Accessing Huawei Cloud Through a VPC (Same Region and Different VPCs)
Figure 1 shows how to use DRS to migrate data across databases in the same region but different VPCs on Huawei Cloud.
If you use DRS to access databases in a different VPC in the same region, create a VPC peering connection between the two VPCs. Ensure that the network ACL and security group associated with the source database allow inbound traffic, and the network ACL and security group associated with the replication instance allow the outbound traffic. If the source and destination databases are not in the same VPC, the CIDR blocks of the source and destination databases must be different.
Figure 2 shows the process.
Network Configurations
- Create a VPC peering connection.
- For details about how to create a VPC peering connection with another VPC in your account, see Creating a VPC Peering Connection with Another VPC in Your Account.
- For details about how to create a VPC peering connection with a VPC in another account, see Creating a VPC Peering Connection with a VPC in Another Account.
After the VPC peering connection is established, you need to add routes for the peer subnets in both the local and peer VPCs. For details, see Adding Routes for a VPC Peering Connection.
When you add routes for the VPC peering connection, you are advised to add network segment route information. If a point-to-point route is added, you need to add the route again after a DRS task is rebuilt and the instance IP address changes. Otherwise, the network will be disconnected.
- Create a DRS instance and obtain the private IP address of the DRS instance.
After the DRS replication instance is created, the private IP address of the replication instance is displayed.
Figure 3 Private IP address of the DRS instance
- Configure inbound rules for the network ACL and security group associated with the source database.
Security group: Add an inbound rule to allow traffic from the private IP address of the DRS replication instance to the database listening port.
Network ACL: By default, a VPC does not have a network ACL. If you have a network ACL, add an inbound rule to allow traffic from the private IP address and random port of the DRS replication instance to the IP address and listening port of the source database.
- Configure outbound rules for the network ACL and security group associated with the replication instance.
By default, a VPC does not have a network ACL, and the default security group rules allow all outbound traffic. The replication instance and destination RDS database in the same security group can communicate with each other by default, so you do not need to configure a network ACL.
If you have configured a network ACL or security group, log in to the VPC management console and check the settings:
Security group: Ensure that the outbound traffic from the DRS private network IP address to the IP address and listening port of the source database is allowed.
Network ACL: Ensure that the outbound traffic from the DRS private network IP address and random port to the IP address and listening port of the source database is allowed.
- Test the connection.
Log in to the DRS console. Locate the DRS task and click Edit in the Operation column. On the displayed Configure Source and Destination Databases page, enter the IP address, port, username, and password of the source database for the connection test.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
