All Products
Search

This Product

    ApsaraDB RDS:Configure the hybrid access solution (retain both the classic network and VPC endpoints)

    Document Center

    ApsaraDB RDS:Configure the hybrid access solution (retain both the classic network and VPC endpoints)

    Last Updated:Feb 20, 2025

    To switch an instance's network type from classic network to VPC without service interruptions, enable hybrid access mode. This mode maintains both classic network and VPC endpoints. During hybrid access, you can gradually reconfigure your business to use the VPC endpoint. Once reconfiguration is complete, you can release the classic network endpoint to seamlessly transition to the new network type.

    Important

    • RDS instances of the classic network type can no longer be renewed, upgraded, downgraded, or cloned from 00: 00 on October 30, 2024. For more information, see [Product changes/Feature changes] Alibaba Cloud plans to phase out ApsaraDB RDS instances of the classic network type.

    • You may fail to renew your RDS instance or change the specifications of the RDS instance due to the following reasons:

      • The network type is changed to VPC but the classic network endpoint is not deleted. In this case, you must go to the Instances page and click the ID of the required RDS instance. On the page that appears, click Database Connection to delete the classic network endpoint.

      • The network type is not changed to VPC before the expiration. In this case, you must submit a ticket to apply for validity period extension. After the validity period is extended, change the network type to VPC, delete the classic network endpoint, and then renew the RDS instance.

    Background information

    When migrating your RDS instance from the classic network to a VPC, the internal endpoint type changes accordingly. Although the endpoint string remains the same, the associated IP address changes, leading to an instance switchover. Classic network-type Elastic Compute Service (ECS) instances will lose internal network connectivity to the RDS instance. ApsaraDB RDS offers hybrid access mode to facilitate a smooth transition. For details on the impact of instance switchovers, see Impact of Instance Switchovers.

    Hybrid access allows your RDS instance to connect with both classic network-type and VPC-type ECS instances. In this mode, the system retains the classic network's original internal endpoint and generates a new internal endpoint for the VPC type, while the public endpoint remains unchanged. This setup prevents instance switchovers during the network type change.

    For security and performance, we recommend using only the internal VPC endpoint. You must set an expiration date for the hybrid access solution. Once expired, ApsaraDB RDS will release the internal classic network endpoint, rendering it inaccessible for applications. Ensure you add the internal VPC endpoint to your applications before the hybrid access solution expires to ensure a seamless migration and avoid service disruptions.

    For instance, a company using hybrid access mode to transition an RDS instance from classic network to VPC may have some applications connect via the VPC's internal endpoint while others continue using the classic network's internal endpoint. Once all applications can connect through the VPC internal endpoint, the classic network internal endpoint can be released.

    Prerequisites

    To use hybrid access mode, your RDS instance must meet the following criteria:

    • The instance's network type is classic network.

    • A VPC and a vSwitch must be created in the same zone as the RDS instance. To create a VPC and a vSwitch, see Manage VPC.

    Precautions

    • During hybrid access: Switching back to the classic network is not supported, nor is migration between zones. Switching between high availability edition and three-node enterprise edition (formerly finance edition) is not supported.

    • Impact on instance connection addresses:

      • Internal endpoint: The classic network internal endpoint is retained and an internal endpoint of the VPC type is automatically added.

      • Public endpoint: The public endpoint of the instance is not affected by enabling hybrid access mode.

    • Impact on instance access:

      • Internal access: Cloud products like ECS can access the RDS instance over an internal network using either the classic network (via the classic network internal endpoint) or VPC (via the VPC internal endpoint). After the classic network endpoint expires, only VPC access is supported.

      • Public access: Public access to the instance remains unaffected by enabling hybrid access mode.

    • Whitelist: For high availability edition local disk instances of MySQL 5.6 and 5.7, you must enable enhanced whitelist mode when activating hybrid access mode. The server IP addresses from the original whitelist are automatically copied to the classic network group of the enhanced whitelist. For more information, see Enhanced Whitelist Mode.

    • Read-only instances: You must first migrate the primary instance from the classic network to the VPC network according to the hybrid access solution, then complete the temporary hybrid access transformation for the read-only instance.

      • If the primary RDS instance uses local disks, the read-only RDS instances can be in any VPC.

      • If the primary RDS instance uses cloud disks, the read-only RDS instances and the primary RDS instance must be in the same VPC.

    Change the network type from classic network to VPC

    1. Navigate to the RDS instance list, select a region at the top, and then click the destination instance ID.

    2. In the left-side navigation pane, click Database Connection.

    3. Click Switch To VPC.

      Note

      If the switch button is not visible, ensure that your RDS MySQL instance meets the prerequisites.

    4. In the dialog box that appears, select a VPC and a vSwitch and decide whether to retain the classic network endpoint.

      • Choose a VPC. It's recommended to select the VPC where your ECS instance is located to ensure internal network communication. If they are in different VPCs, establish a Cloud Enterprise Network or a VPN Gateway between them.

      • Select a vSwitch. If there is no vSwitch in the chosen VPC, create one in the same zone as the instance. For guidance, see Manage vSwitch.

      • Choose Retain Classic Network for hybrid access mode, allowing the RDS instance to be accessible by ECS instances within both the classic network and VPC via the internal network.

        Affected Item

        Do not retain classic network

        (Direct switch)

        Retain classic network

        (Enable temporary hybrid access for smooth switch)

        Transient connection

        When switching network types, a transient connection occurs, causing the internal network connection between the classic network ECS and the RDS instance to immediately disconnect.

        Upon switching the network type, no transient connection occurs, and the internal network connection between the classic network ECS and the RDS instance remains available until the classic network endpoint expires.

        Internal endpoint

        Only one internal endpoint: After the switch, the internal endpoint string remains unchanged, but its type transitions from a classic network to a VPC.

        Two distinct internal endpoints: Maintain the classic network internal endpoint while an internal VPC-type endpoint is added automatically.

        Internal access

        After the RDS instance is switched to VPC, other cloud products (such as ECS) must also use VPC to access the RDS instance.

        After the RDS instance is switched to hybrid access mode, other cloud products (such as ECS) can access the RDS instance using either the classic network internal endpoint or the VPC internal endpoint. After the classic network endpoint expires, only VPC access is supported.

        • Classic network: Access the RDS instance via the classic network internal endpoint.

        • VPC: Access the RDS instance via the VPC internal endpoint.

        Once the classic network endpoint expires, access will be supported exclusively through VPC.

        Public endpoint

        The public endpoint remains unchanged regardless of the network type switch method, ensuring that public access to the RDS instance is not affected. Only the internal endpoint and internal access are impacted.

        Public access
        Note

        • Retaining the classic network endpoint prevents an instance switchover when changing the network type, and the internal network connection between the classic network ECS and the RDS instance remains available until the classic network endpoint expires.

        • Before the classic network endpoint expires, integrate the VPC endpoint into your application running on a VPC-type ECS instance. This allows for a seamless migration of your workloads to the selected VPC without downtime.

    5. Add the private IP address of the required VPC-type ECS instance to an IP address whitelist of the VPC type on the RDS instance to enable internal network access. If no VPC-type IP address whitelists are available, create one.

    6. Before the classic network endpoint expires, ensure to add the VPC endpoint to your application running on a VPC-type ECS instance.

      Note

      • An ECS instance in a VPC connects to an RDS instance in the same VPC over an internal network: The ECS instance and the RDS instance must be in the same region and VPC (the same VPC ID), although different zones do not affect the internal connection.

      • An ECS instance in the classic network connects to an RDS instance in a VPC over an internal network: Utilize ClassicLink or migrate the ECS instance from the classic network to the VPC for connectivity.

    Change the expiration date of the internal endpoint of the classic network type

    During hybrid access, you can adjust the expiration date of the classic network endpoint to align with your business needs. The new expiration date takes effect immediately from the date of adjustment. For example, if the classic network endpoint is set to expire on August 18, 2017, and you extend the validity period by 14 days on August 15, 2017, the endpoint will now expire on August 29, 2017.

    To change the expiration date, follow these steps:

    1. Go to the RDS instance list, select a region at the top, and click the destination instance ID.

    2. In the left-side navigation pane, click Database Connection.

    3. On the Instance Connection tab, click Change Expiration Date.

    4. On the Change Expiration Date confirmation page, select a new expiration date and click Confirm.

    FAQ

    Are the public endpoint and Internet access affected after the network type of an RDS instance is changed from classic network to VPC?

    No, the public endpoint and Internet access are not affected. The network type change from classic network to VPC indicates that the classic network endpoint is changed to the VPC endpoint. The VPC endpoint is a type of internal endpoint and does not affect the public endpoint and Internet access.