Data Transmission Service：Connect an on-premises database to DTS by using CEN

Prerequisites

• The on-premises network to which the self-managed database belongs is connected to Alibaba Cloud over Express Connect or Smart Access Gateway. For more information, see Connect a data center to a VPC.

  Note

  Suppose that you have three VPCs in a region: VPC1, VPC2, and VPC3. The VPCs are attached to a CEN instance in the same region. If VPC1 is used to access other cloud services, such as Object Storage Service (OSS) and Server Load Balancer (SLB), you must also use VPC1 to access DTS when you perform the following operations.

• A CEN instance is created. For more information, see Create a CEN instance.

• The VPC to which the self-managed database belongs is connected to the transit router of the CEN instance. For more information, see Create a VPC connection.

Procedure

1. Log on to the CEN console.

2. On the Instances page, click the ID of the CEN instance that you want to manage.

3. On the Basic Information > Transit Router tab, click the ID of the transit router that resides in the region of the DTS server.

4. Configure the transit router based on your business requirements.

   • Enterprise Edition transit router

     1. On the details page of the transit router, click the Route Table tab.

     2. On the Route Table tab, click the ID of the route table that you want to manage. On the Route Table Details page, click the Route Entry tab and click Add Route Entry.

     3. In the Add Route Entry dialog box, configure the parameters and click OK. The following table describes the parameters.

        Parameter	Description
        Route Table	The route table to which you want to add a route entry. By default, the current route table is selected.
        Transit Router	The transit router for which you want to add a route entry. By default, the current transit router is selected.
        Name	The name of the route entry.
        Destination CIDR	The IP addresses or CIDR blocks of DTS server. The IP addresses or CIDR blocks must belong to 100.64.0.0/10. For example, if the DTS server resides in the China (Hangzhou) region, specify the following CIDR blocks: 100.104.52.0/24, 100.104.61.128/26, 100.104.244.64/26, 100.104.216.192/26, 100.104.85.0/26, 100.104.221.128/26, 100.104.2.0/26, 100.104.251.192/26, 100.104.159.64/26, 100.104.216.128/26, 100.104.148.192/26, 100.104.239.64/26, 100.104.114.0/26, 100.104.0.192/26, and 100.104.13.192/26. For information about the IP addresses or CIDR blocks of DTS servers in other regions, see Add the CIDR blocks of DTS servers. Note You can enter only one IP address or CIDR block at a time. To add multiple IP addresses or CIDR blocks, repeat the preceding steps. If you do not update the whitelist of the self-managed database at the earliest opportunity when new DTS servers are added, DTS may fail to connect to the database. To resolve this issue, we recommend that you set this parameter to 100.104.0.0/16.
        Blackhole Route	Specifies whether the route is a blackhole route. In this example, No is selected.
        Next Hop	The ID of the VPC that is attached to the transit router.
        Description	The description of the route entry.

        Note

        For more information, see the Enable access to a cloud service from an Enterprise Edition transit router section of the Manage access to cloud services topic.

   • Basic Edition transit router

     1. On the details page of the transit router, click the Cloud Services tab.

     2. On the Cloud Services tab, click Configure AnyTunnel.

     3. In the Configure AnyTunnel dialog box, configure the parameters and click OK. The following table describes the parameters.

        Parameter	Description
        Service IP Address	The IP addresses or CIDR blocks of DTS server. The IP addresses or CIDR blocks must belong to 100.64.0.0/10. For example, if the DTS server resides in the China (Hangzhou) region, specify the following CIDR blocks: 100.104.52.0/24, 100.104.61.128/26, 100.104.244.64/26, 100.104.216.192/26, 100.104.85.0/26, 100.104.221.128/26, 100.104.2.0/26, 100.104.251.192/26, 100.104.159.64/26, 100.104.216.128/26, 100.104.148.192/26, 100.104.239.64/26, 100.104.114.0/26, 100.104.0.192/26, and 100.104.13.192/26. For information about the IP addresses or CIDR blocks of DTS servers in other regions, see Add the CIDR blocks of DTS servers. Note You can enter only one IP address or CIDR block at a time. To add multiple IP addresses or CIDR blocks, repeat the preceding steps. If you do not update the whitelist of the self-managed database at the earliest opportunity when new DTS servers are added, DTS may fail to connect to the database. To resolve this issue, we recommend that you set this parameter to 100.104.0.0/16.
        Service Region	The region in which the DTS instance resides. Important You must set Service Region to the destination region regardless of whether you migrate or synchronize data within the same region or across different regions. For example, if you use DTS to migrate or synchronize data from a self-managed database in the China (Hangzhou) or China (Beijing) region to an ApsaraDB RDS for MySQL instance in the China (Hangzhou) region, you must set Service Region to China (Hangzhou). In addition, you must set Service VPC to a VPC that belongs to the China (Hangzhou) region.
        Service VPC	The VPC that is attached to the CEN instance. After you configure all the parameters described in this table, the on-premises network that is connected to the virtual border router (VBR) or cloud connect network (CCN) instance can access DTS over the VPC. Note If you use DTS to synchronize data across regions, you must set Service VPC to a VPC that belongs to the destination region. For example, if you synchronize data from a self-managed database in the China (Beijing) region to an ApsaraDB RDS for MySQL instance in the China (Hangzhou) region, you must set Service VPC to a VPC that belongs to the China (Hangzhou) region. The VPC must be attached to the CEN instance to ensure that the self-managed database can access DTS over the VPC. Suppose that you have three VPCs in a region: VPC1, VPC2, and VPC3. The VPCs are attached to a CEN instance in the same region. If VPC1 is used to access other cloud services, such as OSS and SLB, you must also use VPC1 to access DTS when you perform the following operations.
        Access Region	The region in which the VBR or CCN instance that is used to access DTS resides. Important If the self-managed database is connected to Alibaba Cloud by using a VBR instance, you can use CEN to access DTS only in the region of the VBR instance.
        Description	The description of DTS. The description can be empty or 2 to 256 characters in length. It must start with a letter, and can contain letters, digits, hyphens (-), periods (.), and underscores (_). It cannot start with http:// or https://.

Connect databases to DTS across Alibaba Cloud accounts or regions

You can connect databases to DTS across Alibaba Cloud accounts or regions by using CEN. This way, you can configure DTS tasks across Alibaba Cloud accounts or regions. For more information, see Use Enterprise Edition transit routers to connect VPCs in different regions and accounts or Use CEN and Basic Edition transit routers to connect VPCs in different regions and Alibaba Cloud accounts.

What to do next

When you configure a data migration, data synchronization, change tracking, or data verification task, you can configure specific parameters to use a self-managed database in an on-premises data center as the source or destination database. The following table describes the parameters.

FAQ

Q: Why am I unable to connect an on-premises database to DTS over Express Connect even after I have configured an access control list (ACL) in the firewall settings of the VPC to allow all access?

Q: What do I do when I receive a notification indicating that the new CIDR blocks of DTS servers need to be added to the whitelist?