All Products
Search
Document Center

Data Transmission Service:Add the CIDR blocks of DTS servers

Last Updated:Nov 27, 2024

If you want to use Data Transmission Service (DTS) to transfer data and your source or destination database accepts connections only from specific IP addresses, you must configure the security settings of your database to allow access from DTS servers. For example, you must add the CIDR blocks of DTS servers to the security settings of your database, such as firewall, IP address whitelist, and security group.

Background information

Access methods

DTS supports the following six access methods:Alibaba Cloud Instance, Self-managed Database on ECS, Public IP Address, Express Connect, VPN Gateway, or Smart Access Gateway, Cloud Enterprise Network (CEN), and Database Gateway. The Access Method varies based on the task type, database type, and combination of the source and destination databases. The access methods displayed in the DTS console prevail.

You can select an Access Method to connect your database to DTS based on the database type.

Note

If the source or destination database of a data migration or change tracking instance is a self-managed database that resides in a region not supported by DTS, and you set Access Method to Public IP Address, you can select any region from the Instance Region drop-down list, and add the CIDR blocks of DTS servers to the security settings of your self-managed database. We recommend that you select the China (Hangzhou) region.

  • For Alibaba Cloud databases, such as ApsaraDB RDS for MySQL, PolarDB for MySQL, and ApsaraDB for MongoDB, we recommend that you set Access Method to Alibaba Cloud Instance to connect your database to DTS.

  • For self-managed databases that are deployed on Elastic Compute Service (ECS) instances, we recommend that you set Access Method to Self-managed Database on ECS.

  • For on-premises databases that are deployed in data centers, we recommend that you set Access Method to Public IP Address, Express Connect, VPN Gateway, or Smart Access Gateway, Cloud Enterprise Network (CEN), or Database Gateway based on your business requirements. We recommend that you enable public access for your on-premises database to accept access only from DTS servers, and set Access Method to Public IP Address to connect your database to DTS.

  • For third-party cloud databases, we recommend that you enable public access for your database and set Access Method to Public IP Address to connect your database to DTS.

Methods for adding the CIDR blocks of DTS servers

The CIDR blocks of DTS servers can be manually or automatically added. Whether you have to manually add the CIDR blocks depends on the Access Method parameter that is specified for the source or destination database.

Access method

Whether CIDR blocks must be manually added

Description

Alibaba Cloud Instance

No

Note

MaxCompute projects and ApsaraDB for OceanBase instances are excluded.

The system automatically adds the CIDR blocks of DTS servers to the whitelist of Alibaba Cloud database instances, excluding MaxCompute projects and ApsaraDB for OceanBase instances.

Note
  • You must manually add the CIDR blocks of DTS servers to the IP address whitelist of MaxCompute to allow DTS to access MaxCompute. For more information, see the Configure an IP address whitelist to allow access from Alibaba Cloud services to MaxCompute section of the Manage IP address whitelists topic.

  • You must manually add the CIDR blocks of DTS servers to the IP address whitelist of ApsaraDB for OceanBase to allow DTS to access ApsaraDB for OceanBase. The CIDS blocks to be added are the same as those for databases whose Access Method is Express Connect, VPN Gateway, or Smart Access Gateway. For more information, see Create a whitelist group and the CIDR blocks of DTS servers section of this topic.

Self-managed Database on ECS

No

Note

Databases that are hosted on multiple ECS instances are excluded.

The system automatically adds the CIDR blocks of DTS servers to the security group rules of the ECS instance. Make sure that the ECS instance can access the database.

Note

If your self-managed database is deployed on multiple ECS instances, you must manually add the CIDR blocks of DTS servers to the security group rules of each ECS instance. For more information, see Create a security group and Manage ECS instances in security groups.

Public IP Address

Yes

You must manually add the CIDS blocks of DTS servers to the security settings of the database. For more information, see the Add CIDR blocks section of this topic.

Note

You must also make preparations before you configure a DTS instance. For more information, see Preparation overview.

Express Connect, VPN Gateway, or Smart Access Gateway

Cloud Enterprise Network (CEN)

Database Gateway

Yes

You must manually add the IP addresses of all gateway nodes to the security settings of the database.

Note
  • To obtain the IP address of a gateway node, go to the Gateway details page of a database gateway. In the Gateway node cluster section, view the IP address of a gateway node in the Host column.

  • You must also make preparations before you configure a DTS instance. For more information, see Preparation overview.

Names of IP address whitelists that are automatically created by DTS

When DTS attempts to connect to an Alibaba Cloud database instance, such as when you click Test Connectivity and Proceed in the DTS console, DTS automatically creates an IP address whitelist that includes the CIDR blocks of DTS servers for the database instance. The following table lists the Alibaba Cloud database instances for which DTS can automatically create IP address whitelists and the names of the whitelists.

Important
  • The IP address whitelist that is automatically created for a database instance by DTS applies to only connections between DTS and the database instance. If you use the whitelist to control access from another service, the service may be interrupted.

  • The names of the IP address whitelists automatically created by DTS contain "dts" or "DTS".

Database instance

Access method

Whitelist or security group name

  • RDS MySQL

  • RDS PostgreSQL

  • RDS MariaDB

  • RDS SQL Server

Alibaba Cloud Instance

rdsdts

  • PolarDB for MySQL cluster

  • PolarDB for PostgreSQL cluster

  • PolarDB for PostgreSQL (Compatible with Oracle) cluster

dtspolardb

AnalyticDB for MySQL V3.0 cluster

dts_adb_v3

AnalyticDB for PostgreSQL instance

dts

ApsaraDB for MongoDB instance

ddsdts

Tair (Redis OSS-Compatible)

dts_group

PolarDB-X 1.0

drdsdts

PolarDB-X 2.0

polardb_x_dts

ApsaraMQ for Kafka instance

dts_kafka

Elasticsearch cluster

dts_group

Lindorm instance

ali_dts_group

ApsaraDB for ClickHouse cluster

dts_clickhouse

ApsaraDB for SelectDB instance

dts_selectdb

ECS instance

Self-managed Database on ECS

SG-DTS-GROUP-****

Usage notes

  • If the source or destination database of a DTS instance is connected to DTS over Cloud Enterprise Network (CEN) or Express Connect, VPN Gateway, or Smart Access Gateway, you must add all the IP addresses and CIDR blocks of DTS servers to the following locations when you use DTS for the first time and receive DTS whitelist expansion notifications.

  • If the source or destination database of a DTS instance is connected to DTS by using a Public IP Address, you must add all the IP addresses and CIDR blocks of DTS servers to the IP address whitelist of the database instance when you use DTS for the first time and receive DTS whitelist expansion notifications.

  • Make sure that the CIDR blocks and IP addresses are added to the network environment of the corresponding region for the DTS instance. Otherwise, after a disaster recovery of the DTS task, new devices may not be able to connect to the instance. As a result, task delays or interruptions occur.

  • If the CIDR blocks of DTS servers are automatically or manually added to the IP address whitelist of a database instance or the security group rules of an ECS instance, security risks may arise. Therefore, before you use DTS to migrate data, you must understand the potential risks and take preventive measures, including but not limited to the following measures: enhance the security of your account and password, limit the ports that are exposed, authenticate API calls, regularly check the whitelist or ECS security group rules and forbid unauthorized CIDR blocks, and connect the database to DTS by using Express Connect, VPN Gateway, or Smart Access Gateway.

  • DTS may add or delete the automatically created IP address whitelists or security groups based on business requirements and security risks. Do not use the IP address whitelists or the security groups to control access from another service. The service level agreement (SLA) of DTS does not cover the issues caused by applying the IP address whitelists or security groups to another service. For information about the names of IP address whitelists or security groups automatically created by DTS, see the Names of IP address whitelists that are automatically created by DTS of this section.

Add CIDR blocks

Procedure

  1. Check whether the CIDR blocks of DTS servers must be manually added to the IP address whitelist of the source or destination database.

    Access Method

  2. Check the regions to which the CIDR blocks of DTS servers belong.

    Task type

    Database whose security settings you want to add CIDR blocks to

    Region to which the CIDR blocks of DTS servers to be added to the database security settings belong

    Data Synchronization

    Source database

    The regions in which the source and destination databases reside.

    Destination database

    The region in which the destination database resides.

    Data migration

    Source database

    The region in which the destination database resides.

    Destination database

    The region in which the destination database resides.

    Change tracking

    Source database

    The region in which the source database resides.

    Data verification (separately configured)

    Source database

    The region in which the destination database resides.

    Destination database

    The region in which the destination database resides.

  3. View the CIDR blocks to be added based on the name or ID of the region to which the database instance resides.

    For more information about the CIDR blocks of DTS servers, see the CIDR blocks of DTS servers table of this topic.

  4. Add the CIDR blocks of DTS servers to the security settings of the database instance.

  5. Check the configurations in the database instance and make sure that DTS can access the instance.

    • If the database is a self-managed Kafka cluster and the listeners and advertised.listeners parameters are specified in the server.properties configuration file, make sure that DTS can connect to the Kafka cluster.

    • If the database is a self-managed Redis database and the bind parameter is specified in the redis.conf configuration file, make sure that DTS can connect to the Redis database.

CIDR blocks of DTS servers

Note
  • If an on-premises database is connected to DTS over Cloud Enterprise Network (CEN), Express Connect, VPN Gateway, or Smart Access Gateway, the CIDR block added to the database security settings is a subnet range of the 100.64.0.0/10 CIDR block of Alibaba Cloud.

  • If you do not update the whitelist of the self-managed database at the earliest opportunity when new DTS servers are added, DTS may fail to connect to the database. To resolve this issue, we recommend that you directly add 100.104.0.0/16 to the IP whitelist of a self-managed database that can be accessed over an internal network, such as the IP addresses or CIDR blocks of CEN.

Region name

ID

Access method

CIDR block

China (Hangzhou)

cn-hangzhou

Express Connect, VPN Gateway, or Smart Access Gateway

100.104.52.0/24,100.104.61.128/26,100.104.244.64/26,100.104.216.192/26,100.104.85.0/26,100.104.221.128/26,100.104.2.0/26,100.104.251.192/26,100.104.159.64/26,100.104.216.128/26,100.104.148.192/26,100.104.239.64/26,100.104.114.0/26,100.104.0.192/26,100.104.13.192/26,100.104.201.192/26,100.104.228.0/26

Cloud Enterprise Network (CEN)

Public IP Address

47.97.125.64,140.205.47.0/24,110.76.8.64/26,203.209.225.192/26,140.205.41.192/26,47.97.118.150,121.40.155.35,110.75.157.192/26,112.124.6.175,110.75.186.0/26,203.209.247.192/26,110.75.134.192/26,203.119.159.192/26,106.11.73.192/26,203.209.225.128/26,110.75.130.192/26,140.205.41.64/26,110.75.190.0/26,8.149.144.0/24,121.41.104.73,140.205.197.0/26,203.209.247.128/26,112.124.239.0/26,110.75.235.0/24,110.75.186.64/26,110.76.9.0/24,106.11.76.64/26,47.98.125.188,110.75.230.0/24,118.31.38.161,140.205.196.0/24,59.82.47.0/26,47.102.181.128/26,59.82.46.128/26,110.76.0.0/24,106.11.76.0/26,47.102.234.0/26,47.102.234.64/26,59.82.46.192/26,110.75.130.128/26,110.75.134.128/26,110.76.8.0/26,110.75.190.64/26,110.75.143.0/26,110.76.2.0/24,121.199.28.129,8.139.112.64/26,114.55.36.104,8.139.112.128/26,8.139.99.192/26,8.139.112.0/26,47.96.95.82,47.97.98.27,101.37.149.3,106.11.73.128/26,110.76.11.0/24,59.82.46.64/26,47.102.181.192/26,47.96.76.20

China (Shanghai)

cn-shanghai

Express Connect, VPN Gateway, or Smart Access Gateway

100.104.205.0/24,100.104.226.128/26,100.104.149.64/26,100.104.241.128/26,100.104.177.128/26,100.104.203.192/26,100.104.113.0/26,100.104.187.0/26,100.104.17.0/26,100.104.33.192/26,100.104.3.192/26,100.104.107.0/26,100.104.29.192/26,100.104.187.192/26

Cloud Enterprise Network (CEN)

Public IP Address

140.205.47.0/24,110.76.8.64/26,203.209.225.192/26,140.205.41.192/26,139.196.49.138,117.185.235.0/26,117.185.235.64/26,110.75.134.192/26,140.205.198.64/26,106.11.73.192/26,203.209.225.128/26,110.75.130.192/26,8.132.215.64/26,8.149.144.0/24,8.132.215.0/26,106.11.251.128/26,110.75.235.0/24,47.103.194.109,110.76.9.0/24,106.11.76.64/26,59.82.32.0/24,106.11.224.0/24,117.185.224.0/24,140.205.196.0/24,59.82.47.0/26,47.102.181.128/26,59.82.46.128/26,110.76.0.0/24,47.103.170.128/26,101.132.174.63,47.103.171.0/26,101.226.35.64/26,47.102.234.64/26,47.103.23.116,110.75.130.128/26,101.226.33.0/26,110.75.134.128/26,112.65.93.0/26,101.132.223.204,47.100.160.244,47.103.166.128/26,110.75.190.64/26,8.132.214.192/26,110.75.143.0/26,8.139.112.64/26,8.139.112.128/26,140.205.197.128/26,47.103.166.64/26,47.103.171.64/26,106.11.254.128/26,106.11.73.128/26,59.82.46.64/26,139.196.52.31,101.91.139.192/26,116.128.219.64/26,112.65.93.64/26,116.128.219.128/26,101.133.205.192/26,110.75.157.192/26,110.75.186.0/26,8.132.215.128/26,203.209.247.192/26,203.119.159.192/26,117.185.232.128/26,140.205.41.64/26,110.75.190.0/26,47.103.166.192/26,140.205.197.0/26,101.226.33.128/26,203.209.247.128/26,140.205.197.192/26,110.75.186.64/26,47.103.197.53,106.15.75.203,106.15.248.89,110.75.230.0/24,47.103.170.0/26,117.185.232.192/26,210.51.60.64/26,106.11.76.0/26,101.91.141.64/26,101.91.141.128/26,47.102.234.0/26,47.101.109.0/24,59.82.46.192/26,106.11.254.192/26,106.11.251.192/26,110.76.8.0/26,140.205.198.0/26,101.226.33.64/26,47.103.170.192/26,110.76.2.0/24,112.65.93.128/26,101.91.141.0/26,8.139.99.192/26,8.139.112.0/26,140.206.221.64/26,116.128.219.0/26,110.76.11.0/24,47.102.181.192/26,47.100.137.82

China (Qingdao)

cn-qingdao

Express Connect, VPN Gateway, or Smart Access Gateway

100.104.72.0/24,100.104.35.192/26,100.104.12.0/26,100.104.111.0/26,100.104.100.128/26,100.104.136.192/26,100.104.16.64/26,100.104.78.128/26

Cloud Enterprise Network (CEN)

Public IP Address

203.119.185.0/24,140.205.47.0/24,110.76.8.64/26,203.119.146.128/26,203.209.225.192/26,140.205.41.192/26,110.75.157.192/26,203.119.147.0/24,110.75.186.0/26,203.209.247.192/26,203.119.240.0/26,203.119.182.192/26,110.75.134.192/26,203.119.159.192/26,106.11.73.192/26,203.209.225.128/26,203.119.184.0/24,110.75.130.192/26,203.119.191.64/26,140.205.41.64/26,110.75.190.0/26,8.149.144.0/24,140.205.197.0/26,203.209.247.128/26,203.119.187.0/24,110.75.235.0/24,110.75.186.64/26,118.190.207.25,110.76.9.0/24,106.11.76.64/26,203.119.146.192/26,115.28.200.55,110.75.230.0/24,203.119.188.0/24,140.205.196.0/24,59.82.47.0/26,47.102.181.128/26,203.119.149.0/24,59.82.46.128/26,203.119.191.128/26,110.76.0.0/24,106.11.185.0/24,106.11.76.0/26,115.28.216.250,203.119.151.0/24,47.102.234.0/26,203.119.190.0/24,47.102.234.64/26,59.82.46.192/26,110.75.130.128/26,110.75.134.128/26,203.119.150.0/24,110.76.8.0/26,120.27.53.203,110.75.190.64/26,110.75.143.0/26,110.76.2.0/24,8.139.112.64/26,106.11.40.64/26,8.139.112.128/26,203.119.189.0/24,118.190.207.194,8.139.99.192/26,203.119.186.0/24,8.139.112.0/26,106.11.184.0/24,120.27.72.0/24,203.119.183.0/24,106.11.73.128/26,203.119.191.0/26,110.76.11.0/24,59.82.46.64/26,47.102.181.192/26,39.98.96.0/24,203.119.148.0/24

China (Beijing)

cn-beijing

Express Connect, VPN Gateway, or Smart Access Gateway

100.104.11.64/26,100.104.128.192/26,100.104.143.0/26,100.104.183.0/24,100.104.200.64/26,100.104.201.0/26,100.104.213.64/26,100.104.227.192/26,100.104.232.128/26,100.104.236.128/26,100.104.247.64/26,100.104.29.0/26,100.104.84.128/26,100.104.237.64/26,100.104.6.0/26

Cloud Enterprise Network (CEN)

Public IP Address

140.205.47.0/24,60.205.157.204,110.76.8.64/26,123.56.186.180,203.209.225.192/26,140.205.41.192/26,101.200.141.67,112.126.112.0/26,112.126.112.64/26,110.75.157.192/26,111.206.225.64/26,110.75.186.0/26,203.209.247.192/26,49.7.153.0/24,110.75.134.192/26,203.119.159.192/26,106.11.73.192/26,203.209.225.128/26,123.57.238.231,110.75.130.192/26,182.92.137.0/24,60.205.243.19,140.205.41.64/26,110.75.190.0/26,8.149.144.0/24,140.205.197.0/26,123.56.244.9,203.209.247.128/26,101.200.20.0/26,110.75.235.0/24,110.75.186.64/26,111.13.119.128/26,110.76.9.0/24,60.205.112.5,106.11.76.64/26,101.200.116.192/26,182.92.32.128/26,123.57.136.105,112.126.111.128/26,110.75.230.0/24,39.156.175.0/24,60.205.165.226,39.107.7.64/26,39.107.7.0/26,182.92.196.155,49.7.152.0/24,140.205.196.0/24,59.82.47.0/26,47.102.181.128/26,60.205.166.109,111.206.225.128/26,59.82.46.128/26,114.250.54.64/26,110.76.0.0/24,106.11.76.0/26,47.94.2.56,111.13.119.192/26,59.110.38.253,47.102.234.0/26,39.105.58.165,47.93.21.67,47.102.234.64/26,59.82.46.192/26,114.250.54.0/26,110.75.130.128/26,182.92.17.192/26,110.75.134.128/26,182.92.157.129,114.250.62.0/24,111.13.22.64/26,111.13.246.192/26,110.76.8.0/26,182.92.32.192/26,110.75.190.64/26,110.75.143.0/26,110.76.2.0/24,101.200.72.175,8.139.112.64/26,8.139.112.128/26,39.107.223.0/24,8.139.99.192/26,8.139.112.0/26,182.92.17.128/26,8.131.132.0/26,112.126.111.192/26,106.11.73.128/26,110.76.11.0/24,59.82.46.64/26,47.102.181.192/26

China (Zhangjiakou)

cn-zhangbei

Express Connect, VPN Gateway, or Smart Access Gateway

100.104.144.128/26,100.104.175.0/24,100.104.180.192/26,100.104.249.0/26,100.104.32.64/26,100.104.52.0/26,100.104.84.128/26,100.104.133.128/26,100.104.211.192/26

Cloud Enterprise Network (CEN)

Public IP Address

203.119.185.0/24,140.205.47.0/24,59.82.71.192/26,203.119.254.0/24,110.76.8.64/26,116.132.190.64/26,59.82.91.0/24,203.119.146.128/26,203.209.225.192/26,140.205.41.192/26,59.82.72.192/26,59.82.89.0/26,59.82.92.0/26,59.82.92.64/26,59.82.76.192/26,203.119.255.0/24,59.82.72.64/26,203.119.240.0/26,110.75.134.192/26,106.11.73.192/26,203.209.225.128/26,59.82.87.0/24,203.119.184.0/24,110.75.130.192/26,203.119.191.64/26,59.82.73.0/26,8.149.144.0/24,203.119.187.0/24,110.75.235.0/24,110.76.9.0/24,59.82.27.0/24,106.11.76.64/26,59.82.76.128/26,203.119.146.192/26,203.119.188.0/24,203.119.182.0/24,59.82.63.192/26,140.205.196.0/24,59.82.47.0/26,47.102.181.128/26,203.119.149.0/24,59.82.46.128/26,110.76.0.0/24,59.82.25.0/24,47.102.234.64/26,110.75.130.128/26,110.75.134.128/26,59.82.72.0/26,203.119.150.0/24,110.75.190.64/26,110.75.143.0/26,111.63.137.192/26,8.139.112.64/26,111.62.14.0/26,106.11.40.64/26,8.139.112.128/26,111.225.159.128/26,203.119.178.0/24,59.82.18.64/26,111.225.159.64/26,106.11.184.0/24,59.82.88.0/24,59.82.85.192/26,59.82.71.128/26,106.11.73.128/26,203.119.191.0/26,59.82.66.0/26,59.82.46.64/26,59.82.19.0/26,59.82.18.192/26,59.82.90.192/26,110.75.157.192/26,203.119.147.0/24,110.75.186.0/26,111.63.163.0/24,59.82.18.128/26,203.209.247.192/26,203.119.177.0/24,123.182.56.0/24,203.119.159.192/26,203.119.181.0/24,106.11.222.192/26,116.132.190.128/26,59.82.65.0/24,140.205.41.64/26,110.75.190.0/26,203.119.176.0/24,59.82.73.64/26,203.119.179.0/24,140.205.197.0/26,203.209.247.128/26,123.182.57.0/26,59.82.90.128/26,59.82.63.128/26,110.75.186.64/26,106.11.222.64/26,59.82.24.0/24,110.75.230.0/24,59.82.85.128/26,59.82.77.64/26,59.82.86.0/24,59.82.64.0/24,116.132.137.0/26,203.119.191.128/26,106.11.185.0/24,106.11.201.0/24,106.11.76.0/26,203.119.151.0/24,47.102.234.0/26,111.63.137.128/26,203.119.190.0/24,111.225.159.192/26,106.11.222.128/26,59.82.46.192/26,203.119.239.0/24,110.76.8.0/26,110.76.2.0/24,59.82.26.0/24,106.11.223.0/26,203.119.189.0/24,8.139.99.192/26,203.119.186.0/24,8.139.112.0/26,59.82.89.64/26,116.132.190.192/26,203.119.180.0/24,203.119.183.0/24,116.132.191.0/24,110.76.11.0/24,47.102.181.192/26,39.98.96.0/24,203.119.148.0/24,59.82.77.0/26,111.62.14.64/26,59.82.73.128/26,47.92.185.0/24,203.119.253.128/26,59.82.66.64/26

China (Hohhot)

cn-huhehaote

Express Connect, VPN Gateway, or Smart Access Gateway

100.104.72.0/24,100.104.145.64/26,100.104.132.64/26,100.104.177.192/26,100.104.12.0/26,100.104.37.128/26,100.104.218.128/26,100.104.250.0/26,100.104.122.128/26,100.104.158.192/26

Cloud Enterprise Network (CEN)

Public IP Address

39.102.199.64/26,39.104.72.87,39.104.78.173,39.104.62.152,39.99.77.64/26,39.102.199.128/26,39.104.199.192/26,39.104.79.122,39.102.224.0/26,39.99.77.0/26,39.104.220.0/24,39.104.86.0,39.102.199.192/26,39.99.77.128/26

China (Ulanqab)

cn-wulanchabu

Express Connect, VPN Gateway, or Smart Access Gateway

100.104.182.128/26,100.104.100.128/26,100.104.136.192/26,100.104.16.64/26,100.104.78.128/26,100.104.205.192/26,100.104.152.128/26,100.104.199.192/26,100.104.120.0/26

Cloud Enterprise Network (CEN)

Public IP Address

140.205.47.0/24,8.130.69.168,110.76.8.64/26,203.209.225.192/26,140.205.41.192/26,39.101.5.0/26,110.75.157.192/26,110.75.186.0/26,203.209.247.192/26,110.75.134.192/26,8.130.69.173,39.101.0.192/26,203.119.159.192/26,106.11.73.192/26,203.209.225.128/26,110.75.130.192/26,140.205.41.64/26,110.75.190.0/26,8.149.144.0/24,140.205.197.0/26,203.209.247.128/26,110.75.235.0/24,110.75.186.64/26,110.76.9.0/24,106.11.76.64/26,110.75.230.0/24,59.82.126.0/24,8.130.121.252,39.101.7.0/24,140.205.196.0/24,59.82.47.0/26,47.102.181.128/26,59.82.46.128/26,110.76.0.0/24,106.11.76.0/26,47.102.234.0/26,47.102.234.64/26,59.82.46.192/26,110.75.130.128/26,110.75.134.128/26,110.76.8.0/26,110.75.190.64/26,121.89.103.128/26,110.75.143.0/26,110.76.2.0/24,8.139.112.64/26,8.139.112.128/26,8.139.99.192/26,121.89.103.192/26,8.139.112.0/26,39.101.0.64/26,39.101.0.128/26,121.89.103.64/26,106.11.73.128/26,121.89.104.0/26,110.76.11.0/24,59.82.46.64/26,47.102.181.192/26,8.130.48.34,8.130.122.110

China (Shenzhen)

cn-shenzhen

Express Connect, VPN Gateway, or Smart Access Gateway

100.104.75.64/26,100.104.235.192/26,100.104.205.0/24,100.104.41.64/26,100.104.171.128/26,100.104.161.192/26,100.104.172.192/26,100.104.168.0/26,100.104.160.128/26,100.104.179.128/26,100.104.98.192/26,100.104.168.128/26

Cloud Enterprise Network (CEN)

Public IP Address

140.205.47.0/24,110.76.8.64/26,203.209.225.192/26,140.205.41.192/26,47.112.84.0/26,47.120.88.0/26,110.75.157.192/26,110.75.186.0/26,203.209.247.192/26,47.120.88.64/26,110.75.134.192/26,203.119.159.192/26,106.11.73.192/26,203.209.225.128/26,120.78.179.12,47.112.83.192/26,110.75.130.192/26,140.205.41.64/26,110.75.190.0/26,120.79.68.184,120.77.61.108,8.149.144.0/24,120.77.195.192/26,140.205.197.0/26,203.209.247.128/26,110.75.235.0/24,120.77.195.64/26,110.75.186.64/26,110.76.9.0/24,106.11.76.64/26,110.75.230.0/24,120.77.195.128/26,47.112.86.0/26,140.205.196.0/24,59.82.47.0/26,47.102.181.128/26,59.82.46.128/26,47.115.161.93,110.76.0.0/24,47.113.183.192/26,106.11.76.0/26,47.102.234.0/26,47.102.234.64/26,47.112.84.128/26,59.82.46.192/26,110.75.130.128/26,110.75.134.128/26,110.76.8.0/26,110.75.190.64/26,110.75.143.0/26,110.76.2.0/24,47.113.183.128/26,8.139.112.64/26,8.139.112.128/26,120.24.177.221,8.139.99.192/26,112.74.44.248,8.139.112.0/26,47.112.84.64/26,47.113.76.192/26,120.79.71.173,106.11.73.128/26,47.106.63.0/24,110.76.11.0/24,59.82.46.64/26,47.102.181.192/26

China (Heyuan)

cn-heyuan

Express Connect, VPN Gateway, or Smart Access Gateway

100.104.147.192/26,100.104.76.192/26,100.104.246.192/26,100.104.106.192/26,100.104.210.128/26,100.104.48.128/26

Cloud Enterprise Network (CEN)

Public IP Address

140.205.47.0/24,110.76.8.64/26,203.209.225.192/26,140.205.41.192/26,110.75.157.192/26,110.75.186.0/26,203.209.247.192/26,110.75.134.192/26,203.119.159.192/26,106.11.73.192/26,203.209.225.128/26,110.75.130.192/26,140.205.41.64/26,110.75.190.0/26,8.149.144.0/24,140.205.197.0/26,47.113.157.192/26,203.209.247.128/26,110.75.235.0/24,110.75.186.64/26,110.76.9.0/24,106.11.76.64/26,110.75.230.0/24,47.113.158.0/26,140.205.196.0/24,59.82.47.0/26,47.102.181.128/26,59.82.46.128/26,110.76.0.0/24,106.11.76.0/26,47.102.234.0/26,47.102.234.64/26,59.82.46.192/26,110.75.130.128/26,110.75.134.128/26,47.113.157.64/26,110.76.8.0/26,47.113.157.128/26,110.75.190.64/26,110.75.143.0/26,110.76.2.0/24,8.139.112.64/26,8.139.112.128/26,8.139.99.192/26,8.139.112.0/26,106.11.73.128/26,110.76.11.0/24,59.82.46.64/26,47.102.181.192/26

China (Guangzhou)

cn-guangzhou

Express Connect, VPN Gateway, or Smart Access Gateway

100.104.132.64/26,100.104.240.128/26,100.104.122.128/26,100.104.233.0/26,100.104.166.64/26,100.104.100.128/26,100.104.136.192/26,100.104.16.64/26

Cloud Enterprise Network (CEN)

Public IP Address

140.205.47.0/24,110.76.8.64/26,203.209.225.192/26,140.205.41.192/26,110.75.157.192/26,110.75.186.0/26,203.209.247.192/26,8.134.79.141,110.75.134.192/26,8.134.79.143,203.119.159.192/26,106.11.73.192/26,203.209.225.128/26,110.75.130.192/26,140.205.41.64/26,110.75.190.0/26,8.149.144.0/24,8.134.0.64/26,140.205.197.0/26,203.209.247.128/26,110.75.235.0/24,110.75.186.64/26,110.76.9.0/24,106.11.76.64/26,8.134.0.192/26,110.75.230.0/24,8.134.0.128/26,140.205.196.0/24,59.82.47.0/26,47.102.181.128/26,59.82.46.128/26,110.76.0.0/24,106.11.76.0/26,47.102.234.0/26,47.102.234.64/26,59.82.46.192/26,110.75.130.128/26,110.75.134.128/26,110.76.8.0/26,110.75.190.64/26,110.75.143.0/26,110.76.2.0/24,8.139.112.64/26,8.139.112.128/26,8.139.99.192/26,8.139.112.0/26,106.11.73.128/26,110.76.11.0/24,59.82.46.64/26,47.102.181.192/26,8.134.5.0/26

China (Chengdu)

cn-chengdu

Express Connect, VPN Gateway, or Smart Access Gateway

100.104.76.192/26,100.104.145.64/26,100.104.235.192/26,100.104.127.0/26,100.104.166.64/26,100.104.100.128/26,100.104.136.192/26,100.104.16.64/26,100.104.149.128/26,100.104.177.0/26

Cloud Enterprise Network (CEN)

Public IP Address

140.205.47.0/24,110.76.8.64/26,203.209.225.192/26,140.205.41.192/26,47.109.5.0/26,110.75.157.192/26,110.75.186.0/26,203.209.247.192/26,110.75.134.192/26,203.119.159.192/26,106.11.73.192/26,203.209.225.128/26,110.75.130.192/26,47.108.47.64/26,140.205.41.64/26,8.137.26.128/26,110.75.190.0/26,8.149.144.0/24,140.205.197.0/26,203.209.247.128/26,8.137.26.64/26,110.75.235.0/24,110.75.186.64/26,110.76.9.0/24,106.11.76.64/26,110.75.230.0/24,140.205.196.0/24,59.82.47.0/26,47.102.181.128/26,59.82.46.128/26,110.76.0.0/24,106.11.76.0/26,47.102.234.0/26,47.102.234.64/26,59.82.46.192/26,110.75.130.128/26,110.75.134.128/26,47.108.45.128/26,47.108.45.192/26,110.76.8.0/26,110.75.190.64/26,110.75.143.0/26,110.76.2.0/24,8.139.112.64/26,8.139.112.128/26,8.139.99.192/26,8.139.112.0/26,106.11.73.128/26,110.76.11.0/24,47.108.47.0/26,59.82.46.64/26,47.102.181.192/26,8.137.29.0/26,8.137.26.192/26

China (Hong Kong)

cn-hongkong

Express Connect, VPN Gateway, or Smart Access Gateway

100.104.233.0/24,100.104.177.192/26,100.104.158.192/26,100.104.180.192/26,100.104.120.0/26,100.104.2.64/26,100.104.242.64/26,100.104.187.64/26,100.104.169.0/26

Cloud Enterprise Network (CEN)

Public IP Address

140.205.47.0/24,110.76.8.64/26,47.240.180.192/26,203.209.225.192/26,140.205.41.192/26,110.75.157.192/26,110.75.186.0/26,203.209.247.192/26,110.75.134.192/26,203.119.159.192/26,106.11.73.192/26,203.209.225.128/26,47.240.211.0/26,110.75.130.192/26,140.205.41.64/26,110.75.190.0/26,8.149.144.0/24,47.90.37.175,140.205.197.0/26,203.209.247.128/26,110.75.235.0/24,110.75.186.64/26,110.76.9.0/24,106.11.76.64/26,110.75.230.0/24,47.240.210.192/26,140.205.196.0/24,59.82.47.0/26,47.243.0.32/28,47.102.181.128/26,59.82.46.128/26,110.76.0.0/24,106.11.76.0/26,47.89.39.119,47.102.234.0/26,47.90.38.29,47.102.234.64/26,59.82.46.192/26,110.75.130.128/26,110.75.134.128/26,110.76.8.0/26,110.75.190.64/26,110.75.143.0/26,110.76.2.0/24,8.139.112.64/26,8.139.112.128/26,47.240.195.0/26,8.139.99.192/26,8.139.112.0/26,47.240.195.128/26,106.11.73.128/26,110.76.11.0/24,59.82.46.64/26,47.102.181.192/26,47.90.24.64/26,47.240.195.64/26,47.240.210.64/26,47.240.210.128/26

Singapore

ap-southeast-1

Express Connect, VPN Gateway, or Smart Access Gateway

100.104.188.0/24,100.104.207.128/26,100.104.12.0/26,100.104.179.64/26,100.104.41.64/26,100.104.59.64/26,100.104.91.64/26,100.104.111.64/26,100.104.44.0/26,100.104.238.64/26

Cloud Enterprise Network (CEN)

Public IP Address

47.88.233.0/24,161.117.146.192/26,161.117.164.64/26,161.117.164.0/26,161.117.172.0/28,47.74.206.0/24,161.117.146.128/26,47.102.181.128/26,47.102.181.192/26,47.102.234.64/26,47.102.234.0/26,8.139.112.64/26,8.139.112.0/26,8.139.112.128/26,8.139.99.192/26

Malaysia (Kuala Lumpur)

ap-southeast-3

Express Connect, VPN Gateway, or Smart Access Gateway

100.104.5.0/24,100.104.36.0/26,100.104.234.192/26,100.104.76.192/26,100.104.69.0/26,100.104.87.192/26,100.104.158.192/26,100.104.250.0/26

Cloud Enterprise Network (CEN)

Public IP Address

47.250.30.0/24,47.250.34.128/28,47.250.29.0/24

Indonesia (Jakarta)

ap-southeast-5

Express Connect, VPN Gateway, or Smart Access Gateway

100.104.175.0/24,100.104.35.192/26,100.104.235.192/26,100.104.12.0/26,100.104.111.0/26,100.104.158.192/26,100.104.37.128/26,100.104.218.128/26

Cloud Enterprise Network (CEN)

Public IP Address

8.215.147.0/28,147.139.132.101,149.129.230.192/26,147.139.156.64/26,147.139.165.206,147.139.133.46,147.139.179.168,147.139.156.0/26,147.139.156.128/26

Philippines (Manila)

ap-southeast-6

Express Connect, VPN Gateway, or Smart Access Gateway

100.104.153.64/26,100.104.76.192/26,100.104.246.192/26,100.104.158.192/26,100.104.37.128/26,100.104.218.128/26,100.104.250.0/26

Cloud Enterprise Network (CEN)

Public IP Address

8.212.137.0/26,8.212.136.192/26,8.212.136.128/26,8.212.136.64/26

Thailand (Bangkok)

ap-southeast-7

Express Connect, VPN Gateway, or Smart Access Gateway

100.104.150.192/26,100.104.75.64/26,100.104.132.64/26,100.104.177.192/26,100.104.12.0/26

Cloud Enterprise Network (CEN)

Public IP Address

8.213.163.0/26,8.213.162.64/26,8.213.162.128/26,8.213.162.192/26

Japan (Tokyo)

ap-northeast-1

Express Connect, VPN Gateway, or Smart Access Gateway

100.104.112.0/24,100.104.117.192/26,100.104.12.0/26,100.104.166.64/26,100.104.179.64/26,100.104.108.128/26,100.104.100.128/26,100.104.136.192/26

Cloud Enterprise Network (CEN)

Public IP Address

47.91.0.128/26,47.245.51.0/24,47.245.18.192/26,47.245.18.128/26,47.91.0.192/26,8.209.192.160/28

US (Silicon Valley)

us-west-1

Express Connect, VPN Gateway, or Smart Access Gateway

100.104.175.0/24,100.104.48.128/26,100.104.166.64/26,100.104.108.128/26,100.104.100.128/26,100.104.136.192/26,100.104.16.64/26,100.104.242.64/26

Cloud Enterprise Network (CEN)

Public IP Address

140.205.47.0/24,110.76.8.64/26,203.209.225.192/26,140.205.41.192/26,110.75.157.192/26,110.75.186.0/26,203.209.247.192/26,47.88.98.0/24,110.75.134.192/26,203.119.159.192/26,47.88.15.174,106.11.73.192/26,203.209.225.128/26,110.75.130.192/26,47.252.71.192/26,140.205.41.64/26,110.75.190.0/26,8.149.144.0/24,140.205.197.0/26,203.209.247.128/26,110.75.235.0/24,47.252.90.64/26,110.75.186.64/26,110.76.9.0/24,106.11.76.64/26,47.88.6.196,110.75.230.0/24,140.205.196.0/24,59.82.47.0/26,47.102.181.128/26,59.82.46.128/26,110.76.0.0/24,106.11.76.0/26,47.88.10.217,47.102.234.0/26,47.252.71.128/26,47.102.234.64/26,59.82.46.192/26,110.75.130.128/26,110.75.134.128/26,110.76.8.0/26,110.75.190.64/26,110.75.143.0/26,110.76.2.0/24,47.88.1.17,8.139.112.64/26,8.139.112.128/26,47.252.90.0/26,8.139.99.192/26,47.251.136.112/28,8.139.112.0/26,106.11.73.128/26,110.76.11.0/24,59.82.46.64/26,47.102.181.192/26

US (Virginia)

us-east-1

Express Connect, VPN Gateway, or Smart Access Gateway

100.104.233.0/24,100.104.240.128/26,100.104.132.64/26,100.104.177.192/26,100.104.12.0/26,100.104.111.0/26,100.104.122.128/26,100.104.87.192/26,100.104.179.64/26

Cloud Enterprise Network (CEN)

Public IP Address

140.205.47.0/24,110.76.8.64/26,203.209.225.192/26,140.205.41.192/26,110.75.157.192/26,110.75.186.0/26,203.209.247.192/26,47.88.98.0/24,47.250.29.0/24,110.75.134.192/26,203.119.159.192/26,106.11.73.192/26,203.209.225.128/26,110.75.130.192/26,140.205.41.64/26,47.253.64.0/28,110.75.190.0/26,8.149.144.0/24,140.205.197.0/26,203.209.247.128/26,110.75.235.0/24,110.75.186.64/26,110.76.9.0/24,106.11.76.64/26,110.75.230.0/24,140.205.196.0/24,59.82.47.0/26,47.102.181.128/26,59.82.46.128/26,110.76.0.0/24,106.11.76.0/26,47.102.234.0/26,47.102.234.64/26,59.82.46.192/26,47.252.91.0/24,110.75.130.128/26,110.75.134.128/26,110.76.8.0/26,110.75.190.64/26,110.75.143.0/26,110.76.2.0/24,8.139.112.64/26,8.139.112.128/26,8.139.99.192/26,8.139.112.0/26,106.11.73.128/26,110.76.11.0/24,59.82.46.64/26,47.102.181.192/26

Germany (Frankfurt)

eu-central-1

Express Connect, VPN Gateway, or Smart Access Gateway

100.104.5.0/24,100.104.193.128/26,100.104.161.64/26,100.104.89.128/26,100.104.177.0/26,100.104.224.0/26,100.104.92.128/26,100.104.62.64/26,100.104.216.192/26

Cloud Enterprise Network (CEN)

Public IP Address

8.209.86.0/26,47.254.165.128/26,47.245.155.0/28,47.254.165.64/26,47.254.165.192/26,47.254.180.0/24

UK (London)

eu-west-1

Express Connect, VPN Gateway, or Smart Access Gateway

100.104.133.64/26,100.104.207.128/26,100.104.87.192/26,100.104.145.64/26,100.104.235.192/26,100.104.75.64/26,100.104.132.64/26

Cloud Enterprise Network (CEN)

Public IP Address

8.208.72.0/24,8.208.73.0/24,8.208.75.64/28,47.88.98.0/24

UAE (Dubai)

me-east-1

Express Connect, VPN Gateway, or Smart Access Gateway

100.104.205.0/24,100.104.161.0/26,100.104.53.0/26,100.104.111.128/26,100.104.248.128/26

Cloud Enterprise Network (CEN)

Public IP Address

8.209.86.0/26,47.254.165.128/26,47.254.165.64/26,47.254.165.192/26

South Korea (Seoul)

ap-northeast-2

Express Connect, VPN Gateway, or Smart Access Gateway

100.104.119.128/26,100.104.153.64/26,100.104.76.192/26,100.104.246.192/26,100.104.106.192/26,100.104.210.128/26

Cloud Enterprise Network (CEN)

Public IP Address

149.129.14.128/26,149.129.13.64/26,149.129.14.192/26,149.129.13.0/26

SAU (Riyadh - Partner Region)

me-central-1

Express Connect, VPN Gateway, or Smart Access Gateway

100.104.106.192/26,100.104.145.64/26,100.104.210.128/26,100.104.48.128/26,100.104.69.0/26,100.104.76.192/26,100.104.87.192/26

Cloud Enterprise Network (CEN)

Public IP Address

8.213.0.192/26,8.213.5.0/26,8.213.16.59,8.213.16.111,8.213.16.123,8.213.16.17,8.213.16.91,8.213.5.64/26,8.213.6.0/24,8.213.0.128/26

What to do next

After a DTS task is complete or released, we recommend that you manually delete the CIDR blocks of DTS server from the database security settings to prevent DTS from accessing the database.

  • You must remove the IP address whitelists whose names contain dts from the IP address whitelists of Alibaba Cloud database instances.

  • You must remove the security groups whose names contain DTS from the security groups of ECS instances.

  • You must remove the CIDR blocks of DTS servers from the security settings of self-managed databases or databases hosted on third-party cloud platforms.

References