tencent cloud

Feedback

Enabling/Disabling Public Network Address

Last updated: 2024-10-24 21:56:57
    In addition to the private network access, you can also connect to TDSQL-C for MySQL by using the system-assigned domain name and port after enabling the public network access. It takes about five minutes for the configuration to take effect. Note that the public network access should be used only for database development or management. For business access, you should use the private network access.
    This document describes how to enable/disable public read-write and read-only addresses of a cluster in the console.
    Note:
    Faults arising from the public network access will not be included in the overall availability calculation for the TDSQL-C MySQL service.
    Enabling public network access for TDSQL-C for MySQL can reduce the security of the instance. It is recommended solely for management, testing, or database management. No availability SLA guarantees are provided for such configurations. For operational access, utilize private network connections.
    After TDSQL-C for MySQL public network access is enabled, it will be controlled by the network access policies in the security group. You need to configure the corresponding policies in advance.
    Currently, the public network access feature is free of charge, but the stability of the public network bandwidth and traffic cannot be guaranteed.
    The Enable button will be displayed for the public read-only address in the Connection Info section on the Cluster Details page only if there are read-only instances in your cluster.
    We recommend utilizing public domain names instead of IP addresses for access. Because the adjustment in database instance specification, the reactivation of public network access, and the network upgrade may lead to changes in the public IP addresses. Accessing via public domain names ensures minimal impact on your operations, without need of application modification.

    Overview

    A TDSQL-C for MySQL cluster contains read-write and read-only instances. They support both private and public network addresses, with the former enabled by default for you to access your instance over the private network and the latter enabled or disabled as needed. Note that the latter is automatically assigned by the system and cannot be customized currently.

    Explanation of New Public Network Architecture Upgrade

    1. New Architecture Release Time

    To enhance the security and reliability of databases' public network links, in May 2024, Beijing Time (UTC+8) , TDSQL-C for MySQL released a new public network architecture, which adopted Cloud Load Balancer (CLB) as its underlying structure.

    2. Comparison for Differences Between New Architecture and Old Architecture

    Difference Item
    Old Public Network Architecture
    New Public Network Architecture (CLB)
    Architecture differences
    The old public network architecture adopts single-point deployment, resulting in slow recovery and a lack of high availability in case of a single point of failure.
    The new public network architecture can extend the service capability of an application system through traffic distribution, improving the availability of the application system by eliminating single points of failure.
    Whether product integration involved
    No.
    Yes. After the public network address is enabled, the system will automatically create a free, basic CLB instance in the same region in the CLB console to provide public network capabilities.
    

    3. Precautions

    Currently, after TDSQL-C for MySQL is enabled with public network addresses, it adopts a CLB architecture. The system will automatically create a free, basic CLB instance in the same region in the CLB console to provide public network capabilities. Note the policies of the CLB architecture (as shown in the table below). If you have higher performance requirements, you can also directly purchase CLB.
    Category
    Number of Concurrent Connections
    New Connections
    Packet Volume
    Inbound Bandwidth
    Outbound Bandwidth
    CLB
    2000
    200/s
    Unlimited
    20 Mbps
    20 Mbps
    
    Note:
    A CLB instance is automatically created due to the enabling of a public network address. You can try it for free.
    After the public network address is disabled, the corresponding CLB instance will be automatically deleted.
    Commencing from mid-May 2024, the CLB health check source IP will be within the 100.64.0.0/10 subnet. Upon enabling public network access, if your simplified CLB instance displays an abnormal health status, you may rectify this issue by allowing the 100.64.0.0/10 subnet through the security group configuration for TDSQL-C for MySQL. This action aims to resolve failures in health checks that lead to the abnormal display of the CLB instance's health status. For guidance on this operation, see Modifying or Adding Security Group Rules.
    
    To configure monitoring alerts for the aforementioned basic load balancer instance, it is essential to monitor public network connections through metrics such as the number of new public network connections, current public network connections, outbound public network bandwidth, and inbound public network bandwidth, especially after enabling an external network address. For the operational steps, please refer to Setting Alerts. Select the policy type as illustrated below.
    

    Supported Regions and Instance Types

    Clusters in Guangzhou, Shanghai, Beijing, Chengdu, Chongqing, Nanjing, Hong Kong (China), Singapore, Seoul, Tokyo, Silicon Valley, Frankfurt, and Virginia regions will support the enabling of public network addresses. The availability is progressively being rolled out. Refer to the supported regions already opened in the console.
    The clusters in the instance form of pre-configured resources and Serverless support the enabling of public network addresses for read-write or read-only instances within the cluster. Once enabled, you can access the respective instances via their public network addresses.

    Enabling the public read-write/read-only addresses of a cluster

    On the cluster management page, proceed according to the actually used view mode:
    Tab View
    List view
    1. Log in to the TDSQL-C for MySQL console, and click the target cluster in the cluster list on the left to enter the cluster management page.
    2. Under Cluster Details, locate the instance for which you need to enable public network access. Hover your mouse over the public network section of the read/write or read-only address, where the word "Enable" will appear. Click Enable.
    
    3. After you click Enable, the system will perform operations based on the instance's bound security group situation in several scenarios. Scenario 1: The port is not opened in the current security group configuration. To enable public network access, you need to click Authorize and Create (the system will request your authorization to automatically bind a security group that allows the internal network port for this cluster (current port: 3306) to facilitate your public network connection. Subsequently, you may access the security group interface for further settings or to bind a new security group).
    Note:
    Enabling the public network requires the internal network policy of the security group to be opened for access. If your current security group configuration does not allow the port, to ensure connection success, the system will automatically open the port policy for this cluster and allow 0.0.0.0/0 and ::/0 access. For network security, we recommend that you manually modify it to the fixed IP access later.
    After enabling, you can access TDSQL-C for MySQL through a system-assigned domain name and port in the public network. The effective time is about 5 minutes.
    Public network access is solely for developing or assisting in database management. For business access, use internal network access.
    Scenario 2: The port is opened in the current security group configuration. In the pop-up window, read the prompt and click OK to enable public network.
    4. Once the network is successfully enabled, you can view the public network's host and port at the public network address under connection information. The public network host and port cannot be modified.
    1. Log in to the TDSQL-C for MySQL console and click the ID of the target cluster in the cluster list to enter the cluster management page.
    2. On the Instance List tab page of the cluster management page, select the instance (read/write instance or read-only instance) to be enabled for public network, click its Instance ID or Manage in the Operation column to enter the instance details page.
    
    3. On the instance details page, choose Connection Info > Public Network Address, and then click Enable.
    
    4. After you click Enable, the system will perform operations based on the instance's bound security group situation in several scenarios. Scenario 1: The port is not opened in the current security group configuration. To enable public network access, you need to click Authorize and Create (the system will request your authorization to automatically bind a security group that allows the internal network port for this cluster (current port: 3306) to facilitate your public network connection. Subsequently, you may access the security group interface for further settings or to bind a new security group).
    Note:
    Enabling the public network requires the internal network policy of the security group to be opened for access. If your current security group configuration does not allow the port, to ensure connection success, the system will automatically open the port policy for this cluster and allow 0.0.0.0/0 and ::/0 access. For network security, we recommend that you manually modify it to the fixed IP access later.
    After enabling, you can access TDSQL-C for MySQL through a system-assigned domain name and port in the public network. The effective time is about 5 minutes.
    Public network access is solely for developing or assisting in database management. For business access, use internal network access.
    Scenario 2: The port is opened in the current security group configuration. In the pop-up window, read the prompt and click OK to enable public network.
    5. Once the network is successfully enabled, you can view the public network's host and port at the public network address under connection information. The public network host and port cannot be modified.

    Disabling the public read-write/read-only addresses of a cluster

    Note:
    After the public network address is disabled, you will no longer be able to access the TDSQL-C for MySQL cluster through the public network domain name and port. Ensure your system does not use a public network access address to avoid unnecessary losses.
    On the cluster management page, proceed according to the actually used view mode:
    Tab View
    List View
    1. Log in to the TDSQL-C for MySQL console, and click the target cluster in the cluster list on the left to enter the cluster management page.
    2. Under Cluster Details, locate the instance for which you want to enable the public network and click Disable next to the read-write/read-only address.
    3. In the pop-up window, confirm that everything is correct and click OK.
    
    1. Log in to the TDSQL-C for MySQL console and click the ID of the target cluster in the cluster list to enter the cluster management page.
    2. On the Instance List tab page of the cluster management page, select the instance (read/write instance or read-only instance) to be enabled for public network, click its Instance ID or Manage in the Operation column to enter the instance details page.
    
    3. On the instance details page, choose Connection Info > Public Network Address, and then click Disable .
    4. In the pop-up window, confirm that everything is correct and click OK.
    
    
    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support