DocsICP FilingConsole
官方文档
首页

Configure a VPC tunnel task

更新时间:
复制 MD 格式
产品详情
我的收藏

This topic describes how to create a Data Transmission Service (DTS) instance that connects to a database through a VPC tunnel.

Prerequisites

  • The database instance is in a virtual private cloud (VPC).

  • You understand the limits and notes for VPC tunnels. For more information, see Notes.

Preparations

Note

Before you configure a DTS instance, create two vSwitches in different zones for the VPC of the database instance. This allows DTS to create a VPC tunnel. For more information about the supported regions and zones, see What is a VPC tunnel?.

  1. Log on to the VPC console.

  2. In the navigation pane on the left, click vSwitch.

  3. Select the region where the VPC is located.

  4. On the vSwitch page, click Create vSwitch.

  5. On the Create vSwitch page, configure the vSwitch information.

    Configure the Region, VPC, Name, Zone, and IPv4 CIDR parameters for a vSwitch. Then, click Add below the vSwitch section to add another vSwitch.

    Note

    • For more information about the supported regions and zones, see What is a VPC tunnel?.

    • The two vSwitches must be in different Zone, and their IPv4 CIDR cannot overlap.

    • For more information about the parameters, see Create and manage vSwitches.

  6. Click OK.

Create a DTS instance

Note

This section uses a data synchronization instance as an example to describe how to create a DTS instance that connects to a database through a VPC tunnel.

  1. Go to the data synchronization task list page in the destination region. You can do this in one of two ways.

    DTS console

    1. Log on to the DTS console.

    2. In the navigation pane on the left, click Data Synchronization.

    3. In the upper-left corner of the page, select the region where the synchronization instance is located.

    DMS console

    Note

    The actual steps may vary depending on the mode and layout of the DMS console. For more information, see Simple mode console and Customize DMS console layout and style.

    1. Log on to the DMS console.

    2. In the top menu bar, choose Data + AI > DTS (DTS) > Data Synchronization.

    3. To the right of Data Synchronization Tasks, select the region of the synchronization instance.

  2. Click Create Task to open the task configuration page.

  3. Configure the source and destination databases.

    The following table describes the key parameters for a source or destination database that is connected through a VPC tunnel.

    Note

    For more information about the parameters, see the relevant configuration topics in Overview of data synchronization scenarios.

    Configuration

    Description

    Access Method

    Select Express Connect, VPN Gateway, or Smart Access Gateway.

    Instance Region

    Select the region of the VPC to which the database instance belongs.

    Connected VPC

    Select the VPC to which the database instance belongs.

    Primary/Secondary vSwitch in VPC Tunnel

    vSwitch (Primary)

    Select the two vSwitches that you created in the Preparations step as the primary and secondary vSwitches.

    vSwitch (Secondary)

  4. After you complete the configuration, click Test Connectivity and Proceed at the bottom of the page.

  5. In the CIDR Blocks of DTS Servers dialog box, add the CIDR blocks to the routing configuration of the VPC and the security settings of the database.

    Note

    For information about how to configure routes and whitelists for connecting an on-premises data center to the cloud, see Connect a VPC to an on-premises data center or another cloud.

  6. Click Test Connectivity and wait for DTS to create network resources and test the connection.

  7. Complete the subsequent configurations by following the instructions in the relevant documents.

    For more information, see Overview of data synchronization scenarios, Overview of data migration scenarios, and Overview of data subscription scenarios.

FAQ

  • What do I do if a network connection fails when I configure a VPC tunnel task?

    This issue usually occurs because the IP address on the primary or secondary vSwitch cannot access the database instance. To check the connection, log on to the ECS instances that are deployed on the primary and secondary vSwitches and run the telnet, ping, traceroute, or mtr command to test the connection to the database instance.

    DTS uses the standard Java Database Connectivity (JDBC) protocol to communicate with the database. Make sure that you can connect to the database instance address using telnet. For example, if you run the telnet mysql command for a MySQL engine and the network connection is stable, the mysql_native_password characters are returned on the command line, as shown in the following output:

    [admin@dts-xxx xxx /tmp]
$telnet rm-axxx.com  3306
Trying 26.34.142.72...
Connected to rm-axxx.com.
Escape character is '^]'.
N
5.7.44-log 0--z90!|j{cw<mysql_native_passwordConnection closed by foreign host.

  • Can I use existing vSwitches in the VPC of the database instance?

    Yes, you can. You can use existing vSwitches if they are in zones that are supported by the VPC tunnel and the primary and secondary vSwitches are in different zones.

  • How do I view the elastic network interfaces (ENIs) that DTS creates for the vSwitches?

    1. Log on to the ECS console.

    2. In the navigation pane on the left, choose Network & Security > Elastic Network Interfaces.

    3. In the upper-left corner of the page, select the resource group and region where the destination resource is located.

    4. Find the ENI based on the information in the VPC/vSwitch column.

      Note

      The name of the ENI is in the format ** endpoint ep-**.

  • Do I need to manually release the ENIs for the VPC tunnel?

    No, you do not. The ENIs for the VPC tunnel are automatically released 15 days after the DTS instance is released.

Previous:VPC data channelNext:Serverless