If you want to use Data Transmission Service (DTS) to transfer data and your source or destination database accepts connections only from specific IP addresses, you must configure the security settings of your database to allow access from DTS servers. For example, you must add the CIDR blocks of DTS servers to the security settings of your database, such as firewall, IP address whitelist, and security group.
Background information
Access methods
DTS supports the following six access methods:Alibaba Cloud Instance, Self-managed Database on ECS, Public IP Address, Express Connect, VPN Gateway, or Smart Access Gateway, Cloud Enterprise Network (CEN), and Database Gateway. The Access Method varies based on the task type, database type, and combination of the source and destination databases. The access methods displayed in the DTS console prevail.
You can select an Access Method to connect your database to DTS based on the database type.
If the source or destination database of a data migration or change tracking instance is a self-managed database that resides in a region not supported by DTS, and you set Access Method to Public IP Address, you can select any region from the Instance Region drop-down list, and add the CIDR blocks of DTS servers to the security settings of your self-managed database. We recommend that you select the China (Hangzhou) region.
For Alibaba Cloud databases, such as ApsaraDB RDS for MySQL, PolarDB for MySQL, and ApsaraDB for MongoDB, we recommend that you set Access Method to Alibaba Cloud Instance to connect your database to DTS.
For self-managed databases that are deployed on Elastic Compute Service (ECS) instances, we recommend that you set Access Method to Self-managed Database on ECS.
For on-premises databases that are deployed in data centers, we recommend that you set Access Method to Public IP Address, Express Connect, VPN Gateway, or Smart Access Gateway, Cloud Enterprise Network (CEN), or Database Gateway based on your business requirements. We recommend that you enable public access for your on-premises database to accept access only from DTS servers, and set Access Method to Public IP Address to connect your database to DTS.
For third-party cloud databases, we recommend that you enable public access for your database and set Access Method to Public IP Address to connect your database to DTS.
Methods for adding the CIDR blocks of DTS servers
The CIDR blocks of DTS servers can be manually or automatically added. Whether you have to manually add the CIDR blocks depends on the Access Method parameter that is specified for the source or destination database.
Access method | Whether CIDR blocks must be manually added | Description |
Alibaba Cloud Instance | No Note MaxCompute projects and ApsaraDB for OceanBase instances are excluded. | The system automatically adds the CIDR blocks of DTS servers to the whitelist of Alibaba Cloud database instances, excluding MaxCompute projects and ApsaraDB for OceanBase instances. Note
|
Self-managed Database on ECS | No Note Databases that are hosted on multiple ECS instances are excluded. | The system automatically adds the CIDR blocks of DTS servers to the security group rules of the ECS instance. Make sure that the ECS instance can access the database. Note If your self-managed database is deployed on multiple ECS instances, you must manually add the CIDR blocks of DTS servers to the security group rules of each ECS instance. For more information, see Create a security group and Manage ECS instances in security groups. |
Public IP Address | Yes | You must manually add the CIDS blocks of DTS servers to the security settings of the database. For more information, see the Add CIDR blocks section of this topic. Note You must also make preparations before you configure a DTS instance. For more information, see Preparation overview. |
Express Connect, VPN Gateway, or Smart Access Gateway | ||
Cloud Enterprise Network (CEN) | ||
Database Gateway | Yes | You must manually add the IP addresses of all gateway nodes to the security settings of the database. Note
|
Names of IP address whitelists that are automatically created by DTS
When DTS attempts to connect to an Alibaba Cloud database instance, such as when you click Test Connectivity and Proceed in the DTS console, DTS automatically creates an IP address whitelist that includes the CIDR blocks of DTS servers for the database instance. The following table lists the Alibaba Cloud database instances for which DTS can automatically create IP address whitelists and the names of the whitelists.
The IP address whitelist that is automatically created for a database instance by DTS applies to only connections between DTS and the database instance. If you use the whitelist to control access from another service, the service may be interrupted.
The names of the IP address whitelists automatically created by DTS contain "dts" or "DTS".
Database instance | Access method | Whitelist or security group name |
| Alibaba Cloud Instance | rdsdts |
| dtspolardb | |
AnalyticDB for MySQL V3.0 cluster | dts_adb_v3 | |
AnalyticDB for PostgreSQL instance | dts | |
ApsaraDB for MongoDB instance | ddsdts | |
Tair (Redis OSS-Compatible) | dts_group | |
PolarDB-X 1.0 | drdsdts | |
PolarDB-X 2.0 | polardb_x_dts | |
ApsaraMQ for Kafka instance | dts_kafka | |
Elasticsearch cluster | dts_group | |
Lindorm instance | ali_dts_group | |
ApsaraDB for ClickHouse cluster | dts_clickhouse | |
ApsaraDB for SelectDB instance | dts_selectdb | |
ECS instance | Self-managed Database on ECS | SG-DTS-GROUP-**** |
Usage notes
If the source or destination database of a DTS instance is connected to DTS over Cloud Enterprise Network (CEN) or Express Connect, VPN Gateway, or Smart Access Gateway, you must add all the IP addresses and CIDR blocks of DTS servers to the following locations when you use DTS for the first time and receive DTS whitelist expansion notifications.
The IP addresses or CIDR blocks of CEN. For more information, see the "Enable access to a cloud service from a Basic Edition transit router" section of the Manage access to cloud services topic.
The local CIDR block of IPsec-VPN connections. For more information, see Create and manage IPsec-VPN connections in single-tunnel mode.
The IP address whitelist of on-premises databases.
If the source or destination database of a DTS instance is connected to DTS by using a Public IP Address, you must add all the IP addresses and CIDR blocks of DTS servers to the IP address whitelist of the database instance when you use DTS for the first time and receive DTS whitelist expansion notifications.
Make sure that the CIDR blocks and IP addresses are added to the network environment of the corresponding region for the DTS instance. Otherwise, after a disaster recovery of the DTS task, new devices may not be able to connect to the instance. As a result, task delays or interruptions occur.
If the CIDR blocks of DTS servers are automatically or manually added to the IP address whitelist of a database instance or the security group rules of an ECS instance, security risks may arise. Therefore, before you use DTS to migrate data, you must understand the potential risks and take preventive measures, including but not limited to the following measures: enhance the security of your account and password, limit the ports that are exposed, authenticate API calls, regularly check the whitelist or ECS security group rules and forbid unauthorized CIDR blocks, and connect the database to DTS by using Express Connect, VPN Gateway, or Smart Access Gateway.
DTS may add or delete the automatically created IP address whitelists or security groups based on business requirements and security risks. Do not use the IP address whitelists or the security groups to control access from another service. The service level agreement (SLA) of DTS does not cover the issues caused by applying the IP address whitelists or security groups to another service. For information about the names of IP address whitelists or security groups automatically created by DTS, see the Names of IP address whitelists that are automatically created by DTS of this section.
Add CIDR blocks
Procedure
Check whether the CIDR blocks of DTS servers must be manually added to the IP address whitelist of the source or destination database.
Access Method
Check the regions to which the CIDR blocks of DTS servers belong.
Task type
Database whose security settings you want to add CIDR blocks to
Region to which the CIDR blocks of DTS servers to be added to the database security settings belong
Data Synchronization
Source database
The regions in which the source and destination databases reside.
Destination database
The region in which the destination database resides.
Data migration
Source database
The region in which the destination database resides.
Destination database
The region in which the destination database resides.
Change tracking
Source database
The region in which the source database resides.
Data verification (separately configured)
Source database
The region in which the destination database resides.
Destination database
The region in which the destination database resides.
View the CIDR blocks to be added based on the name or ID of the region to which the database instance resides.
For more information about the CIDR blocks of DTS servers, see the CIDR blocks of DTS servers table of this topic.
Add the CIDR blocks of DTS servers to the security settings of the database instance.
Check the configurations in the database instance and make sure that DTS can access the instance.
If the database is a self-managed Kafka cluster and the
listeners
andadvertised.listeners
parameters are specified in the server.properties configuration file, make sure that DTS can connect to the Kafka cluster.If the database is a self-managed Redis database and the
bind
parameter is specified in the redis.conf configuration file, make sure that DTS can connect to the Redis database.
CIDR blocks of DTS servers
If an on-premises database is connected to DTS over Cloud Enterprise Network (CEN), Express Connect, VPN Gateway, or Smart Access Gateway, the CIDR block added to the database security settings is a subnet range of the 100.64.0.0/10 CIDR block of Alibaba Cloud.
If you do not update the whitelist of the self-managed database at the earliest opportunity when new DTS servers are added, DTS may fail to connect to the database. To resolve this issue, we recommend that you directly add 100.104.0.0/16 to the IP whitelist of a self-managed database that can be accessed over an internal network, such as the IP addresses or CIDR blocks of CEN.
Region name | ID | Access method | CIDR block |
China (Hangzhou) | cn-hangzhou | Express Connect, VPN Gateway, or Smart Access Gateway | 100.104.52.0/24,100.104.61.128/26,100.104.244.64/26,100.104.216.192/26,100.104.85.0/26,100.104.221.128/26,100.104.2.0/26,100.104.251.192/26,100.104.159.64/26,100.104.216.128/26,100.104.148.192/26,100.104.239.64/26,100.104.114.0/26,100.104.0.192/26,100.104.13.192/26,100.104.201.192/26,100.104.228.0/26 |
Cloud Enterprise Network (CEN) | |||
Public IP Address | 47.97.125.64,140.205.47.0/24,110.76.8.64/26,203.209.225.192/26,140.205.41.192/26,47.97.118.150,121.40.155.35,110.75.157.192/26,112.124.6.175,110.75.186.0/26,203.209.247.192/26,110.75.134.192/26,203.119.159.192/26,106.11.73.192/26,203.209.225.128/26,110.75.130.192/26,140.205.41.64/26,110.75.190.0/26,8.149.144.0/24,121.41.104.73,140.205.197.0/26,203.209.247.128/26,112.124.239.0/26,110.75.235.0/24,110.75.186.64/26,110.76.9.0/24,106.11.76.64/26,47.98.125.188,110.75.230.0/24,118.31.38.161,140.205.196.0/24,59.82.47.0/26,47.102.181.128/26,59.82.46.128/26,110.76.0.0/24,106.11.76.0/26,47.102.234.0/26,47.102.234.64/26,59.82.46.192/26,110.75.130.128/26,110.75.134.128/26,110.76.8.0/26,110.75.190.64/26,110.75.143.0/26,110.76.2.0/24,121.199.28.129,8.139.112.64/26,114.55.36.104,8.139.112.128/26,8.139.99.192/26,8.139.112.0/26,47.96.95.82,47.97.98.27,101.37.149.3,106.11.73.128/26,110.76.11.0/24,59.82.46.64/26,47.102.181.192/26,47.96.76.20 | ||
China (Shanghai) | cn-shanghai | Express Connect, VPN Gateway, or Smart Access Gateway | 100.104.205.0/24,100.104.226.128/26,100.104.149.64/26,100.104.241.128/26,100.104.177.128/26,100.104.203.192/26,100.104.113.0/26,100.104.187.0/26,100.104.17.0/26,100.104.33.192/26,100.104.3.192/26,100.104.107.0/26,100.104.29.192/26,100.104.187.192/26 |
Cloud Enterprise Network (CEN) | |||
Public IP Address | 140.205.47.0/24,110.76.8.64/26,203.209.225.192/26,140.205.41.192/26,139.196.49.138,117.185.235.0/26,117.185.235.64/26,110.75.134.192/26,140.205.198.64/26,106.11.73.192/26,203.209.225.128/26,110.75.130.192/26,8.132.215.64/26,8.149.144.0/24,8.132.215.0/26,106.11.251.128/26,110.75.235.0/24,47.103.194.109,110.76.9.0/24,106.11.76.64/26,59.82.32.0/24,106.11.224.0/24,117.185.224.0/24,140.205.196.0/24,59.82.47.0/26,47.102.181.128/26,59.82.46.128/26,110.76.0.0/24,47.103.170.128/26,101.132.174.63,47.103.171.0/26,101.226.35.64/26,47.102.234.64/26,47.103.23.116,110.75.130.128/26,101.226.33.0/26,110.75.134.128/26,112.65.93.0/26,101.132.223.204,47.100.160.244,47.103.166.128/26,110.75.190.64/26,8.132.214.192/26,110.75.143.0/26,8.139.112.64/26,8.139.112.128/26,140.205.197.128/26,47.103.166.64/26,47.103.171.64/26,106.11.254.128/26,106.11.73.128/26,59.82.46.64/26,139.196.52.31,101.91.139.192/26,116.128.219.64/26,112.65.93.64/26,116.128.219.128/26,101.133.205.192/26,110.75.157.192/26,110.75.186.0/26,8.132.215.128/26,203.209.247.192/26,203.119.159.192/26,117.185.232.128/26,140.205.41.64/26,110.75.190.0/26,47.103.166.192/26,140.205.197.0/26,101.226.33.128/26,203.209.247.128/26,140.205.197.192/26,110.75.186.64/26,47.103.197.53,106.15.75.203,106.15.248.89,110.75.230.0/24,47.103.170.0/26,117.185.232.192/26,210.51.60.64/26,106.11.76.0/26,101.91.141.64/26,101.91.141.128/26,47.102.234.0/26,47.101.109.0/24,59.82.46.192/26,106.11.254.192/26,106.11.251.192/26,110.76.8.0/26,140.205.198.0/26,101.226.33.64/26,47.103.170.192/26,110.76.2.0/24,112.65.93.128/26,101.91.141.0/26,8.139.99.192/26,8.139.112.0/26,140.206.221.64/26,116.128.219.0/26,110.76.11.0/24,47.102.181.192/26,47.100.137.82 | ||
China (Qingdao) | cn-qingdao | Express Connect, VPN Gateway, or Smart Access Gateway | 100.104.72.0/24,100.104.35.192/26,100.104.12.0/26,100.104.111.0/26,100.104.100.128/26,100.104.136.192/26,100.104.16.64/26,100.104.78.128/26 |
Cloud Enterprise Network (CEN) | |||
Public IP Address | 203.119.185.0/24,140.205.47.0/24,110.76.8.64/26,203.119.146.128/26,203.209.225.192/26,140.205.41.192/26,110.75.157.192/26,203.119.147.0/24,110.75.186.0/26,203.209.247.192/26,203.119.240.0/26,203.119.182.192/26,110.75.134.192/26,203.119.159.192/26,106.11.73.192/26,203.209.225.128/26,203.119.184.0/24,110.75.130.192/26,203.119.191.64/26,140.205.41.64/26,110.75.190.0/26,8.149.144.0/24,140.205.197.0/26,203.209.247.128/26,203.119.187.0/24,110.75.235.0/24,110.75.186.64/26,118.190.207.25,110.76.9.0/24,106.11.76.64/26,203.119.146.192/26,115.28.200.55,110.75.230.0/24,203.119.188.0/24,140.205.196.0/24,59.82.47.0/26,47.102.181.128/26,203.119.149.0/24,59.82.46.128/26,203.119.191.128/26,110.76.0.0/24,106.11.185.0/24,106.11.76.0/26,115.28.216.250,203.119.151.0/24,47.102.234.0/26,203.119.190.0/24,47.102.234.64/26,59.82.46.192/26,110.75.130.128/26,110.75.134.128/26,203.119.150.0/24,110.76.8.0/26,120.27.53.203,110.75.190.64/26,110.75.143.0/26,110.76.2.0/24,8.139.112.64/26,106.11.40.64/26,8.139.112.128/26,203.119.189.0/24,118.190.207.194,8.139.99.192/26,203.119.186.0/24,8.139.112.0/26,106.11.184.0/24,120.27.72.0/24,203.119.183.0/24,106.11.73.128/26,203.119.191.0/26,110.76.11.0/24,59.82.46.64/26,47.102.181.192/26,39.98.96.0/24,203.119.148.0/24 | ||
China (Beijing) | cn-beijing | Express Connect, VPN Gateway, or Smart Access Gateway | 100.104.11.64/26,100.104.128.192/26,100.104.143.0/26,100.104.183.0/24,100.104.200.64/26,100.104.201.0/26,100.104.213.64/26,100.104.227.192/26,100.104.232.128/26,100.104.236.128/26,100.104.247.64/26,100.104.29.0/26,100.104.84.128/26,100.104.237.64/26,100.104.6.0/26 |
Cloud Enterprise Network (CEN) | |||
Public IP Address | 140.205.47.0/24,60.205.157.204,110.76.8.64/26,123.56.186.180,203.209.225.192/26,140.205.41.192/26,101.200.141.67,112.126.112.0/26,112.126.112.64/26,110.75.157.192/26,111.206.225.64/26,110.75.186.0/26,203.209.247.192/26,49.7.153.0/24,110.75.134.192/26,203.119.159.192/26,106.11.73.192/26,203.209.225.128/26,123.57.238.231,110.75.130.192/26,182.92.137.0/24,60.205.243.19,140.205.41.64/26,110.75.190.0/26,8.149.144.0/24,140.205.197.0/26,123.56.244.9,203.209.247.128/26,101.200.20.0/26,110.75.235.0/24,110.75.186.64/26,111.13.119.128/26,110.76.9.0/24,60.205.112.5,106.11.76.64/26,101.200.116.192/26,182.92.32.128/26,123.57.136.105,112.126.111.128/26,110.75.230.0/24,39.156.175.0/24,60.205.165.226,39.107.7.64/26,39.107.7.0/26,182.92.196.155,49.7.152.0/24,140.205.196.0/24,59.82.47.0/26,47.102.181.128/26,60.205.166.109,111.206.225.128/26,59.82.46.128/26,114.250.54.64/26,110.76.0.0/24,106.11.76.0/26,47.94.2.56,111.13.119.192/26,59.110.38.253,47.102.234.0/26,39.105.58.165,47.93.21.67,47.102.234.64/26,59.82.46.192/26,114.250.54.0/26,110.75.130.128/26,182.92.17.192/26,110.75.134.128/26,182.92.157.129,114.250.62.0/24,111.13.22.64/26,111.13.246.192/26,110.76.8.0/26,182.92.32.192/26,110.75.190.64/26,110.75.143.0/26,110.76.2.0/24,101.200.72.175,8.139.112.64/26,8.139.112.128/26,39.107.223.0/24,8.139.99.192/26,8.139.112.0/26,182.92.17.128/26,8.131.132.0/26,112.126.111.192/26,106.11.73.128/26,110.76.11.0/24,59.82.46.64/26,47.102.181.192/26 | ||
China (Zhangjiakou) | cn-zhangbei | Express Connect, VPN Gateway, or Smart Access Gateway | 100.104.144.128/26,100.104.175.0/24,100.104.180.192/26,100.104.249.0/26,100.104.32.64/26,100.104.52.0/26,100.104.84.128/26,100.104.133.128/26,100.104.211.192/26 |
Cloud Enterprise Network (CEN) | |||
Public IP Address | 203.119.185.0/24,140.205.47.0/24,59.82.71.192/26,203.119.254.0/24,110.76.8.64/26,116.132.190.64/26,59.82.91.0/24,203.119.146.128/26,203.209.225.192/26,140.205.41.192/26,59.82.72.192/26,59.82.89.0/26,59.82.92.0/26,59.82.92.64/26,59.82.76.192/26,203.119.255.0/24,59.82.72.64/26,203.119.240.0/26,110.75.134.192/26,106.11.73.192/26,203.209.225.128/26,59.82.87.0/24,203.119.184.0/24,110.75.130.192/26,203.119.191.64/26,59.82.73.0/26,8.149.144.0/24,203.119.187.0/24,110.75.235.0/24,110.76.9.0/24,59.82.27.0/24,106.11.76.64/26,59.82.76.128/26,203.119.146.192/26,203.119.188.0/24,203.119.182.0/24,59.82.63.192/26,140.205.196.0/24,59.82.47.0/26,47.102.181.128/26,203.119.149.0/24,59.82.46.128/26,110.76.0.0/24,59.82.25.0/24,47.102.234.64/26,110.75.130.128/26,110.75.134.128/26,59.82.72.0/26,203.119.150.0/24,110.75.190.64/26,110.75.143.0/26,111.63.137.192/26,8.139.112.64/26,111.62.14.0/26,106.11.40.64/26,8.139.112.128/26,111.225.159.128/26,203.119.178.0/24,59.82.18.64/26,111.225.159.64/26,106.11.184.0/24,59.82.88.0/24,59.82.85.192/26,59.82.71.128/26,106.11.73.128/26,203.119.191.0/26,59.82.66.0/26,59.82.46.64/26,59.82.19.0/26,59.82.18.192/26,59.82.90.192/26,110.75.157.192/26,203.119.147.0/24,110.75.186.0/26,111.63.163.0/24,59.82.18.128/26,203.209.247.192/26,203.119.177.0/24,123.182.56.0/24,203.119.159.192/26,203.119.181.0/24,106.11.222.192/26,116.132.190.128/26,59.82.65.0/24,140.205.41.64/26,110.75.190.0/26,203.119.176.0/24,59.82.73.64/26,203.119.179.0/24,140.205.197.0/26,203.209.247.128/26,123.182.57.0/26,59.82.90.128/26,59.82.63.128/26,110.75.186.64/26,106.11.222.64/26,59.82.24.0/24,110.75.230.0/24,59.82.85.128/26,59.82.77.64/26,59.82.86.0/24,59.82.64.0/24,116.132.137.0/26,203.119.191.128/26,106.11.185.0/24,106.11.201.0/24,106.11.76.0/26,203.119.151.0/24,47.102.234.0/26,111.63.137.128/26,203.119.190.0/24,111.225.159.192/26,106.11.222.128/26,59.82.46.192/26,203.119.239.0/24,110.76.8.0/26,110.76.2.0/24,59.82.26.0/24,106.11.223.0/26,203.119.189.0/24,8.139.99.192/26,203.119.186.0/24,8.139.112.0/26,59.82.89.64/26,116.132.190.192/26,203.119.180.0/24,203.119.183.0/24,116.132.191.0/24,110.76.11.0/24,47.102.181.192/26,39.98.96.0/24,203.119.148.0/24,59.82.77.0/26,111.62.14.64/26,59.82.73.128/26,47.92.185.0/24,203.119.253.128/26,59.82.66.64/26 | ||
China (Hohhot) | cn-huhehaote | Express Connect, VPN Gateway, or Smart Access Gateway | 100.104.72.0/24,100.104.145.64/26,100.104.132.64/26,100.104.177.192/26,100.104.12.0/26,100.104.37.128/26,100.104.218.128/26,100.104.250.0/26,100.104.122.128/26,100.104.158.192/26 |
Cloud Enterprise Network (CEN) | |||
Public IP Address | 39.102.199.64/26,39.104.72.87,39.104.78.173,39.104.62.152,39.99.77.64/26,39.102.199.128/26,39.104.199.192/26,39.104.79.122,39.102.224.0/26,39.99.77.0/26,39.104.220.0/24,39.104.86.0,39.102.199.192/26,39.99.77.128/26 | ||
China (Ulanqab) | cn-wulanchabu | Express Connect, VPN Gateway, or Smart Access Gateway | 100.104.182.128/26,100.104.100.128/26,100.104.136.192/26,100.104.16.64/26,100.104.78.128/26,100.104.205.192/26,100.104.152.128/26,100.104.199.192/26,100.104.120.0/26 |
Cloud Enterprise Network (CEN) | |||
Public IP Address | 140.205.47.0/24,8.130.69.168,110.76.8.64/26,203.209.225.192/26,140.205.41.192/26,39.101.5.0/26,110.75.157.192/26,110.75.186.0/26,203.209.247.192/26,110.75.134.192/26,8.130.69.173,39.101.0.192/26,203.119.159.192/26,106.11.73.192/26,203.209.225.128/26,110.75.130.192/26,140.205.41.64/26,110.75.190.0/26,8.149.144.0/24,140.205.197.0/26,203.209.247.128/26,110.75.235.0/24,110.75.186.64/26,110.76.9.0/24,106.11.76.64/26,110.75.230.0/24,59.82.126.0/24,8.130.121.252,39.101.7.0/24,140.205.196.0/24,59.82.47.0/26,47.102.181.128/26,59.82.46.128/26,110.76.0.0/24,106.11.76.0/26,47.102.234.0/26,47.102.234.64/26,59.82.46.192/26,110.75.130.128/26,110.75.134.128/26,110.76.8.0/26,110.75.190.64/26,121.89.103.128/26,110.75.143.0/26,110.76.2.0/24,8.139.112.64/26,8.139.112.128/26,8.139.99.192/26,121.89.103.192/26,8.139.112.0/26,39.101.0.64/26,39.101.0.128/26,121.89.103.64/26,106.11.73.128/26,121.89.104.0/26,110.76.11.0/24,59.82.46.64/26,47.102.181.192/26,8.130.48.34,8.130.122.110 | ||
China (Shenzhen) | cn-shenzhen | Express Connect, VPN Gateway, or Smart Access Gateway | 100.104.75.64/26,100.104.235.192/26,100.104.205.0/24,100.104.41.64/26,100.104.171.128/26,100.104.161.192/26,100.104.172.192/26,100.104.168.0/26,100.104.160.128/26,100.104.179.128/26,100.104.98.192/26,100.104.168.128/26 |
Cloud Enterprise Network (CEN) | |||
Public IP Address | 140.205.47.0/24,110.76.8.64/26,203.209.225.192/26,140.205.41.192/26,47.112.84.0/26,47.120.88.0/26,110.75.157.192/26,110.75.186.0/26,203.209.247.192/26,47.120.88.64/26,110.75.134.192/26,203.119.159.192/26,106.11.73.192/26,203.209.225.128/26,120.78.179.12,47.112.83.192/26,110.75.130.192/26,140.205.41.64/26,110.75.190.0/26,120.79.68.184,120.77.61.108,8.149.144.0/24,120.77.195.192/26,140.205.197.0/26,203.209.247.128/26,110.75.235.0/24,120.77.195.64/26,110.75.186.64/26,110.76.9.0/24,106.11.76.64/26,110.75.230.0/24,120.77.195.128/26,47.112.86.0/26,140.205.196.0/24,59.82.47.0/26,47.102.181.128/26,59.82.46.128/26,47.115.161.93,110.76.0.0/24,47.113.183.192/26,106.11.76.0/26,47.102.234.0/26,47.102.234.64/26,47.112.84.128/26,59.82.46.192/26,110.75.130.128/26,110.75.134.128/26,110.76.8.0/26,110.75.190.64/26,110.75.143.0/26,110.76.2.0/24,47.113.183.128/26,8.139.112.64/26,8.139.112.128/26,120.24.177.221,8.139.99.192/26,112.74.44.248,8.139.112.0/26,47.112.84.64/26,47.113.76.192/26,120.79.71.173,106.11.73.128/26,47.106.63.0/24,110.76.11.0/24,59.82.46.64/26,47.102.181.192/26 | ||
China (Heyuan) | cn-heyuan | Express Connect, VPN Gateway, or Smart Access Gateway | 100.104.147.192/26,100.104.76.192/26,100.104.246.192/26,100.104.106.192/26,100.104.210.128/26,100.104.48.128/26 |
Cloud Enterprise Network (CEN) | |||
Public IP Address | 140.205.47.0/24,110.76.8.64/26,203.209.225.192/26,140.205.41.192/26,110.75.157.192/26,110.75.186.0/26,203.209.247.192/26,110.75.134.192/26,203.119.159.192/26,106.11.73.192/26,203.209.225.128/26,110.75.130.192/26,140.205.41.64/26,110.75.190.0/26,8.149.144.0/24,140.205.197.0/26,47.113.157.192/26,203.209.247.128/26,110.75.235.0/24,110.75.186.64/26,110.76.9.0/24,106.11.76.64/26,110.75.230.0/24,47.113.158.0/26,140.205.196.0/24,59.82.47.0/26,47.102.181.128/26,59.82.46.128/26,110.76.0.0/24,106.11.76.0/26,47.102.234.0/26,47.102.234.64/26,59.82.46.192/26,110.75.130.128/26,110.75.134.128/26,47.113.157.64/26,110.76.8.0/26,47.113.157.128/26,110.75.190.64/26,110.75.143.0/26,110.76.2.0/24,8.139.112.64/26,8.139.112.128/26,8.139.99.192/26,8.139.112.0/26,106.11.73.128/26,110.76.11.0/24,59.82.46.64/26,47.102.181.192/26 | ||
China (Guangzhou) | cn-guangzhou | Express Connect, VPN Gateway, or Smart Access Gateway | 100.104.132.64/26,100.104.240.128/26,100.104.122.128/26,100.104.233.0/26,100.104.166.64/26,100.104.100.128/26,100.104.136.192/26,100.104.16.64/26 |
Cloud Enterprise Network (CEN) | |||
Public IP Address | 140.205.47.0/24,110.76.8.64/26,203.209.225.192/26,140.205.41.192/26,110.75.157.192/26,110.75.186.0/26,203.209.247.192/26,8.134.79.141,110.75.134.192/26,8.134.79.143,203.119.159.192/26,106.11.73.192/26,203.209.225.128/26,110.75.130.192/26,140.205.41.64/26,110.75.190.0/26,8.149.144.0/24,8.134.0.64/26,140.205.197.0/26,203.209.247.128/26,110.75.235.0/24,110.75.186.64/26,110.76.9.0/24,106.11.76.64/26,8.134.0.192/26,110.75.230.0/24,8.134.0.128/26,140.205.196.0/24,59.82.47.0/26,47.102.181.128/26,59.82.46.128/26,110.76.0.0/24,106.11.76.0/26,47.102.234.0/26,47.102.234.64/26,59.82.46.192/26,110.75.130.128/26,110.75.134.128/26,110.76.8.0/26,110.75.190.64/26,110.75.143.0/26,110.76.2.0/24,8.139.112.64/26,8.139.112.128/26,8.139.99.192/26,8.139.112.0/26,106.11.73.128/26,110.76.11.0/24,59.82.46.64/26,47.102.181.192/26,8.134.5.0/26 | ||
China (Chengdu) | cn-chengdu | Express Connect, VPN Gateway, or Smart Access Gateway | 100.104.76.192/26,100.104.145.64/26,100.104.235.192/26,100.104.127.0/26,100.104.166.64/26,100.104.100.128/26,100.104.136.192/26,100.104.16.64/26,100.104.149.128/26,100.104.177.0/26 |
Cloud Enterprise Network (CEN) | |||
Public IP Address | 140.205.47.0/24,110.76.8.64/26,203.209.225.192/26,140.205.41.192/26,47.109.5.0/26,110.75.157.192/26,110.75.186.0/26,203.209.247.192/26,110.75.134.192/26,203.119.159.192/26,106.11.73.192/26,203.209.225.128/26,110.75.130.192/26,47.108.47.64/26,140.205.41.64/26,8.137.26.128/26,110.75.190.0/26,8.149.144.0/24,140.205.197.0/26,203.209.247.128/26,8.137.26.64/26,110.75.235.0/24,110.75.186.64/26,110.76.9.0/24,106.11.76.64/26,110.75.230.0/24,140.205.196.0/24,59.82.47.0/26,47.102.181.128/26,59.82.46.128/26,110.76.0.0/24,106.11.76.0/26,47.102.234.0/26,47.102.234.64/26,59.82.46.192/26,110.75.130.128/26,110.75.134.128/26,47.108.45.128/26,47.108.45.192/26,110.76.8.0/26,110.75.190.64/26,110.75.143.0/26,110.76.2.0/24,8.139.112.64/26,8.139.112.128/26,8.139.99.192/26,8.139.112.0/26,106.11.73.128/26,110.76.11.0/24,47.108.47.0/26,59.82.46.64/26,47.102.181.192/26,8.137.29.0/26,8.137.26.192/26 | ||
China (Hong Kong) | cn-hongkong | Express Connect, VPN Gateway, or Smart Access Gateway | 100.104.233.0/24,100.104.177.192/26,100.104.158.192/26,100.104.180.192/26,100.104.120.0/26,100.104.2.64/26,100.104.242.64/26,100.104.187.64/26,100.104.169.0/26 |
Cloud Enterprise Network (CEN) | |||
Public IP Address | 140.205.47.0/24,110.76.8.64/26,47.240.180.192/26,203.209.225.192/26,140.205.41.192/26,110.75.157.192/26,110.75.186.0/26,203.209.247.192/26,110.75.134.192/26,203.119.159.192/26,106.11.73.192/26,203.209.225.128/26,47.240.211.0/26,110.75.130.192/26,140.205.41.64/26,110.75.190.0/26,8.149.144.0/24,47.90.37.175,140.205.197.0/26,203.209.247.128/26,110.75.235.0/24,110.75.186.64/26,110.76.9.0/24,106.11.76.64/26,110.75.230.0/24,47.240.210.192/26,140.205.196.0/24,59.82.47.0/26,47.243.0.32/28,47.102.181.128/26,59.82.46.128/26,110.76.0.0/24,106.11.76.0/26,47.89.39.119,47.102.234.0/26,47.90.38.29,47.102.234.64/26,59.82.46.192/26,110.75.130.128/26,110.75.134.128/26,110.76.8.0/26,110.75.190.64/26,110.75.143.0/26,110.76.2.0/24,8.139.112.64/26,8.139.112.128/26,47.240.195.0/26,8.139.99.192/26,8.139.112.0/26,47.240.195.128/26,106.11.73.128/26,110.76.11.0/24,59.82.46.64/26,47.102.181.192/26,47.90.24.64/26,47.240.195.64/26,47.240.210.64/26,47.240.210.128/26 | ||
Singapore | ap-southeast-1 | Express Connect, VPN Gateway, or Smart Access Gateway | 100.104.188.0/24,100.104.207.128/26,100.104.12.0/26,100.104.179.64/26,100.104.41.64/26,100.104.59.64/26,100.104.91.64/26,100.104.111.64/26,100.104.44.0/26,100.104.238.64/26 |
Cloud Enterprise Network (CEN) | |||
Public IP Address | 47.88.233.0/24,161.117.146.192/26,161.117.164.64/26,161.117.164.0/26,161.117.172.0/28,47.74.206.0/24,161.117.146.128/26,47.102.181.128/26,47.102.181.192/26,47.102.234.64/26,47.102.234.0/26,8.139.112.64/26,8.139.112.0/26,8.139.112.128/26,8.139.99.192/26 | ||
Malaysia (Kuala Lumpur) | ap-southeast-3 | Express Connect, VPN Gateway, or Smart Access Gateway | 100.104.5.0/24,100.104.36.0/26,100.104.234.192/26,100.104.76.192/26,100.104.69.0/26,100.104.87.192/26,100.104.158.192/26,100.104.250.0/26 |
Cloud Enterprise Network (CEN) | |||
Public IP Address | 47.250.30.0/24,47.250.34.128/28,47.250.29.0/24 | ||
Indonesia (Jakarta) | ap-southeast-5 | Express Connect, VPN Gateway, or Smart Access Gateway | 100.104.175.0/24,100.104.35.192/26,100.104.235.192/26,100.104.12.0/26,100.104.111.0/26,100.104.158.192/26,100.104.37.128/26,100.104.218.128/26 |
Cloud Enterprise Network (CEN) | |||
Public IP Address | 8.215.147.0/28,147.139.132.101,149.129.230.192/26,147.139.156.64/26,147.139.165.206,147.139.133.46,147.139.179.168,147.139.156.0/26,147.139.156.128/26 | ||
Philippines (Manila) | ap-southeast-6 | Express Connect, VPN Gateway, or Smart Access Gateway | 100.104.153.64/26,100.104.76.192/26,100.104.246.192/26,100.104.158.192/26,100.104.37.128/26,100.104.218.128/26,100.104.250.0/26 |
Cloud Enterprise Network (CEN) | |||
Public IP Address | 8.212.137.0/26,8.212.136.192/26,8.212.136.128/26,8.212.136.64/26 | ||
Thailand (Bangkok) | ap-southeast-7 | Express Connect, VPN Gateway, or Smart Access Gateway | 100.104.150.192/26,100.104.75.64/26,100.104.132.64/26,100.104.177.192/26,100.104.12.0/26 |
Cloud Enterprise Network (CEN) | |||
Public IP Address | 8.213.163.0/26,8.213.162.64/26,8.213.162.128/26,8.213.162.192/26 | ||
Japan (Tokyo) | ap-northeast-1 | Express Connect, VPN Gateway, or Smart Access Gateway | 100.104.112.0/24,100.104.117.192/26,100.104.12.0/26,100.104.166.64/26,100.104.179.64/26,100.104.108.128/26,100.104.100.128/26,100.104.136.192/26 |
Cloud Enterprise Network (CEN) | |||
Public IP Address | 47.91.0.128/26,47.245.51.0/24,47.245.18.192/26,47.245.18.128/26,47.91.0.192/26,8.209.192.160/28 | ||
US (Silicon Valley) | us-west-1 | Express Connect, VPN Gateway, or Smart Access Gateway | 100.104.175.0/24,100.104.48.128/26,100.104.166.64/26,100.104.108.128/26,100.104.100.128/26,100.104.136.192/26,100.104.16.64/26,100.104.242.64/26 |
Cloud Enterprise Network (CEN) | |||
Public IP Address | 140.205.47.0/24,110.76.8.64/26,203.209.225.192/26,140.205.41.192/26,110.75.157.192/26,110.75.186.0/26,203.209.247.192/26,47.88.98.0/24,110.75.134.192/26,203.119.159.192/26,47.88.15.174,106.11.73.192/26,203.209.225.128/26,110.75.130.192/26,47.252.71.192/26,140.205.41.64/26,110.75.190.0/26,8.149.144.0/24,140.205.197.0/26,203.209.247.128/26,110.75.235.0/24,47.252.90.64/26,110.75.186.64/26,110.76.9.0/24,106.11.76.64/26,47.88.6.196,110.75.230.0/24,140.205.196.0/24,59.82.47.0/26,47.102.181.128/26,59.82.46.128/26,110.76.0.0/24,106.11.76.0/26,47.88.10.217,47.102.234.0/26,47.252.71.128/26,47.102.234.64/26,59.82.46.192/26,110.75.130.128/26,110.75.134.128/26,110.76.8.0/26,110.75.190.64/26,110.75.143.0/26,110.76.2.0/24,47.88.1.17,8.139.112.64/26,8.139.112.128/26,47.252.90.0/26,8.139.99.192/26,47.251.136.112/28,8.139.112.0/26,106.11.73.128/26,110.76.11.0/24,59.82.46.64/26,47.102.181.192/26 | ||
US (Virginia) | us-east-1 | Express Connect, VPN Gateway, or Smart Access Gateway | 100.104.233.0/24,100.104.240.128/26,100.104.132.64/26,100.104.177.192/26,100.104.12.0/26,100.104.111.0/26,100.104.122.128/26,100.104.87.192/26,100.104.179.64/26 |
Cloud Enterprise Network (CEN) | |||
Public IP Address | 140.205.47.0/24,110.76.8.64/26,203.209.225.192/26,140.205.41.192/26,110.75.157.192/26,110.75.186.0/26,203.209.247.192/26,47.88.98.0/24,47.250.29.0/24,110.75.134.192/26,203.119.159.192/26,106.11.73.192/26,203.209.225.128/26,110.75.130.192/26,140.205.41.64/26,47.253.64.0/28,110.75.190.0/26,8.149.144.0/24,140.205.197.0/26,203.209.247.128/26,110.75.235.0/24,110.75.186.64/26,110.76.9.0/24,106.11.76.64/26,110.75.230.0/24,140.205.196.0/24,59.82.47.0/26,47.102.181.128/26,59.82.46.128/26,110.76.0.0/24,106.11.76.0/26,47.102.234.0/26,47.102.234.64/26,59.82.46.192/26,47.252.91.0/24,110.75.130.128/26,110.75.134.128/26,110.76.8.0/26,110.75.190.64/26,110.75.143.0/26,110.76.2.0/24,8.139.112.64/26,8.139.112.128/26,8.139.99.192/26,8.139.112.0/26,106.11.73.128/26,110.76.11.0/24,59.82.46.64/26,47.102.181.192/26 | ||
Germany (Frankfurt) | eu-central-1 | Express Connect, VPN Gateway, or Smart Access Gateway | 100.104.5.0/24,100.104.193.128/26,100.104.161.64/26,100.104.89.128/26,100.104.177.0/26,100.104.224.0/26,100.104.92.128/26,100.104.62.64/26,100.104.216.192/26 |
Cloud Enterprise Network (CEN) | |||
Public IP Address | 8.209.86.0/26,47.254.165.128/26,47.245.155.0/28,47.254.165.64/26,47.254.165.192/26,47.254.180.0/24 | ||
UK (London) | eu-west-1 | Express Connect, VPN Gateway, or Smart Access Gateway | 100.104.133.64/26,100.104.207.128/26,100.104.87.192/26,100.104.145.64/26,100.104.235.192/26,100.104.75.64/26,100.104.132.64/26 |
Cloud Enterprise Network (CEN) | |||
Public IP Address | 8.208.72.0/24,8.208.73.0/24,8.208.75.64/28,47.88.98.0/24 | ||
UAE (Dubai) | me-east-1 | Express Connect, VPN Gateway, or Smart Access Gateway | 100.104.205.0/24,100.104.161.0/26,100.104.53.0/26,100.104.111.128/26,100.104.248.128/26 |
Cloud Enterprise Network (CEN) | |||
Public IP Address | 8.209.86.0/26,47.254.165.128/26,47.254.165.64/26,47.254.165.192/26 | ||
South Korea (Seoul) | ap-northeast-2 | Express Connect, VPN Gateway, or Smart Access Gateway | 100.104.119.128/26,100.104.153.64/26,100.104.76.192/26,100.104.246.192/26,100.104.106.192/26,100.104.210.128/26 |
Cloud Enterprise Network (CEN) | |||
Public IP Address | 149.129.14.128/26,149.129.13.64/26,149.129.14.192/26,149.129.13.0/26 | ||
SAU (Riyadh - Partner Region) | me-central-1 | Express Connect, VPN Gateway, or Smart Access Gateway | 100.104.106.192/26,100.104.145.64/26,100.104.210.128/26,100.104.48.128/26,100.104.69.0/26,100.104.76.192/26,100.104.87.192/26 |
Cloud Enterprise Network (CEN) | |||
Public IP Address | 8.213.0.192/26,8.213.5.0/26,8.213.16.59,8.213.16.111,8.213.16.123,8.213.16.17,8.213.16.91,8.213.5.64/26,8.213.6.0/24,8.213.0.128/26 |
What to do next
After a DTS task is complete or released, we recommend that you manually delete the CIDR blocks of DTS server from the database security settings to prevent DTS from accessing the database.
You must remove the IP address whitelists whose names contain
dts
from the IP address whitelists of Alibaba Cloud database instances.You must remove the security groups whose names contain
DTS
from the security groups of ECS instances.You must remove the CIDR blocks of DTS servers from the security settings of self-managed databases or databases hosted on third-party cloud platforms.