Help Center/ Relational Database Service/ Best Practices/ RDS for PostgreSQL/ Creating a Cross-Region DR Relationship for an RDS for PostgreSQL Instance/ Configuring Cross-Region Network Connection

Updated on 2024-11-22 GMT+08:00

View PDF

Configuring Cross-Region Network Connection

Before setting up a DR relationship, you need to configure cross-region network connection. For details, see Method 1: Using Cloud Connect to Connect VPCs in Different Regions or Method 2: Using VPN to Connect VPCs in Different Regions.

You are advised to select a bandwidth size based on the transaction log generation rate metric. The bandwidth must be greater than or equal to 10 times the maximum value of this metric. That is because the unit of the network bandwidth is Mbit/s and that of the transaction log generation rate is MB/s.

For example, if the maximum transaction log generation rate is 10 MB/s, you are advised to select 100 Mbit/s of network bandwidth so that the DR instance can synchronize data from the primary instance in a timely manner.

After the network is connected, you need to configure the security groups for the primary instance and DR instance to allow traffic from each other. For details, see Configuring Security Groups.

Method 1: Using Cloud Connect to Connect VPCs in Different Regions

Before setting up a DR relationship, you need to configure cross-region network connection.

You can use Cloud Connect to connect VPCs across regions.

Figure 1 Communication between VPCs in the same account but different regions

Ensure that the primary and DR instances are in the regions where cloud connections are available.

Ensure that the VPC subnets to which the primary and DR instances belong allow access from each other.

For details about how to enable communication between VPCs in different regions, see Using a Cloud Connection to Connect VPCs in Different Regions.

Figure 2 Flowchart

Method 2: Using VPN to Connect VPCs in Different Regions

You can use Virtual Private Network (VPN) to enable communication between VPCs across regions.

Ensure that the primary and DR instances are in the regions where VPN is available.

After configuring the VPN service, you need to contact the VPN customer service to configure the network.

Ensure that the VPC subnets to which the primary and DR instances belong allow access from each other.

For details about how to configure a VPN connection, see Overview.

Figure 3 Flowchart

Configuring Security Groups

After connecting two VPCs in different regions, you need to configure security groups for the primary and DR instances so that ports in different VPC CIDR blocks can communicate with each other.

Suppose that there are two instances listed in Table 1 and they use the default port 5432. The firewall configurations for them are as shown in Figure 4.

**Table 1** Instance CIDR block
Category	VPC CIDR Block	IP Address
Production instance	192.168.10.0/24	192.168.10.117
DR instance	192.168.20.0/24	192.168.20.69

Figure 4 Firewall configurations

Parent Topic: Creating a Cross-Region DR Relationship for an RDS for PostgreSQL Instance

Previous topic: Preparing an RDS for PostgreSQL Instance in the DR Center

Next topic: Creating a DR Relationship

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.

Chatbot