This topic describes how to troubleshoot failures in connecting to an ApsaraDB RDS for MySQL instance from an Elastic Compute Service (ECS) instance.
When you set up a test environment to debug your business, you may fail to connect to your RDS instance from your ECS instance. The connection failures may occur due to various reasons. For example, the network type of your RDS instance is different from the network type of your ECS instance, or the IP address of your ECS instance is not added to an IP address whitelist of your RDS instance. This topic describes the most common causes of connection failures and the methods that you can use to troubleshoot the connection failures.
Different network types
The ECS instance resides in a virtual private cloud (VPC), and the RDS instance resides in the classic network.
Method 1: Migrate the RDS instance to the VPC in which the ECS instance resides. For more information, see Change the network type of an ApsaraDB RDS instance. This is the recommended method.
NoteIf the ECS instance and the RDS instance both reside in VPCs, they must reside in the same VPC to communicate with each other over an internal network.
Method 2: Purchase an ECS instance that resides in the classic network, and connect to the RDS instance from the ECS instance. ECS instances cannot be migrated from VPCs to the classic network. A VPC provides higher security than the classic network. We recommend that you use the VPC network type.
Method 3: Connect to the RDS instance from the ECS instance by using the public endpoint of the RDS instance. This method cannot ensure optimal performance, security, or stability.
The ECS instance resides in the classic network, and the RDS instance resides in a VPC.
Method 1: Migrate the ECS instance to the VPC to which the RDS instance belongs. This is the recommended method.
NoteIf the ECS instance and the RDS instance both reside in VPCs, they must reside in the same VPC to communicate with each other over an internal network.
Method 2: Migrate the RDS instance to the classic network. A VPC provides higher security than the classic network. We recommend that you use the VPC network type.
Method 3: Use the ClassicLink feature to establish an internal network connection between the ECS instance and the RDS instance. For more information, see Overview of ClassicLink.
Method 4: Connect to the RDS instance from the ECS instance by using the public endpoint of the RDS instance. This method cannot ensure optimal performance, security, or stability.
Different VPCs
A VPC is an isolated network environment that is built on Alibaba Cloud. VPCs are logically isolated from each other. If the ECS instance and the RDS instance both reside VPCs, they must reside in the same VPC to communicate with each other over an internal network.
Method 1: Migrate the RDS instance to the VPC to which the ECS instance belongs. This is the recommended method.
You must change the network type of the RDS instance from VPC to classic network and then change the network type of the RDS instance from classic network back to VPC. When you change the network type of the RDS instance from classic network back to VPC, you must select the VPC in which the ECS instance resides. For more information, see Change the VPC and vSwitch or Change the network type of an ApsaraDB RDS instance.
Method 2: Create a Cloud Enterprise Network (CEN) instance to establish a private connection between the VPCs of the ECS instance and the RDS instance. For more information, see Use CEN to enable intra-region network communication.
Method 3: Connect to the RDS instance from the ECS instance over the Internet. This method cannot ensure optimal performance, security, or stability.
Different regions
If the ECS instance and the RDS instance reside in different regions, these instances cannot communicate with each other over an internal network.
Method 1: Request a refund for the original RDS or ECS instance. Then, purchase a new RDS instance or ECS instance based on your business requirements.
Method 2: Change the network types of the ECS instance and the RDS instance to VPC. Then, create a CEN instance to enable communication between the VPCs. For more information, see Change the network type of an ApsaraDB RDS instance and Use CEN to enable intra-region network communication.
Method 3: Connect to the RDS instance from the ECS instance over the Internet. This method cannot ensure optimal performance, security, or stability.
Incorrect IP address whitelist settings
The IP address whitelist labeled default contains only the IP address 127.0.0.1. This IP address indicates that no devices are allowed to access the RDS instance. Therefore, you must add IP addresses to the whitelist. For more information, see Configure an IP address whitelist.
The 0.0.0.0 entry is added to an IP address whitelist of the RDS instance.
ImportantIf you add the 0.0.0.0/0 entry to an IP address whitelist of the RDS instance, all devices are allowed to access the RDS instance. Proceed with caution.
The enhanced whitelist mode is enabled for the RDS instance. In this case, take note of the following limits:
If the RDS instance resides in a VPC and is connected by using its internal endpoint, the private IP address of the ECS instance must be added to the IP address whitelist of the VPC type.
If the RDS instance resides in the classic network and is connected by using its internal endpoint, the private IP address of the ECS instance must be added to the IP address whitelist of the classic network type.
If the RDS instance resides in the classic network and is connected over the Internet, the public IP address of the ECS instance must be added to the IP address whitelist of the classic network type.
The public IP address that you add to an IP address whitelist is invalid Possible causes:
The public IP address dynamically changes.
The tool or website that is used to query public IP addresses returns inaccurate results.
For more information, see the following topics:
Domain name resolution failures or errors
If the Domain Name System (DNS) servers are faulty or the configurations of the network interface controller (NIC) are modified, domain names may fail to be resolved or may be resolved into incorrect IP addresses. In this case, you can run the ping
command or the telnet
command to check the connectivity to the RDS instance.
ping <Domain name>
telnet <Domain name> <Port number>
Example
If the RDS instance fails the connectivity test, perform the following operations to modify the configuration file of the network interface controller (NIC):
Open the configuration file in edit mode.
vi /etc/sysconfig/network-scripts/<The name of the configuration file of the NIC>
NoteThe NIC in the command refers to the NIC of the ECS instance. You can run the
ifconfig
command to check the file name extension of the configuration file. The default file name extension is ifcfg-eth0.Add the following settings to the end of the configuration file.
DNS1=100.100.XX.XX DNS2=100.100.XX.XX
NoteIf the DNS1 and DNS2 configuration items exist in the configuration file, you must change the values of these configuration items to the values that are shown in the settings.
Run the following command to restart the network service:
sudo systemctl restart network
Run the following command to check whether the modification is successful:
cat /etc/resolv.conf
RDS instance in the Creating Network Connection state
Go to the Tasks page in the ApsaraDB RDS console, find the task in the Creating Network Connection state, and then click Retry or Modify switching time. For more information, see Use Task Center.