks to	Region to which the CIDR blocks of DTS servers to be added to the database security settings belong

Task type	Database whose security settings you want to add CIDR blocks to	Region to which the CIDR blocks of DTS servers to be added to the database security settings belong
Data Synchronization	Source database	The regions in which the source and destination databases reside.
Data Synchronization	Destination database	The region in which the destination database resides.
Data migration	Source database	The region in which the destination database resides.
Data migration	Destination database	The region in which the destination database resides.
Change tracking	Source database	The region in which the source database resides.
Data verification (separately configured)	Source database	The region in which the destination database resides.
Data verification (separately configured)	Destination database	The region in which the destination database resides.

View the CIDR blocks to be added based on the name or ID of the region to which the database instance resides.
For more information about the CIDR blocks of DTS servers, see the CIDR blocks of DTS servers table of this topic.
Add the CIDR blocks of DTS servers to the security settings of the database instance.
Check the configurations in the database instance and make sure that DTS can access the instance.
- If the database is a self-managed Kafka cluster and the listeners and advertised.listeners parameters are specified in the server.properties configuration file, make sure that DTS can connect to the Kafka cluster.
- If the database is a self-managed Redis database and the bind parameter is specified in the redis.conf configuration file, make sure that DTS can connect to the Redis database.

CIDR blocks of DTS servers

Note

If an on-premises database is connected to DTS over Cloud Enterprise Network (CEN), Express Connect, VPN Gateway, or Smart Access Gateway, the CIDR block added to the database security settings is a subnet range of the 100.64.0.0/10 CIDR block of Alibaba Cloud.
If you do not update the whitelist of the self-managed database at the earliest opportunity when new DTS servers are added, DTS may fail to connect to the database.

Region name	ID	Access method	CIDR block

Region name	ID	Access method	CIDR block
China (Hangzhou)	cn-hangzhou	Express Connect, VPN Gateway, or Smart Access Gateway	100.104.52.0/24,100.104.61.128/26,100.104.244.64/26,100.104.216.192/26,100.104.85.0/26,100.104.221.128/26,100.104.2.0/26,100.104.251.192/26,100.104.159.64/26,100.104.216.128/26,100.104.148.192/26,100.104.239.64/26,100.104.114.0/26,100.104.0.192/26,100.104.13.192/26,100.104.201.192/26,100.104.228.0/26
		Cloud Enterprise Network (CEN)
		Public IP Address	47.97.125.64,140.205.47.0/24,110.76.8.64/26,203.209.225.192/26,140.205.41.192/26,47.97.118.150,121.40.155.35,110.75.157.192/26,112.124.6.175,110.75.186.0/26,203.209.247.192/26,110.75.134.192/26,203.119.159.192/26,106.11.73.192/26,203.209.225.128/26,110.75.130.192/26,140.205.41.64/26,110.75.190.0/26,8.149.144.0/24,121.41.104.73,140.205.197.0/26,203.209.247.128/26,112.124.239.0/26,110.75.235.0/24,110.75.186.64/26,110.76.9.0/24,106.11.76.64/26,47.98.125.188,110.75.230.0/24,118.31.38.161,140.205.196.0/24,59.82.47.0/26,47.102.181.128/26,59.82.46.128/26,110.76.0.0/24,106.11.76.0/26,47.102.234.0/26,47.102.234.64/26,59.82.46.192/26,110.75.130.128/26,110.75.134.128/26,110.76.8.0/26,110.75.190.64/26,110.75.143.0/26,110.76.2.0/24,121.199.28.129,8.139.112.64/26,114.55.36.104,8.139.112.128/26,8.139.99.192/26,8.139.112.0/26,47.96.95.82,47.97.98.27,101.37.149.3,106.11.73.128/26,110.76.11.0/24,59.82.46.64/26,47.102.181.192/26,47.96.76.20
China (Shanghai)	cn-shanghai	Express Connect, VPN Gateway, or Smart Access Gateway	100.104.205.0/24,100.104.226.128/26,100.104.149.64/26,100.104.241.128/26,100.104.177.128/26,100.104.203.192/26,100.104.113.0/26,100.104.187.0/26,100.104.17.0/26,100.104.33.192/26,100.104.3.192/26,100.104.107.0/26,100.104.29.192/26,100.104.187.192/26,100.104.177.64/26,100.104.93.128/26
		Cloud Enterprise Network (CEN)
		Public IP Address	140.205.47.0/24,110.76.8.64/26,203.209.225.192/26,140.205.41.192/26,139.196.49.138,117.185.235.0/26,117.185.235.64/26,110.75.134.192/26,140.205.198.64/26,106.11.73.192/26,203.209.225.128/26,110.75.130.192/26,8.132.215.64/26,8.149.144.0/24,8.132.215.0/26,106.11.251.128/26,110.75.235.0/24,47.103.194.109,110.76.9.0/24,106.11.76.64/26,59.82.32.0/24,106.11.224.0/24,117.185.224.0/24,140.205.196.0/24,59.82.47.0/26,47.102.181.128/26,59.82.46.128/26,110.76.0.0/24,47.103.170.128/26,101.132.174.63,47.103.171.0/26,101.226.35.64/26,47.102.234.64/26,47.103.23.116,110.75.130.128/26,101.226.33.0/26,110.75.134.128/26,112.65.93.0/26,101.132.223.204,47.100.160.244,47.103.166.128/26,110.75.190.64/26,8.132.214.192/26,110.75.143.0/26,8.139.112.64/26,8.139.112.128/26,140.205.197.128/26,47.103.166.64/26,47.103.171.64/26,106.11.254.128/26,106.11.73.128/26,59.82.46.64/26,139.196.52.31,101.91.139.192/26,116.128.219.64/26,112.65.93.64/26,116.128.219.128/26,101.133.205.192/26,110.75.157.192/26,110.75.186.0/26,8.132.215.128/26,203.209.247.192/26,203.119.159.192/26,117.185.232.128/26,140.205.41.64/26,110.75.190.0/26,47.103.166.192/26,140.205.197.0/26,101.226.33.128/26,203.209.247.128/26,140.205.197.192/26,110.75.186.64/26,47.103.197.53,106.15.75.203,106.15.248.89,110.75.230.0/24,47.103.170.0/26,117.185.232.192/26,210.51.60.64/26,106.11.76.0/26,101.91.141.64/26,101.91.141.128/26,47.102.234.0/26,47.101.109.0/24,59.82.46.192/26,106.11.254.192/26,106.11.251.192/26,110.76.8.0/26,140.205.198.0/26,101.226.33.64/26,47.103.170.192/26,110.76.2.0/24,112.65.93.128/26,101.91.141.0/26,8.139.99.192/26,8.139.112.0/26,140.206.221.64/26,116.128.219.0/26,110.76.11.0/24,47.102.181.192/26,47.100.137.82
China (Qingdao)	cn-qingdao	Express Connect, VPN Gateway, or Smart Access Gateway	100.104.72.0/24,100.104.35.192/26,100.104.12.0/26,100.104.111.0/26,100.104.100.128/26,100.104.136.192/26,100.104.16.64/26,100.104.78.128/26
		Cloud Enterprise Network (CEN)
		Public IP Address	203.119.185.0/24,140.205.47.0/24,110.76.8.64/26,203.119.146.128/26,203.209.225.192/26,140.205.41.192/26,110.75.157.192/26,203.119.147.0/24,110.75.186.0/26,203.209.247.192/26,203.119.240.0/26,203.119.182.192/26,110.75.134.192/26,203.119.159.192/26,106.11.73.192/26,203.209.225.128/26,203.119.184.0/24,110.75.130.192/26,203.119.191.64/26,140.205.41.64/26,110.75.190.0/26,8.149.144.0/24,140.205.197.0/26,203.209.247.128/26,203.119.187.0/24,110.75.235.0/24,110.75.186.64/26,118.190.207.25,110.76.9.0/24,106.11.76.64/26,203.119.146.192/26,115.28.200.55,110.75.230.0/24,203.119.188.0/24,140.205.196.0/24,59.82.47.0/26,47.102.181.128/26,203.119.149.0/24,59.82.46.128/26,203.119.191.128/26,110.76.0.0/24,106.11.185.0/24,106.11.76.0/26,115.28.216.250,203.119.151.0/24,47.102.234.0/26,203.119.190.0/24,47.102.234.64/26,59.82.46.192/26,110.75.130.128/26,110.75.134.128/26,203.119.150.0/24,110.76.8.0/26,120.27.53.203,110.75.190.64/26,110.75.143.0/26,110.76.2.0/24,8.139.112.64/26,106.11.40.64/26,8.139.112.128/26,203.119.189.0/24,118.190.207.194,8.139.99.192/26,203.119.186.0/24,8.139.112.0/26,106.11.184.0/24,120.27.72.0/24,203.119.183.0/24,106.11.73.128/26,203.119.191.0/26,110.76.11.0/24,59.82.46.64/26,47.102.181.192/26,39.98.96.0/24,203.119.148.0/24
China (Beijing)	cn-beijing	Express Connect, VPN Gateway, or Smart Access Gateway	100.104.11.64/26,100.104.128.192/26,100.104.143.0/26,100.104.183.0/24,100.104.200.64/26,100.104.201.0/26,100.104.213.64/26,100.104.227.192/26,100.104.232.128/26,100.104.236.128/26,100.104.247.64/26,100.104.29.0/26,100.104.84.128/26,100.104.237.64/26,100.104.6.0/26,100.104.9.128/26,100.104.230.64/26,100.104.157.64/26
		Cloud Enterprise Network (CEN)
		Public IP Address	140.205.47.0/24,60.205.157.204,110.76.8.64/26,123.56.186.180,203.209.225.192/26,140.205.41.192/26,101.200.141.67,112.126.112.0/26,112.126.112.64/26,110.75.157.192/26,111.206.225.64/26,110.75.186.0/26,203.209.247.192/26,49.7.153.0/24,110.75.134.192/26,203.119.159.192/26,106.11.73.192/26,203.209.225.128/26,123.57.238.231,110.75.130.192/26,182.92.137.0/24,60.205.243.19,140.205.41.64/26,110.75.190.0/26,8.149.144.0/24,140.205.197.0/26,123.56.244.9,203.209.247.128/26,101.200.20.0/26,110.75.235.0/24,110.75.186.64/26,111.13.119.128/26,110.76.9.0/24,60.205.112.5,106.11.76.64/26,101.200.116.192/26,182.92.32.128/26,123.57.136.105,112.126.111.128/26,110.75.230.0/24,39.156.175.0/24,60.205.165.226,39.107.7.64/26,39.107.7.0/26,182.92.196.155,49.7.152.0/24,140.205.196.0/24,59.82.47.0/26,47.102.181.128/26,60.205.166.109,111.206.225.128/26,59.82.46.128/26,114.250.54.64/26,110.76.0.0/24,106.11.76.0/26,47.94.2.56,111.13.119.192/26,59.110.38.253,47.102.234.0/26,39.105.58.165,47.93.21.67,47.102.234.64/26,59.82.46.192/26,114.250.54.0/26,110.75.130.128/26,182.92.17.192/26,110.75.134.128/26,182.92.157.129,114.250.62.0/24,111.13.22.64/26,111.13.246.192/26,110.76.8.0/26,182.92.32.192/26,110.75.190.64/26,110.75.143.0/26,110.76.2.0/24,101.200.72.175,8.139.112.64/26,8.139.112.128/26,39.107.223.0/24,8.139.99.192/26,8.139.112.0/26,182.92.17.128/26,8.131.132.0/26,112.126.111.192/26,106.11.73.128/26,110.76.11.0/24,59.82.46.64/26,47.102.181.192/26
China (Zhangjiakou)	cn-zhangbei	Express Connect, VPN Gateway, or Smart Access Gateway	100.104.144.128/26,100.104.175.0/24,100.104.180.192/26,100.104.249.0/26,100.104.32.64/26,100.104.52.0/26,100.104.84.128/26,100.104.133.128/26,100.104.211.192/26
		Cloud Enterprise Network (CEN)
		Public IP Address	203.119.185.0/24,140.205.47.0/24,59.82.71.192/26,203.119.254.0/24,110.76.8.64/26,116.132.190.64/26,59.82.91.0/24,203.119.146.128/26,203.209.225.192/26,140.205.41.192/26,59.82.72.192/26,59.82.89.0/26,59.82.92.0/26,59.82.92.64/26,59.82.76.192/26,203.119.255.0/24,59.82.72.64/26,203.119.240.0/26,110.75.134.192/26,106.11.73.192/26,203.209.225.128/26,59.82.87.0/24,203.119.184.0/24,110.75.130.192/26,203.119.191.64/26,59.82.73.0/26,8.149.144.0/24,203.119.187.0/24,110.75.235.0/24,110.76.9.0/24,59.82.27.0/24,106.11.76.64/26,59.82.76.128/26,203.119.146.192/26,203.119.188.0/24,203.119.182.0/24,59.82.63.192/26,140.205.196.0/24,59.82.47.0/26,47.102.181.128/26,203.119.149.0/24,59.82.46.128/26,110.76.0.0/24,59.82.25.0/24,47.102.234.64/26,110.75.130.128/26,110.75.134.128/26,59.82.72.0/26,203.119.150.0/24,110.75.190.64/26,110.75.143.0/26,111.63.137.192/26,8.139.112.64/26,111.62.14.0/26,106.11.40.64/26,8.139.112.128/26,111.225.159.128/26,203.119.178.0/24,59.82.18.64/26,111.225.159.64/26,106.11.184.0/24,59.82.88.0/24,59.82.85.192/26,59.82.71.128/26,106.11.73.128/26,203.119.191.0/26,59.82.66.0/26,59.82.46.64/26,59.82.19.0/26,59.82.18.192/26,59.82.90.192/26,110.75.157.192/26,203.119.147.0/24,110.75.186.0/26,111.63.163.0/24,59.82.18.128/26,203.209.247.192/26,203.119.177.0/24,123.182.56.0/24,203.119.159.192/26,203.119.181.0/24,106.11.222.192/26,116.132.190.128/26,59.82.65.0/24,140.205.41.64/26,110.75.190.0/26,203.119.176.0/24,59.82.73.64/26,203.119.179.0/24,140.205.197.0/26,203.209.247.128/26,123.182.57.0/26,59.82.90.128/26,59.82.63.128/26,110.75.186.64/26,106.11.222.64/26,59.82.24.0/24,110.75.230.0/24,59.82.85.128/26,59.82.77.64/26,59.82.86.0/24,59.82.64.0/24,116.132.137.0/26,203.119.191.128/26,106.11.185.0/24,106.11.201.0/24,106.11.76.0/26,203.119.151.0/24,47.102.234.0/26,111.63.137.128/26,203.119.190.0/24,111.225.159.192/26,106.11.222.128/26,59.82.46.192/26,203.119.239.0/24,110.76.8.0/26,110.76.2.0/24,59.82.26.0/24,106.11.223.0/26,203.119.189.0/24,8.139.99.192/26,203.119.186.0/24,8.139.112.0/26,59.82.89.64/26,116.132.190.192/26,203.119.180.0/24,203.119.183.0/24,116.132.191.0/24,110.76.11.0/24,47.102.181.192/26,39.98.96.0/24,203.119.148.0/24,59.82.77.0/26,111.62.14.64/26,59.82.73.128/26,47.92.185.0/24,203.119.253.128/26,59.82.66.64/26
China (Hohhot)	cn-huhehaote	Express Connect, VPN Gateway, or Smart Access Gateway	100.104.72.0/24,100.104.145.64/26,100.104.132.64/26,100.104.177.192/26,100.104.12.0/26,100.104.37.128/26,100.104.218.128/26,100.104.250.0/26,100.104.122.128/26,100.104.158.192/26
		Cloud Enterprise Network (CEN)
		Public IP Address	39.102.199.64/26,39.104.72.87,39.104.78.173,39.104.62.152,39.99.77.64/26,39.102.199.128/26,39.104.199.192/26,39.104.79.122,39.102.224.0/26,39.99.77.0/26,39.104.220.0/24,39.104.86.0,39.102.199.192/26,39.99.77.128/26
China (Ulanqab)	cn-wulanchabu	Express Connect, VPN Gateway, or Smart Access Gateway	100.104.182.128/26,100.104.100.128/26,100.104.136.192/26,100.104.16.64/26,100.104.78.128/26,100.104.205.192/26,100.104.152.128/26,100.104.199.192/26,100.104.120.0/26
		Cloud Enterprise Network (CEN)
		Public IP Address	140.205.47.0/24,8.130.69.168,110.76.8.64/26,203.209.225.192/26,140.205.41.192/26,39.101.5.0/26,110.75.157.192/26,110.75.186.0/26,203.209.247.192/26,110.75.134.192/26,8.130.69.173,39.101.0.192/26,203.119.159.192/26,106.11.73.192/26,203.209.225.128/26,110.75.130.192/26,140.205.41.64/26,110.75.190.0/26,8.149.144.0/24,140.205.197.0/26,203.209.247.128/26,110.75.235.0/24,110.75.186.64/26,110.76.9.0/24,106.11.76.64/26,110.75.230.0/24,59.82.126.0/24,8.130.121.252,39.101.7.0/24,140.205.196.0/24,59.82.47.0/26,47.102.181.128/26,59.82.46.128/26,110.76.0.0/24,106.11.76.0/26,47.102.234.0/26,47.102.234.64/26,59.82.46.192/26,110.75.130.128/26,110.75.134.128/26,110.76.8.0/26,110.75.190.64/26,121.89.103.128/26,110.75.143.0/26,110.76.2.0/24,8.139.112.64/26,8.139.112.128/26,8.139.99.192/26,121.89.103.192/26,8.139.112.0/26,39.101.0.64/26,39.101.0.128/26,121.89.103.64/26,106.11.73.128/26,121.89.104.0/26,110.76.11.0/24,59.82.46.64/26,47.102.181.192/26,8.130.48.34,8.130.122.110
China (Shenzhen)	cn-shenzhen	Express Connect, VPN Gateway, or Smart Access Gateway	100.104.75.64/26,100.104.235.192/26,100.104.205.0/24,100.104.41.64/26,100.104.171.128/26,100.104.161.192/26,100.104.172.192/26,100.104.168.0/26,100.104.160.128/26,100.104.179.128/26,100.104.98.192/26,100.104.168.128/26,100.104.247.64/26
		Cloud Enterprise Network (CEN)
		Public IP Address	140.205.47.0/24,110.76.8.64/26,203.209.225.192/26,140.205.41.192/26,47.112.84.0/26,47.120.88.0/26,110.75.157.192/26,110.75.186.0/26,203.209.247.192/26,47.120.88.64/26,110.75.134.192/26,203.119.159.192/26,106.11.73.192/26,203.209.225.128/26,120.78.179.12,47.112.83.192/26,110.75.130.192/26,140.205.41.64/26,110.75.190.0/26,120.79.68.184,120.77.61.108,8.149.144.0/24,120.77.195.192/26,140.205.197.0/26,203.209.247.128/26,110.75.235.0/24,120.77.195.64/26,110.75.186.64/26,110.76.9.0/24,106.11.76.64/26,110.75.230.0/24,120.77.195.128/26,47.112.86.0/26,140.205.196.0/24,59.82.47.0/26,47.102.181.128/26,59.82.46.128/26,47.115.161.93,110.76.0.0/24,47.113.183.192/26,106.11.76.0/26,47.102.234.0/26,47.102.234.64/26,47.112.84.128/26,59.82.46.192/26,110.75.130.128/26,110.75.134.128/26,110.76.8.0/26,110.75.190.64/26,110.75.143.0/26,110.76.2.0/24,47.113.183.128/26,8.139.112.64/26,8.139.112.128/26,120.24.177.221,8.139.99.192/26,112.74.44.248,8.139.112.0/26,47.112.84.64/26,47.113.76.192/26,120.79.71.173,106.11.73.128/26,47.106.63.0/24,110.76.11.0/24,59.82.46.64/26,47.102.181.192/26
China (Heyuan)	cn-heyuan	Express Connect, VPN Gateway, or Smart Access Gateway	100.104.147.192/26,100.104.76.192/26,100.104.246.192/26,100.104.106.192/26,100.104.210.128/26,100.104.48.128/26
		Cloud Enterprise Network (CEN)
		Public IP Address	140.205.47.0/24,110.76.8.64/26,203.209.225.192/26,140.205.41.192/26,110.75.157.192/26,110.75.186.0/26,203.209.247.192/26,110.75.134.192/26,203.119.159.192/26,106.11.73.192/26,203.209.225.128/26,110.75.130.192/26,140.205.41.64/26,110.75.190.0/26,8.149.144.0/24,140.205.197.0/26,47.113.157.192/26,203.209.247.128/26,110.75.235.0/24,110.75.186.64/26,110.76.9.0/24,106.11.76.64/26,110.75.230.0/24,47.113.158.0/26,140.205.196.0/24,59.82.47.0/26,47.102.181.128/26,59.82.46.128/26,110.76.0.0/24,106.11.76.0/26,47.102.234.0/26,47.102.234.64/26,59.82.46.192/26,110.75.130.128/26,110.75.134.128/26,47.113.157.64/26,110.76.8.0/26,47.113.157.128/26,110.75.190.64/26,110.75.143.0/26,110.76.2.0/24,8.139.112.64/26,8.139.112.128/26,8.139.99.192/26,8.139.112.0/26,106.11.73.128/26,110.76.11.0/24,59.82.46.64/26,47.102.181.192/26
China (Guangzhou)	cn-guangzhou	Express Connect, VPN Gateway, or Smart Access Gateway	100.104.132.64/26,100.104.240.128/26,100.104.122.128/26,100.104.233.0/26,100.104.166.64/26,100.104.100.128/26,100.104.136.192/26,100.104.16.64/26
		Cloud Enterprise Network (CEN)
		Public IP Address	140.205.47.0/24,110.76.8.64/26,203.209.225.192/26,140.205.41.192/26,110.75.157.192/26,110.75.186.0/26,203.209.247.192/26,8.134.79.141,110.75.134.192/26,8.134.79.143,203.119.159.192/26,106.11.73.192/26,203.209.225.128/26,110.75.130.192/26,140.205.41.64/26,110.75.190.0/26,8.149.144.0/24,8.134.0.64/26,140.205.197.0/26,203.209.247.128/26,110.75.235.0/24,110.75.186.64/26,110.76.9.0/24,106.11.76.64/26,8.134.0.192/26,110.75.230.0/24,8.134.0.128/26,140.205.196.0/24,59.82.47.0/26,47.102.181.128/26,59.82.46.128/26,110.76.0.0/24,106.11.76.0/26,47.102.234.0/26,47.102.234.64/26,59.82.46.192/26,110.75.130.128/26,110.75.134.128/26,110.76.8.0/26,110.75.190.64/26,110.75.143.0/26,110.76.2.0/24,8.139.112.64/26,8.139.112.128/26,8.139.99.192/26,8.139.112.0/26,106.11.73.128/26,110.76.11.0/24,59.82.46.64/26,47.102.181.192/26,8.134.5.0/26
China (Chengdu)	cn-chengdu	Express Connect, VPN Gateway, or Smart Access Gateway	100.104.76.192/26,100.104.145.64/26,100.104.235.192/26,100.104.127.0/26,100.104.166.64/26,100.104.100.128/26,100.104.136.192/26,100.104.16.64/26,100.104.149.128/26,100.104.177.0/26
		Cloud Enterprise Network (CEN)
		Public IP Address	140.205.47.0/24,110.76.8.64/26,203.209.225.192/26,140.205.41.192/26,47.109.5.0/26,110.75.157.192/26,110.75.186.0/26,203.209.247.192/26,110.75.134.192/26,203.119.159.192/26,106.11.73.192/26,203.209.225.128/26,110.75.130.192/26,47.108.47.64/26,140.205.41.64/26,8.137.26.128/26,110.75.190.0/26,8.149.144.0/24,140.205.197.0/26,203.209.247.128/26,8.137.26.64/26,110.75.235.0/24,110.75.186.64/26,110.76.9.0/24,106.11.76.64/26,110.75.230.0/24,140.205.196.0/24,59.82.47.0/26,47.102.181.128/26,59.82.46.128/26,110.76.0.0/24,106.11.76.0/26,47.102.234.0/26,47.102.234.64/26,59.82.46.192/26,110.75.130.128/26,110.75.134.128/26,47.108.45.128/26,47.108.45.192/26,110.76.8.0/26,110.75.190.64/26,110.75.143.0/26,110.76.2.0/24,8.139.112.64/26,8.139.112.128/26,8.139.99.192/26,8.139.112.0/26,106.11.73.128/26,110.76.11.0/24,47.108.47.0/26,59.82.46.64/26,47.102.181.192/26,8.137.29.0/26,8.137.26.192/26
China (Hong Kong)	cn-hongkong	Express Connect, VPN Gateway, or Smart Access Gateway	100.104.233.0/24,100.104.177.192/26,100.104.158.192/26,100.104.180.192/26,100.104.120.0/26,100.104.2.64/26,100.104.242.64/26,100.104.187.64/26,100.104.169.0/26,100.104.37.0/26
		Cloud Enterprise Network (CEN)
		Public IP Address	140.205.47.0/24,110.76.8.64/26,47.240.180.192/26,203.209.225.192/26,140.205.41.192/26,110.75.157.192/26,110.75.186.0/26,203.209.247.192/26,110.75.134.192/26,203.119.159.192/26,106.11.73.192/26,203.209.225.128/26,47.240.211.0/26,110.75.130.192/26,140.205.41.64/26,110.75.190.0/26,8.149.144.0/24,47.90.37.175,140.205.197.0/26,203.209.247.128/26,110.75.235.0/24,110.75.186.64/26,110.76.9.0/24,106.11.76.64/26,110.75.230.0/24,47.240.210.192/26,140.205.196.0/24,59.82.47.0/26,47.243.0.32/28,47.102.181.128/26,59.82.46.128/26,110.76.0.0/24,106.11.76.0/26,47.89.39.119,47.102.234.0/26,47.90.38.29,47.102.234.64/26,59.82.46.192/26,110.75.130.128/26,110.75.134.128/26,110.76.8.0/26,110.75.190.64/26,110.75.143.0/26,110.76.2.0/24,8.139.112.64/26,8.139.112.128/26,47.240.195.0/26,8.139.99.192/26,8.139.112.0/26,47.240.195.128/26,106.11.73.128/26,110.76.11.0/24,59.82.46.64/26,47.102.181.192/26,47.90.24.64/26,47.240.195.64/26,47.240.210.64/26,47.240.210.128/26
Singapore	ap-southeast-1	Express Connect, VPN Gateway, or Smart Access Gateway	100.104.188.0/24,100.104.207.128/26,100.104.12.0/26,100.104.179.64/26,100.104.41.64/26,100.104.59.64/26,100.104.91.64/26,100.104.111.64/26,100.104.44.0/26,100.104.238.64/26
		Cloud Enterprise Network (CEN)
		Public IP Address	47.88.233.0/24,161.117.146.192/26,161.117.164.64/26,161.117.164.0/26,161.117.172.0/28,47.74.206.0/24,161.117.146.128/26,47.102.181.128/26,47.102.181.192/26,47.102.234.64/26,47.102.234.0/26,8.139.112.64/26,8.139.112.0/26,8.139.112.128/26,8.139.99.192/26,47.89.72.128/26,47.89.73.128/26,47.89.73.192/26,47.89.75.192/26,47.89.88.64/26,47.89.90.64/26,47.246.74.192/26,47.246.107.0/26,47.89.88.0/26,47.89.90.0/26,47.246.108.64/26,47.246.164.64/26,47.89.88.128/26,47.246.73.64/26,47.246.74.0/26,47.246.175.192/26
Malaysia (Kuala Lumpur)	ap-southeast-3	Express Connect, VPN Gateway, or Smart Access Gateway	100.104.5.0/24,100.104.36.0/26,100.104.234.192/26,100.104.76.192/26,100.104.69.0/26,100.104.87.192/26,100.104.158.192/26,100.104.250.0/26
		Cloud Enterprise Network (CEN)
		Public IP Address	47.250.30.0/24,47.250.34.128/28,47.250.29.0/24
Indonesia (Jakarta)	ap-southeast-5	Express Connect, VPN Gateway, or Smart Access Gateway	100.104.175.0/24,100.104.35.192/26,100.104.235.192/26,100.104.12.0/26,100.104.111.0/26,100.104.158.192/26,100.104.37.128/26,100.104.218.128/26
		Cloud Enterprise Network (CEN)
		Public IP Address	8.215.147.0/28,147.139.132.101,149.129.230.192/26,147.139.156.64/26,147.139.165.206,147.139.133.46,147.139.179.168,147.139.156.0/26,147.139.156.128/26
Philippines (Manila)	ap-southeast-6	Express Connect, VPN Gateway, or Smart Access Gateway	100.104.153.64/26,100.104.76.192/26,100.104.246.192/26,100.104.158.192/26,100.104.37.128/26,100.104.218.128/26,100.104.250.0/26
		Cloud Enterprise Network (CEN)
		Public IP Address	8.212.137.0/26,8.212.136.192/26,8.212.136.128/26,8.212.136.64/26
Thailand (Bangkok)	ap-southeast-7	Express Connect, VPN Gateway, or Smart Access Gateway	100.104.150.192/26,100.104.75.64/26,100.104.132.64/26,100.104.177.192/26,100.104.12.0/26
		Cloud Enterprise Network (CEN)
		Public IP Address	8.213.163.0/26,8.213.162.64/26,8.213.162.128/26,8.213.162.192/26
Japan (Tokyo)	ap-northeast-1	Express Connect, VPN Gateway, or Smart Access Gateway	100.104.112.0/24,100.104.117.192/26,100.104.12.0/26,100.104.166.64/26,100.104.179.64/26,100.104.108.128/26,100.104.100.128/26,100.104.136.192/26
		Cloud Enterprise Network (CEN)
		Public IP Address	47.91.0.128/26,47.245.51.0/24,47.245.18.192/26,47.245.18.128/26,47.91.0.192/26,8.209.192.160/28
US (Silicon Valley)	us-west-1	Express Connect, VPN Gateway, or Smart Access Gateway	100.104.175.0/24,100.104.48.128/26,100.104.166.64/26,100.104.108.128/26,100.104.100.128/26,100.104.136.192/26,100.104.16.64/26,100.104.242.64/26
		Cloud Enterprise Network (CEN)
		Public IP Address	140.205.47.0/24,110.76.8.64/26,203.209.225.192/26,140.205.41.192/26,110.75.157.192/26,110.75.186.0/26,203.209.247.192/26,47.88.98.0/24,110.75.134.192/26,203.119.159.192/26,47.88.15.174,106.11.73.192/26,203.209.225.128/26,110.75.130.192/26,47.252.71.192/26,140.205.41.64/26,110.75.190.0/26,8.149.144.0/24,140.205.197.0/26,203.209.247.128/26,110.75.235.0/24,47.252.90.64/26,110.75.186.64/26,110.76.9.0/24,106.11.76.64/26,47.88.6.196,110.75.230.0/24,140.205.196.0/24,59.82.47.0/26,47.102.181.128/26,59.82.46.128/26,110.76.0.0/24,106.11.76.0/26,47.88.10.217,47.102.234.0/26,47.252.71.128/26,47.102.234.64/26,59.82.46.192/26,110.75.130.128/26,110.75.134.128/26,110.76.8.0/26,110.75.190.64/26,110.75.143.0/26,110.76.2.0/24,47.88.1.17,8.139.112.64/26,8.139.112.128/26,47.252.90.0/26,8.139.99.192/26,47.251.136.112/28,8.139.112.0/26,106.11.73.128/26,110.76.11.0/24,59.82.46.64/26,47.102.181.192/26
US (Virginia)	us-east-1	Express Connect, VPN Gateway, or Smart Access Gateway	100.104.233.0/24,100.104.240.128/26,100.104.132.64/26,100.104.177.192/26,100.104.12.0/26,100.104.111.0/26,100.104.122.128/26,100.104.87.192/26,100.104.179.64/26
		Cloud Enterprise Network (CEN)
		Public IP Address	140.205.47.0/24,110.76.8.64/26,203.209.225.192/26,140.205.41.192/26,110.75.157.192/26,110.75.186.0/26,203.209.247.192/26,47.88.98.0/24,47.250.29.0/24,110.75.134.192/26,203.119.159.192/26,106.11.73.192/26,203.209.225.128/26,110.75.130.192/26,140.205.41.64/26,47.253.64.0/28,110.75.190.0/26,8.149.144.0/24,140.205.197.0/26,203.209.247.128/26,110.75.235.0/24,110.75.186.64/26,110.76.9.0/24,106.11.76.64/26,110.75.230.0/24,140.205.196.0/24,59.82.47.0/26,47.102.181.128/26,59.82.46.128/26,110.76.0.0/24,106.11.76.0/26,47.102.234.0/26,47.102.234.64/26,59.82.46.192/26,47.252.91.0/24,110.75.130.128/26,110.75.134.128/26,110.76.8.0/26,110.75.190.64/26,110.75.143.0/26,110.76.2.0/24,8.139.112.64/26,8.139.112.128/26,8.139.99.192/26,8.139.112.0/26,106.11.73.128/26,110.76.11.0/24,59.82.46.64/26,47.102.181.192/26
Germany (Frankfurt)	eu-central-1	Express Connect, VPN Gateway, or Smart Access Gateway	100.104.5.0/24,100.104.193.128/26,100.104.161.64/26,100.104.89.128/26,100.104.177.0/26,100.104.224.0/26,100.104.92.128/26,100.104.62.64/26,100.104.216.192/26
		Cloud Enterprise Network (CEN)
		Public IP Address	8.209.86.0/26,47.254.165.128/26,47.245.155.0/28,47.254.165.64/26,47.254.165.192/26,47.254.180.0/24
UK (London)	eu-west-1	Express Connect, VPN Gateway, or Smart Access Gateway	100.104.133.64/26,100.104.207.128/26,100.104.87.192/26,100.104.145.64/26,100.104.235.192/26,100.104.75.64/26,100.104.132.64/26
		Cloud Enterprise Network (CEN)
		Public IP Address	8.208.72.0/24,8.208.73.0/24,8.208.75.64/28,47.88.98.0/24
UAE (Dubai)	me-east-1	Express Connect, VPN Gateway, or Smart Access Gateway	100.104.205.0/24,100.104.161.0/26,100.104.53.0/26,100.104.111.128/26,100.104.248.128/26
		Cloud Enterprise Network (CEN)
		Public IP Address	8.209.86.0/26,47.254.165.128/26,47.254.165.64/26,47.254.165.192/26
South Korea (Seoul)	ap-northeast-2	Express Connect, VPN Gateway, or Smart Access Gateway	100.104.119.128/26,100.104.153.64/26,100.104.76.192/26,100.104.246.192/26,100.104.106.192/26,100.104.210.128/26
		Cloud Enterprise Network (CEN)
		Public IP Address	149.129.14.128/26,149.129.13.64/26,149.129.14.192/26,149.129.13.0/26
SAU (Riyadh - Partner Region)	me-central-1	Express Connect, VPN Gateway, or Smart Access Gateway	100.104.106.192/26,100.104.145.64/26,100.104.210.128/26,100.104.48.128/26,100.104.69.0/26,100.104.76.192/26,100.104.87.192/26
		Cloud Enterprise Network (CEN)
		Public IP Address	8.213.0.192/26,8.213.5.0/26,8.213.16.59,8.213.16.111,8.213.16.123,8.213.16.17,8.213.16.91,8.213.5.64/26,8.213.6.0/24,8.213.0.128/26

What to do next

After a DTS task is complete or released, we recommend that you manually delete the CIDR blocks of DTS server from the database security settings to prevent DTS from accessing the database.

You must remove the IP address whitelists whose names contain dts from the IP address whitelists of Alibaba Cloud database instances.
You must remove the security groups whose names contain DTS from the security groups of ECS instances.
You must remove the CIDR blocks of DTS servers from the security settings of self-managed databases or databases hosted on third-party cloud platforms.

Background information

Access methods

Methods for adding the CIDR blocks of DTS servers

Names of IP address whitelists that are automatically created by DTS

Usage notes

Add CIDR blocks

Procedure

CIDR blocks of DTS servers

What to do next

References

Sales Support

Technical Support

Connect & Report Abuse

About Alibaba Cloud

Our Global Network

Quick Start

Global Offices

Olympic Games Paris 2024 New

Stade Roland Garros – Glitz from the Past New

Place de la Concorde – “Breaking” the Barriers New

Vaires-sur-Marne Nautical Stadium – Sports with Sustainability New

International Broadcast Center – Images, Sounds, and Data that Captivate Billions New

Customer Success Stories New

Trust Center

Security & Compliance Center

Cloud Compliance Resources

Security Compliance FAQs

Product & Feature Update New

Cloud Forward

Press Room

Alibaba Cloud e-Magazine New

Alibaba Cloud in Analyst Research

Notice

Go Global Service New

Go Global Alliance with Alibaba Cloud

Asia Accelerator Hot

Information Compliance

China Gateway - MLPS 2.0 Compliance New

China Gateway - Networking

China Gateway - Global Application Acceleration New

China Gateway - Security

China Gateway - Data Security New

ICP Support Hot

China Gateway - Omnichannel Data Mid-End New

China Gateway - Organizational Data Mid-End New

China Gateway - Business Mid-End New

China Gateway - AI Service for Conversational Chatbots New

China Gateway - Online Education

China Gateway - Domain Registration

Work at Alibaba Cloud

Experienced Professionals

Students and Graduates

Free Trial

Pricing

Promo Center

Price Reduction

Pay Less and Deploy More

FinOps

Elastic Compute Service (ECS)

Simple Application Server (SAS)

Elastic GPU Service

Elastic Desktop Service (EDS)

Object Storage Service (OSS)

Cloud Enterprise Network (CEN)

Web Application Firewall (WAF)

Domain Names

Container Compute Service (ACS)

Secure Access Service Edge (SASE)

Intelligent Media Services(IMS)

Edge Security Acceleration (ESA)(Original DCDN)

Intelligent Media Management

DingTalk Enterprise

YiDA

Alibaba Cloud Model Studio

Apsara Prime - For Easy Cloud Product Selection

Alibaba Cloud ECS - Cater All Your Cloud Hosting Needs

1TB CDN—Get Free 1 TB Outbound Traffic Plan Now

Security—Under Attack? Get Free Security Support

Short Message Service - Free Testing is Available

Elastic Compute Service (ECS) Hot

CloudBox

Compute Nest

Dedicated Host Hot

ECS Bare Metal Instance

Elastic GPU Service Featured

Simple Application Server (SAS) Hot

Auto Scaling

Cloud Phone Beta

Elastic Desktop Service (EDS) Featured

Batch Compute

Elastic High Performance Computing (E-HPC)

Super Computing Cluster (SCC)

Function Compute (FC)