All Products
Search
Document Center

Virtual Private Cloud:Migrate ECS instances from a classic network to a VPC

Last Updated:Nov 14, 2024

Elastic Compute Service (ECS) instances in the classic network will reach end of life (EOL) on February 28, 2025. For more information, see EOL notice for Alibaba Cloud ECS instances in the classic network. If you have ECS instances that are deployed in the classic network, we recommend that you migrate the instances to virtual private clouds (VPCs) at the earliest opportunity. Compared with ECS instances in the classic network, ECS instances in VPCs are more secure and support additional features such as associating elastic IP addresses (EIPs). This topic describes how to use a migration plan to migrate one or more ECS instances from the classic network to a VPC.

Prerequisites

Important

The Migration Plan feature is supported in the following regions: China (Qingdao), China (Beijing), China (Hangzhou), China (Shanghai), China (Shenzhen), China (Hong Kong), US (Silicon Valley), and Singapore. In the China (Hangzhou) region, you cannot migrate specific ECS instances in Hangzhou Zone C from the classic network to a VPC.

The ECS instances that you want to migrate from the classic network to a VPC meet the following requirements:

  • No local disks are attached to the ECS instances. If local disks are attached to the instances, submit a ticket to contact Alibaba Cloud technical support to migrate the instances.

    To check whether local disks are attached to an ECS instance, perform the following steps:

    1. Log on to the ECS console.

    2. In the left-side navigation pane, choose Instances & Images > Instances.

    3. On the Instance page, find the ECS instance that you want to check and view the Specifications column for local disk information.

    If local disk information is displayed in the Specifications column, local disks are attached to the instance. If local disk information is not displayed in the Specifications column, local disks are not attached to the instance.实例挂载本地盘

  • If an ECS instance has a public IP address and a public bandwidth of 0 Mbit/s, you must upgrade the public bandwidth to a public bandwidth of more than 0 Mbit/s before you migrate the instance. A public bandwidth of 0 Mbit/s results in the loss of the public IP address after you migrate the instance. For more information, see the Modify the maximum public bandwidth section of the "Overview of instance configuration changes" topic.

Understand the impacts of the migration

Important

The classic network-to-VPC migration affects the status, network type, and IP addresses of ECS instances. Before you migrate ECS instances, make sure that you are familiar with the migration impacts that are described in the following table.

Item

Description

Period of time that is required to migrate an ECS instance

Approximately 15 minutes are required from the time when an ECS instance in the classic network is stopped until the time when the instance is migrated to and started in a specific VPC.

Important
  • If an ECS instance is started in the VPC, the computing and network resources of the instance are migrated to the VPC, and you can use the instance as expected.

  • If an ECS instance is migrated across zones, the system continues to migrate disk data of the instance after the instance is started. In most cases, approximately 4 hours are required to migrate 100 GiB of disk data. During the migration of disk data, the I/O performance of disks degrades and snapshot-related and disk-related operations cannot be performed. The disk data migration does not affect the running of your business. If your business is not highly sensitive to I/O performance degradation, the reduction in I/O performance is imperceptible.

Instance status

During the migration, the ECS instance that is migrated is stopped and then restarted. We recommend that you migrate your instance during off-peak hours.

Network type

After an ECS instance is migrated, the network type of the instance changes from classic network to VPC. For information about VPCs, see What is a VPC?

Important

After you migrate an ECS instance from the classic network to a VPC, you cannot migrate the instance back to the classic network.

Software authorization codes

After an ECS instance is migrated, the authorization codes of software on the instance may change.

Solutions to issues related to software authorization code changes

  • Problem description: The software vendor did not approve the migration certificate issued by Alibaba Cloud. Solution: We recommend that you contact the software vendor or channel partner to submit a verification form for re-authorization.

  • Problem description: If specific software was associated with a MAC address to register to an ECS instance, authorization errors may occur after you migrate the instance to a VPC. Cause: After you migrate the ECS instance from the classic network to a VPC, only the public or private MAC address of the instance is retained. If the MAC address with which the software is associated for registration is deleted, authorization errors occur. Solution: We recommend that you contact the software vendor to check whether the software is associated with a MAC address to register to your ECS instance. If the software is associated with a MAC address to register to your instance, you must re-associate the MAC address of the instance with the software. For more information, see Overview of ENIs.

Public and internal IP addresses

  • Public IP address: After an ECS instance is migrated, the public IP address of the instance remains unchanged.

    Important

    In VPCs, public IP addresses are assigned to gateways instead of the elastic network interfaces (ENIs) of ECS instances. You can view private IP addresses, but not public IP addresses, from within the operating system of an ECS instance. If your applications require a public IP address that can be viewed in the instance operating system, you must configure additional settings after the migration. For more information, see Expose an EIP on an NIC by adding a secondary CIDR block to a VPC.

  • Internal IP address: You can specify whether to retain the internal IP address of an ECS instance when you create a migration plan to migrate the instance. You can also change the internal IP address of the instance after the instance is migrated. For more information, see Modify the private IP address of an instance.

    Important

    We recommend that you retain the internal IP address of the ECS instance that you want to migrate. If you do not retain the internal IP address of an ECS instance, you must configure the files, business programs, and cloud service whitelists that use the original internal IP address to use the new internal IP address after the migration. For example, you must modify the /etc/hosts file of a Linux ECS instance.

Device names of disks

  • Linux instances: The underlying virtualization technology of specific ECS instances is upgraded when the instances are migrated from the classic network to VPCs. This may result in changes to the device names of the disks on the instances. On Linux instances, disks are assigned device names within the vd[a-z] range, which serve as unique identifiers for the disks.

    • If the disks of a Linux instance are assigned device names in the vd? format before the instance is migrated, the device names of the disks remain unchanged after the instance is migrated.

    • If the disks of a Linux instance are assigned device names in the xvd? format before the instance is migrated, the device names of the disks are converted into the vd? format after the instance is migrated. For example, xvda, xvdb, and xvdc are converted into vda, vdb, and vdc. Alibaba Cloud updates the /etc/fstab file for Linux instances. You must check whether your applications are dependent on the original device names of the disks.

  • Windows instances: The device names of disks are not affected.

Billing

  • You are not charged for the migration. The unit price of an ECS instance type does not change before and after the migration.

  • After you migrate ECS instances from the classic network to VPCs, all ineffective or unpaid orders related to the instances that were placed when the instances were in the classic network are canceled.

Others

  • The ID, username, and logon password of an ECS instance remain unchanged after you migrate the instance to a VPC.

  • If an ECS instance is added to the vServer group of a Server Load Balancer (SLB) instance before the ECS instance is migrated, the ECS instance is not automatically associated with the SLB instance after the migration. You must add the ECS instance to the vServer group of the SLB instance. For more information, see the Modify a vServer group section of the "Create and manage a vServer group" topic.

    Important

    You can no longer add ECS instances in the classic network to the vServer group of an SLB instance.

Preparations

  1. Create snapshots for the disks on the ECS instances to be migrated to back up data.

    For more information, see Create a snapshot.

    Note

    You are charged for the snapshots. For more information, see Snapshots.

  2. If an ECS instance that you want to migrate is associated with an Alibaba Cloud database service, you must enable the hybrid access mode for the database service before you migrate the instance.

    In hybrid access mode, Alibaba Cloud database services can be accessed by ECS instances that reside in the classic network or VPCs. For more information, see Hybrid access to ApsaraDB services and Configure the hybrid access solution for an ApsaraDB RDS for MySQL instance.

  3. If an ECS instance that you want to migrate is associated with an Alibaba Cloud database service (such as ApsaraDB RDS) that provides the whitelist feature, you must add the CIDR block of the destination vSwitch to a whitelist of the database service before you migrate the instance.

    For more information, see Configure a whitelist.

  4. (Optional) To ensure that services can be rapidly restored after migration, we recommend that you configure application services to run on instance startup and monitor service availability.

  5. Disable or uninstall server security software on the ECS instances to be migrated.

    Note

    The device drivers of ECS instances are updated when the instances are migrated. You must disable or uninstall security software such as Safedog, Huweishen, and Yunsuo on the instances before you migrate the instances.

  6. Reserve at least 500 MiB of free space on the system disk of each ECS instance that you want to migrate. If less than 500 MiB of free space is available on the system disk of each ECS instance that you want to migrate, virtualization drivers may fail to be installed and the instances may be unable to start.

  7. Make sure that the destination vSwitch has sufficient internal IP addresses available. The number of available internal IP addresses must be greater than the number of ECS instances to be migrated.

Procedure

Migration process overview

Step 1: Create a migration plan

  1. Log on to the ECS console.

  2. In the left-side navigation pane, choose Maintenance & Monitoring > icon1 > Migration Plans.

  3. In the top navigation bar, select the region and resource group to which the resource belongs. 地域

  4. Click Create Migration Plan.

  5. In the Precautions dialog box, select I have read and understood the precautions and click Create Migration Plan.

    image

  6. In the Configure Migration Plan step, configure the destination zone and VPC, network properties, and network connectivity settings, and click Next.

    1. In the Destination Zone and VPC section, configure the parameters. The following table describes the parameters.

      设置网络

      Parameter

      Description

      Plan Name

      Enter a name for the migration plan.

      Select a destination zone

      Select a destination zone from the drop-down list. The available zones are automatically planned and displayed based on resource availability. If the zone to which you want to migrate ECS instances is not in the drop-down list, submit a ticket to contact technical support. In most cases, a zone is missing from the drop-down list if the ECS instance resources in the zone are sold out.

      Note

      Only one zone can be specified in each migration plan. If you want to migrate multiple ECS instances to different zones, you must create multiple migration plans.

      Destination VPC or Create a VPC

      Select a destination VPC from the drop-down list. The CIDR block of the selected VPC determines whether the internal IP addresses of the ECS instances from the classic network can be retained.

      • If you want to retain the internal IP addresses of the ECS instances, you must select a VPC that is associated with the 10.0.0.0/8 CIDR block. You can select the default option or a VPC that you created.

        • If you have not created VPCs that are associated with the 10.0.0.0/8 CIDR block, select (Default) Automatically create a VPC, CIDR block: 10.0.0.0/8. Then, a VPC that is associated with the 10.0.0.0/8 CIDR block is automatically created.

        • If you have created a VPC that is associated with the 10.0.0.0/8 CIDR block, select the VPC.

      • If you do not want to retain the internal IP addresses of the ECS instances, you must select a VPC that is associated with a CIDR block other than 10.0.0.0/8.

    2. In the Instance Network Properties section, configure the parameters. The following table describes the parameters.

      网络属性

      Parameter

      Description

      Destination Security Group

      Specify destination security groups. Valid values:

      • (Default) Clone Security Groups of Classic Network-type Instances: The security groups of the ECS instances are automatically cloned from the classic network to the destination VPC. The rules of the new security groups (clone security groups) in the VPC are the same as the rules of the original security groups in the classic network.

        Important
        • If the original security groups in the classic network are referenced by managed security groups or contain rules that reference a managed security group, the original security groups cannot be cloned to the destination VPC.

        • If you set Destination VPC or Create a VPC to (Default) Automatically create a VPC, CIDR block: 10.0.0.0/8, Destination Security Group is automatically set to (Default) Clone Security Groups of Classic Network-type Instances and cannot be modified.

      • Specify Security Groups: Select one or more existing security groups from the drop-down list.

        Important

        Improper security group settings affect the connectivity of ECS instances. Make sure that your security group rules meet your connectivity requirements.

      Mac Address Retention Policy

      Select the media access control (MAC) address that you want to retain for each ECS instance from the classic network. In the classic network, an ECS instance that is assigned a public IP address has a public MAC address and a private MAC address. In a VPC, each ECS instance has only a private MAC address and can use a NAT device to map the internal IP address of the instance to a public IP address for Internet access.

      You can select (Default) Private Mac Address or Public Mac Address based on your business requirements.

      • If your business system is associated with a MAC address, retain the MAC address. For example, this situation applies when your software is associated with a MAC address for registration.

        • (Default) Private Mac Address: The private MAC addresses of the ECS instances are retained regardless of whether the instances have public MAC addresses.

        • Public Mac Address: If the ECS instances have public MAC addresses, the public MAC addresses are retained. If the ECS instances do not have public MAC addresses, the private MAC addresses of the instances are retained.

      • If your business system is not associated with a MAC address, select (Default) Private Mac Address or Public Mac Address.

    3. In the Instance Network Connectivity section, configure the parameters. Then, click Next. The following table describes the parameters.

      实例连通

      Parameter

      Description

      Retain Internal IP Address

      Specify whether to retain the internal IP addresses of the ECS instances from the classic network. If you want to retain the internal IP addresses of the ECS instances, you must specify how to create a vSwitch. If you do not want to retain the internal IP addresses of the ECS instances, you must select a vSwitch from the drop-down list.

      • (Default) Yes: retains the internal IP addresses of the ECS instances from the classic network. If you select (Default) Yes, you must configure vSwitch Creation Policy.

        • If you set vSwitch Creation Policy to Automatic, a vSwitch is automatically created and associated with a CIDR block based on the internal IP addresses of the ECS instances. Make sure that the CIDR block corresponding to the internal IP addresses of the ECS instances is not used by other vSwitches. If the CIDR block is used by other vSwitches, the vSwitch cannot be created.

          Note

          If you set Destination VPC or Create a VPC to (Default) Automatically create a VPC, CIDR block: 10.0.0.0/8, Retain Internal IP Address is automatically set to (Default) Yes, and vSwitch Creation Policy is automatically set to Automatic and cannot be modified.

        • If you set vSwitch Creation Policy to Manual, you must create a vSwitch in the specified destination zone based on the internal IP addresses of the ECS instances.

          Note

          You can set vSwitch Creation Policy to Manual only when you select a user-created VPC that is associated with the 10.0.0.0/8 CIDR block for Destination VPC or Create a VPC.

      • No: does not retain the internal IP addresses of the ECS instances from the classic network. You must select a vSwitch from the drop-down list.

        Note

        If you cannot find the vSwitches that you created in the drop-down list, the reason may be that the vSwitches do not reside in the specified destination zone. Create a vSwitch in the destination zone. For more information, see Create and manage a vSwitch.

      Ensure interconnections between the migrated instances and the classic network-type instances

      Specify whether to allow mutual access over the internal network between migrated instances and unmigrated instances that are included in the migration plan. Configure this parameter based on the value of Retain Internal IP Address.

      • Retain Internal IP Address set to (Default) Yes:

        • If you do not want to allow mutual access over the internal network between migrated instances and unmigrated instances that are included in the migration plan, select (Default) No.

        • If you want to allow mutual access over the internal network between migrated instances and unmigrated instances that are included in the migration plan, select Yes. Then, select all ECS instances in the classic network that require mutual access over the internal network in the Select Instances step. You can schedule different migration times for the instances to specify the order in which to migrate the instances.

          Note

          ECS instances in the classic network that are not included in the migration plan cannot communicate with the ECS instances that are migrated to the specified VPC over the internal network. After this migration plan is created, ECS instances cannot be added to the plan.

      • Retain Internal IP Address set to No:

        • If you do not want to allow mutual access over the internal network between migrated instances and unmigrated instances that are included in the migration plan, proceed to the Select Instances step.

        • If you want to allow mutual access over the internal network between migrated instances and unmigrated instances that are included in the migration plan, configure ClassicLink to link the instances to the specified VPC before you migrate the instances. For more information, see Connect an instance in a classic network to a VPC.

  7. In the Select Instances step, select ECS instances and click Next.

    If you set Retain Internal IP Address to (Default) Yes and want to allow mutual access over the internal network between migrated instances and unmigrated instances that are included in the migration plan, you must select all ECS instances in the classic network that require mutual access over the internal network. You can schedule different migration times for the instances to specify the order in which to migrate the instances. After the migration plan is created, you cannot add ECS instances to the plan.

    In the following figure, the section that is labeled ① indicates the instances that you want to migrate in the first batch, and the section that is labeled ② indicates the instances that you want to migrate in subsequent batches.

    选择实例

  8. In the Scheduled Migration step, specify the migration time for the instances and click Verify.

    The instances are stopped and then started again during the migration process. We recommend that you schedule the migration task for your instances during off-peak hours. A unique migration time can be specified for each instance.

    • To specify a migration time for only a single instance, click Schedule Migration Time in the Actions column corresponding to the instance.

    • To specify a migration time for multiple instances that you want to migrate in a batch, select the instances and click Batch Schedule Migration Time.

    Important
    • For ECS instances that need to remain in the classic network and communicate with the ECS instances that are migrated by this migration plan, specify a later migration time. Before the migration time, you can reevaluate whether to migrate the ECS instances from the classic network.

    • The following limits apply to the migration time that can be specified for each instance:

      • The migration time cannot be earlier than the local time.

      • The migration time cannot be later than the expiration time of the instance.

      After the migration plan is created, the replicas of some disks are checked. The period of time that is required by the check is determined based on the disk size and the number of disks that are queued for the check. The migration starts after the check is complete. Set migration times as prompted.

  9. In the Verify dialog box, read the migration considerations and verify whether your migration plan meets the specified requirements.

    • If your migration plan meets the specified requirements, select options and click Confirm and Create.

    • If your migration plan does not meet the requirements, error messages are displayed. You can troubleshoot the errors based on the error messages and modify the relevant parameters to create the migration plan again.

Step 2: Migrate the ECS instances

After the migration plan is created, the system migrates the specified ECS instances from the classic network to the destination VPC at the specified times.迁移完成

Note

If an ECS instance is migrated across zones, the system continues to migrate disk data of the instance after the instance is started. In most cases, approximately 4 hours are required to migrate 100 GiB of disk data. During the migration of disk data, the I/O performance of disks degrades and snapshot-related and disk-related operations cannot be performed. The disk data migration does not affect the running of your business. If your business is not highly sensitive to I/O performance degradation, the reduction in I/O performance is imperceptible.

Step 3: Check the migration results

  1. In the left-side navigation pane, choose Instances & Images > Instances.

  2. Find the migrated ECS instances and click the ID of each of these instances.

  3. On the Instance Details page, check whether the network type of the instance is VPC.

    If the instance is migrated to the specified VPC, the network type of the instance changes to VPC.查看结果

  4. Check the internal network and business runtime environments.

    Scenario

    Migration plan

    What to do next

    Migrate all ECS instances from the classic network to a VPC

    • Set Destination VPC or Create a VPC to (Default) Automatically create a VPC, CIDR block: 10.0.0.0/8.

    • Set Ensure interconnections between the migrated instances and the classic network-type instances to (Default) No.

    Check whether your business system runs as expected.

    Migrate some ECS instances to a VPC and retain other ECS instances in the classic network

    • Set Destination VPC or Create a VPC to (Default) Automatically create a VPC, CIDR block: 10.0.0.0/8.

    • Set Ensure interconnections between the migrated instances and the classic network-type instances to Yes.

    Check whether your business system runs as expected.

    Other scenario

    Set Destination VPC or Create a VPC to a VPC that is associated with a CIDR block other than 10.0.0.0/8.

    1. Check network connectivity.

    2. In this scenario, Retain Internal IP Address is unsupported. If your business is connected by using internal IP addresses, you must configure new internal IP addresses.

    3. Check whether your business system runs as expected.

(Required) Handle post-migration issues

  • If you do not retain the internal IP addresses of ECS instances, but the associated services use domain names that were bound to the original internal IP addresses, modify the /etc/hosts file on the corresponding instances and change the original internal IP addresses to the new internal IP addresses.

  • If you have set Retain Internal IP Address to No in the migration plan, remove the internal IP addresses that are no longer used from the whitelists of other cloud services after the migration, such as AparaDB RDS, SLB, and Object Storage Service (OSS).

  • If an ECS instance is migrated across zones, its connectivity with other Alibaba Cloud services, such as ApsaraDB RDS, ApsaraDB for Redis, and ApsaraDB for MongoDB, may be affected. Adjust application configurations at the earliest opportunity. For example, you can migrate the corresponding RDS instances to the same zone as the ECS instance to ensure connectivity. For more information, see Migrate an ApsaraDB RDS for MySQL instance across zones.

  • If you have not restarted an ECS instance or upgraded its kernel for an extended period of time, issues may occur after the instance is migrated. For example, a file system check (fsck) may be performed, configuration changes may become invalid, or the instance may be unable to start.

  • If you have not restarted an ECS instance for an extended period of time or after the kernel is upgraded, the system checks the file systems of the instance and updates the configurations of the instance when the instance is restarted. If your ECS instance cannot be started, submit a ticket at the earliest opportunity to contact Alibaba Cloud.

  • If a NAS file system is mounted on an ECS instance, you must replace classic network mount targets with VPC mount targets. For more information, see Replace a classic network mount target with a VPC mount target for a NAS file system.

FAQ

Why am I unable to open websites, use services, or read data from or write data to databases on an ECS instance after the instance is migrated from the classic network to a VPC?

This issue may occur because traffic is not allowed on the required communication ports in the new security groups of the ECS instance. We recommend that you clone the original security group rules of the instance from the classic network. For more information, see Clone a security group.

Why am I no longer able to use the FTP service on an ECS instance after the instance is migrated?

After the ECS instance is migrated, the public network interface of the instance is deleted and the FTP service becomes unavailable. We recommend that you perform the following operations:

  1. Convert the system-assigned public IP address of the instance to an EIP.

  2. Expose an EIP on an NIC by adding a secondary CIDR block to a VPC.

Note

Some retired instance types and entry-level instance types of the previous generation do not support ENIs. If the instance type of your instance does not support ENIs, upgrade the instance to an instance type that supports ENIs before you perform the preceding operations. For more information, see Overview of instance configuration changes.

What do I do if I cannot find data disks on specific Windows instances after the instances are migrated?

After the Windows instances are migrated, the disks that are attached to the instances are disconnected. We recommend that you perform the following steps to configure the disks to automatically reconnect. For more information, see How do I handle offline disks attached to a Windows ECS instance and configure the SAN policy of the instance?

  1. Log on to the ECS console.

  2. In the left-side navigation pane, choose Maintenance & Monitoring > Cloud Assistant.

  3. Click Create/Run Command to create and run a Cloud Assistant command.

    In the Create Command panel, configure the parameters. The following table describes the parameters. For the parameters that are not described in the table, use the default values. For information about more parameters, see Create and run a command.

    Parameter

    Description

    Command Type

    PowerShell

    Command content

    @("san policy=onlineall") |diskpart

    Select Instance

    One or more Windows instances.

  4. Click Run and Save.

Why am I unable to transfer files to or from an ECS instance over FTP after the instance is migrated from the classic network to a VPC?

ECS instances in the classic network have both public network interfaces and private network interfaces. ECS instances in VPCs have only private network interfaces. If your applications are configured to recognize only public IP addresses, you must reconfigure the applications.

Most FTP clients access FTP servers in passive mode. In passive mode, FTP servers must communicate their IP addresses to FTP clients. In VPCs, public IP addresses cannot be recognized and FTP servers send their internal IP addresses to FTP clients. When the clients use the internal IP addresses to access the servers, errors occur.

When you use an ECS instance that resides in a VPC as an FTP server, we recommend that you communicate the public IP address of the instance to the FTP server program. The procedures that are required to communicate the public IP addresses of ECS instances vary based on the types of FTP server programs. Select a procedure that is suitable for your FTP server program. In the following example, vsftpd is used. Open the configuration file of vsftpd and add the following content to the file:

listen_ipv6=NO
pasv_address=<PublicIP>
Note

Replace <PublicIP> with the static public IP address (also called auto-assigned or system-assigned public IP address) or EIP of your instance. If an EIP is associated with the instance, we recommend that you use the EIP.

References