Updated on 2023-12-13 GMT+08:00

Configuring Cross-CIDR Access

When a replica set instance is connected through an internal network, a replica set node is configured with a management NIC (for receiving management instructions and internal communications of the instance) and a data NIC (for receiving and responding to service requests from the client), and the mapping between management IP addresses and data IP addresses of three standard CIDR blocks is configured by default.

  • If your client and the replica set instance are deployed in different CIDR blocks and the client CIDR block is 192.168.0.0/16, 172.16.0.0/12, or 10.0.0.0/8, you do not need to configure Access Across CIDR Blocks for the instance.
  • If your client and the replica set instance are deployed in different CIDR blocks and the client CIDR block is not 192.168.0.0/16, 172.16.0.0/12, or 10.0.0.0/8, you can configure Access Across CIDR Blocks for the instance to communicate with your client.
  • No standard network segment is configured for replica set instances created before September 2021. If the client and the replica set instance are deployed in different network segments, you need to configure access across CIDR blocks to enable network connectivity.

This section describes how to configure Access Across CIDR Blocks for an instance.

Precautions

  • Only replica set instances support this function.
  • During the configuration of cross-CIDR access, services are running properly without interruption or intermittent disconnection.
  • If the client and the replica set instance are in different VPCs and CIDR blocks, create a VPC peering connection between the VPCs and then configure cross-CIDR access.

Procedure

  1. Log in to the management console.
  2. Click in the upper left corner and select a region and a project.
  3. Click in the upper left corner of the page and choose Databases > Document Database Service.
  4. On the Instances page, click the instance name.
  5. In the navigation pane on the left, choose Connections.
  6. On the Private Connection tab, click Enable to the right of Cross-CIDR Access. You can add or delete the blocks as required.

    • Click to add new CIDR blocks.
    • Click to delete existing CIDR blocks.
    Figure 1 Cross-CIDR Access

    Up to 30 CIDR blocks can be configured, and each of them can overlap but they cannot be the same. That is, the source CIDR blocks can overlap but cannot be the same. The CIDR blocks cannot start with 127. The allowed IP mask ranges from 8 to 32.

  7. View the change results. After cross-CIDR access is enabled, Enabled is displayed to the right of Cross-CIDR Access.

    If you need to change the client CIDR block, click Change to the right of Cross-CIDR Access.

    Figure 2 Changing a CIDR block

Follow-up Operations

After cross-CIDR access is configured, you can use MongoShell to connect to a replica set instance over a private network. For details, see Connecting to a Cluster Instance Using Mongo Shell.