All Products
Search

This Product

    Data Management:Add DMS IP addresses and CIDR blocks to security settings

    Document Center

    Data Management:Add DMS IP addresses and CIDR blocks to security settings

    Last Updated:May 09, 2024

    To ensure that Data Management (DMS) can access your database instance, you must add the IP addresses and CIDR blocks of DMS in the corresponding region to the security settings, such as the firewall, whitelist, or security group settings, of the database instance.

    Add DMS IP addresses and CIDR blocks to the security settings of an ApsaraDB database instance

    Applicable scope: ApsaraDB database instances and self-managed databases on Elastic Compute Service (ECS) instances.

    Add DMS IP addresses and CIDR blocks to the security settings of a database instance in the DMS console

    You can use one of the following methods to add DMS IP addresses and CIDR blocks:

    • Via system prompts

      When you log on to an ApsaraDB database instance in DMS for the first time, DMS prompts you to add the IP addresses and CIDR blocks of DMS to the security settings of the database instance. In this case, you need to click Configure Whitelist in the dialog box. After the configuration is complete, you can log on to the database instance again in DMS.

    • On the Instances page

      Note

      Only DMS administrators or database administrators (DBAs) can use this method.

      1. Log on to the DMS console V5.0.

      2. Move the pointer over the 2023-01-28_15-57-17.png icon in the upper-left corner of the DMS console and choose All functions > Data Assets > Instances.

        Note

        If you use the DMS console in normal mode, choose Data Assets > Instances in the top navigation bar.

      3. On the Instance List tab, select the database instance that you want to manage and click Configure Whitelist in the upper part of the tab.

      4. In the message that appears, click OK.

    Add DMS IP addresses and CIDR blocks to the security settings of a database instance in the corresponding console

    1. Log on to the console of the corresponding service and find the database instance that you want to manage. In this example, an ApsaraDB RDS for MySQL instance is used.

    2. Click the ID of the database instance. In the left-side navigation pane, click Whitelist and SecGroup.

    3. Obtain the IP addresses and CIDR blocks of DMS, add them to the whitelist of the database instance, and then click OK.

      For example, the database instance resides in the China (Hangzhou) region and the network type is Virtual Private Cloud (VPC). DMS IP addresses and CIDR blocks are provided in Table 1 in the "DMS IP addresses and CIDR blocks" section of this topic. In this example, you need to find the China (Hangzhou) row and VPC column in Table 1, and copy and paste the IP addresses and CIDR blocks to the whitelist of the database instance.

    Add DMS IP addresses and CIDR blocks to the security settings of a database on a third-party cloud or a self-managed database

    You must manually add the IP addresses and CIDR blocks of DMS to the security settings of databases on third-party clouds, self-managed databases that are not hosted on ECS instances, and databases connected over public IP addresses and VPCs.

    DMS IP addresses and CIDR blocks

    When you add the IP addresses and CIDR blocks of DMS, we recommend that you copy and paste all IP addresses and CIDR blocks of DMS in the corresponding region to the security settings.

    Important

    • You can add the public IP addresses and CIDR blocks of DMS. However, this may cause security risks. Proceed with caution.

    • We recommend that you increase the security of your account and limit the ports for inbound traffic. You can also connect to the database instance over Express Connect, VPN Gateway, or Smart Access Gateway.

    Table 1. IP addresses and CIDR blocks

    Region

    VPC-connected (self-managed databases hosted on ECS, ApsaraDB database instances, and on-premises databases connected over Express Connect circuits)

    Classic network-connected (self-managed databases hosted on ECS and ApsaraDB database instances)

    Internet-connected

    China (Hangzhou)

    100.104.175.0/24,100.104.201.0/26,100.104.52.0/24,100.104.61.128/26,100.104.244.64/26,100.104.216.192/26,100.104.85.0/26

    11.193.54.0/24,10.143.32.0/24,10.143.34.0/24,10.137.42.0/24,10.152.29.0/24,10.6.226.32,10.6.226.33,10.187.128.215,10.187.128.216

    8.136.163.64/27,118.31.243.0/26,118.31.243.64/26,118.31.243.128/26,118.31.243.192/26

    China (Shanghai)

    100.104.5.0/24,100.104.205.0/24,100.104.226.128/26,100.104.149.64/26

    10.152.163.0/24,10.137.42.0/24,11.154.24.173

    139.224.4.85,139.224.4.79,101.133.205.192/26,47.102.181.128/26,47.102.181.192/26,47.102.234.0/26,47.102.234.64/26

    China (Nanjing - Local Region)

    100.104.182.128/26

    11.193.54.0/24,10.143.32.0/24,10.143.34.0/24,10.137.42.0/24,10.152.29.0/24,10.6.226.32,10.6.226.33,10.187.128.215,10.187.128.216

    8.136.163.64/27,118.31.243.0/26,118.31.243.64/26,118.31.243.128/26,118.31.243.192/26

    China (Qingdao)

    100.104.188.0/24,100.104.72.0/24,100.104.35.192/26

    10.151.203.0/24,10.137.42.0/24,10.245.213.244

    114.215.161.28,114.215.161.36,118.190.207.194,118.190.207.25,120.27.72.0/26,120.27.72.64/26,120.27.72.128/26,120.27.72.192/26

    China (Beijing)

    100.104.72.0/24,100.104.183.0/24,100.104.236.128/26,100.104.128.192/26,100.104.227.192/26

    11.192.101.0/24,10.137.42.0/24,11.115.125.224

    60.205.89.31,60.205.89.21,8.131.132.0/26,39.107.7.0/26,39.107.7.64/26,182.92.32.128/26,182.92.32.192/26

    China (Zhangjiakou)

    100.104.205.0/24,100.104.175.0/24

    11.192.243.0/24,11.193.233.87

    47.92.22.68,39.101.252.128/26,47.92.185.0/26,47.92.185.64/26,47.92.185.128/26,47.92.185.192/26

    China (Hohhot)

    100.104.205.0/24,100.104.72.0/24

    11.193.183.0/24,11.197.113.225

    39.104.29.35,39.104.78.173,39.104.79.122,39.104.86.0,39.104.62.152,39.104.72.87,39.99.77.0/26,39.99.77.64/26,39.99.77.128/26,39.104.220.192/26

    China (Ulanqab)

    100.104.10.192/26

    10.152.29.0/24

    8.136.163.64/27,118.31.243.0/26,118.31.243.64/26,118.31.243.128/26,118.31.243.192/26

    China (Chengdu)

    100.104.5.0/26

    11.195.52.68/24,11.119.156.53

    47.108.22.35,47.109.5.0/26,47.108.45.128/26,47.108.45.192/26,47.108.47.0/26,47.108.47.64/26

    China (Shenzhen)

    100.104.5.0/24,100.104.75.64/26,100.104.235.192/26,100.104.205.0/24,100.104.41.64/26

    10.152.27.0/24,10.137.42.0/24,10.245.164.219

    120.76.91.7,120.76.91.29,47.113.76.192/26,47.112.83.192/26,47.112.84.0/26,47.112.84.64/26,47.112.84.128/26

    China (Heyuan)

    100.104.96.64/26

    11.118.24.0/24,10.137.42.0/24,10.152.29.0/24

    8.136.163.64/27,118.31.243.0/26,118.31.243.64/26,118.31.243.128/26,118.31.243.192/26

    China (Guangzhou)

    100.104.248.128/26

    10.137.42.0/24,10.152.29.0/24,10.58.93.2

    8.134.79.141,8.134.79.143,8.134.0.64/26,8.134.0.128/26,8.134.0.192/26,8.134.5.0/26

    China (Wuhan - Local Region)

    100.104.193.128/26

    11.193.54.0/24,10.143.32.0/24,10.143.34.0/24,10.137.42.0/24,10.152.29.0/24,10.6.226.32,10.6.226.33,10.187.128.215,10.187.128.216

    8.136.163.64/27,118.31.243.0/26,118.31.243.64/26,118.31.243.128/26,118.31.243.192/26

    China (Hong Kong)

    100.104.205.0/24,100.104.233.0/24,100.104.177.192/26,100.104.158.192/26

    10.152.161.0/24,10.137.42.0/24,10.254.102.13

    47.89.61.33,47.89.61.59,47.243.0.32/28,47.56.45.128/26,47.56.45.192/26,47.90.24.0/26,47.90.24.64/26

    Singapore

    100.104.205.0/24,100.104.188.0/24,100.104.207.128/26,100.104.179.64/26,100.104.12.0/26

    10.152.166.0/24,10.137.42.0/24,10.88.51.209

    47.88.147.36,47.88.147.22,161.117.172.0/28,161.117.146.128/26,161.117.146.192/26,161.117.164.0/26,161.117.164.64/26

    Australia (Sydney)

    100.104.5.0/24,100.104.233.0/24,100.104.3.128/26

    11.192.100.0/24,11.195.117.227

    47.91.49.175,47.91.49.169,47.252.149.128/26,47.252.149.192/26,47.252.150.0/26,47.252.150.64/26

    Malaysia (Kuala Lumpur)

    100.104.175.0/24,100.104.5.0/24

    11.193.189.0/24,11.196.42.179

    47.254.212.25,47.250.34.128/28,47.250.30.0/26,47.250.30.64/26,47.250.30.128/26,47.250.30.192/26

    Indonesia (Jakarta)

    100.104.5.0/24,100.104.35.192/26,100.104.175.0/24

    11.194.48.0/22,11.59.138.151

    149.129.228.88,147.139.165.206,147.139.133.46,147.139.179.168,147.139.132.101,147.139.156.0/26,147.139.156.64/26,147.139.156.128/26,149.129.230.192/26

    India (Mumbai)

    100.104.205.0/24,100.104.8.0/24,100.104.127.0/26

    11.194.10.0/24,11.59.130.96

    149.129.164.77,147.139.26.0/28,147.139.23.0/26,147.139.23.64/26,147.139.23.128/26,149.129.165.192/26

    Japan (Tokyo)

    100.104.205.0/24,100.104.112.0/24,100.104.117.192/26,100.104.112.0/24,100.104.117.192/26

    11.192.147.0/24,11.192.148.0/24,11.192.149.0/24

    47.91.13.31,47.91.13.77,8.209.192.160/28,47.91.0.128/26,47.91.0.192/26,47.245.51.128/26,47.245.51.192/26

    US (Silicon Valley)

    100.104.205.0/24,100.104.48.128/26,100.104.175.0/24

    10.152.31.0/24,10.137.42.0/24,10.60.82.16

    47.89.224.28,47.89.224.56,47.88.1.17,47.88.6.196,47.88.10.217,47.88.15.174,47.88.98.0/26,47.88.98.64/26,47.88.98.128/26,47.88.98.192/26

    US (Virginia)

    100.104.205.0/24,100.104.233.0/24,100.104.240.128/26

    10.152.235.0/24,10.137.42.0/24,11.194.67.243

    47.88.98.24,47.88.98.20,47.253.64.0/28,47.252.71.128/26,47.252.71.192/26,47.252.90.0/26,47.252.90.64/26

    UK (London)

    100.104.5.0/24,100.104.133.64/26,100.104.207.128/26

    11.199.93.0/24,11.199.225.130

    8.208.17.76,8.208.75.64/28,8.208.73.0/26,8.208.73.64/26,8.208.73.128/26,8.208.73.192/26

    Germany (Frankfurt)

    100.104.233.0/24,100.104.5.0/24,100.104.193.128/26

    11.192.169.0/24,11.192.170.0/24,11.194.56.218

    47.91.83.56,47.91.83.15,47.245.155.0/28,8.209.86.0/26,47.254.165.64/26,47.254.165.128/26,47.254.165.192/26

    UAE (Dubai)

    100.104.5.0/24,100.104.205.0/24

    11.192.189.0/24,11.192.190.0/24,11.192.191.0/24

    47.91.102.19,47.91.103.51

    Philippines (Manila)

    100.104.36.0/26

    10.43.148.217,10.43.148.218

    8.212.136.64/26,8.212.136.128/26,8.212.136.192/26,8.212.137.0/26

    Thailand (Bangkok)

    100.104.106.192/26

    10.186.15.148,10.186.15.149

    8.213.162.64/26,8.213.162.128/26,8.213.162.192/26,8.213.163.0/26

    SAU (Riyadh)

    100.104.12.0/26

    10.187.119.182,10.187.119.183,10.187.115.137

    8.213.0.128/26,8.213.0.192/26,8.213.5.0/26,8.213.5.64/26,8.213.16.59,8.213.16.91,8.213.16.111,8.213.16.17,8.213.16.123,8.213.6.0/26,8.213.6.64/26,8.213.6.128/26,8.213.6.192/26

    China North 2 Finance (Preview)

    100.104.144.0/26

    10.254.13.200,10.254.13.201,10.254.22.182

    39.107.7.0/26,39.107.7.64/26,182.92.32.128/26,182.92.32.192/26,47.92.185.0/26,47.92.185.64/26,47.92.185.128/26,47.92.185.192/26

    China East 1 Finance

    100.104.175.0/24,100.104.52.0/24,100.104.216.192/26

    11.193.54.0/24,10.143.32.0/24,10.143.34.0/24,10.137.42.0/24,10.152.29.0/24

    116.62.251.150,47.96.59.4,47.96.58.245,116.62.250.113,116.62.249.73,118.31.243.0/26,118.31.243.64/26,118.31.243.128/26,118.31.243.192/26

    China North 1 Finance

    100.104.5.0/24

    10.152.29.0/24

    8.136.163.64/27,118.31.243.0/26,118.31.243.64/26,118.31.243.128/26,118.31.243.192/26

    China East 2 Finance

    100.104.72.0/24,100.104.175.0/24

    10.152.163.0/24,10.137.42.0/24,10.152.29.0/24,10.254.213.170

    139.224.122.227,139.224.123.13,139.224.124.107,139.224.123.165,47.102.181.128/26,47.102.181.192/26,47.102.234.0/26,47.102.234.64/26,47.103.170.128/26,47.103.170.192/26,47.103.171.0/26,47.103.171.64/26

    China South 1 Finance

    100.104.205.0/24,100.104.72.0/24

    10.152.27.0/24,10.137.42.0/24,10.152.29.0/24

    8.136.163.64/27,118.31.243.0/26,118.31.243.64/26,118.31.243.128/26,118.31.243.192/26

    FAQ

    • Q: What do I do if I fail to connect to a database instance from DMS after the IP addresses and CIDR blocks of DMS are added to the IP address whitelist of the database instance?

      A: Perform the following operations to troubleshoot the issue:

      • Try again later. The whitelist takes time to become effective.

      • If you access the database instance over the Internet, add the IP addresses and CIDR blocks of DMS in the China (Hangzhou) region to the IP address whitelist of the database instance. Then, try to connect to the database instance again.

      • In the Add Instance or Edit dialog box, check the connection information such as the port number.

    • Q: What do I do if I fail to connect to an ApsaraDB RDS instance in the classic network from DMS and the ApsaraDB RDS instance can only be accessed by using a public endpoint?

      A: You can use one of the following methods to resolve this issue:

      • Add the IP addresses and CIDR blocks of DMS in the same region in which the ApsaraDB RDS instance resides to the IP address whitelist of the ApsaraDB RDS instance. For more information, see Configure an IP address whitelist.

      • Apply for an internal endpoint for the ApsaraDB RDS instance in the ApsaraDB RDS console.