TencentDB for MySQL
- Release Notes and Announcements
- Announcements
- Product Introduction
- Database Architecture
- Database Instance
- Kernel Features
- Kernel Version Release Notes
- Functionality Features
- Performance Features
- Parallel Query
- Security Features
- Stability Features
- Purchase Guide
- Getting Started
- Connecting to MySQL Instance
- Database Audit
- Audit Rule Template
- MySQL Cluster Edition
- Maintenance Management Instance
- Operation Guide
- Instance Management and Maintenance
- Instance Upgrade
- CPU Elastic Expansion
- Read-Only/Disaster Recovery Instances
- Database Proxy
- Database Proxy Kernel Features
- Database Proxy Management
- Automatic Read/Write Separation Feature
- Connection Pool Feature
- Other Features
- Account Management
- Database Management Center (DMC)
- Parameter Configuration
- Network and Security
- Backup and Rollback
- Restoring Database from Backup File
- Monitoring and Alarms
- Operation Logs
- Practical Tutorial
- Calling MySQL APIs in Python
- White Paper
- Performance White Paper
- Performance Test Report
- Troubleshooting
- Connections
- API Documentation
- Data Import APIs
- Rollback APIs
- Parameter APIs
- Making API Requests
- Instance APIs
- Database Proxy APIs
- Database Audit APIs
- Security APIs
- Account APIs
- Backup APIs
- Database APIs
- Monitoring APIs
- Log-related API
- FAQs
- Backup
- Connection and Login
- Instance Upgrade
- Performance and Memory
- Service Agreement
- Reference
Private Network Connection Failure
Last updated: 2024-12-26 09:59:25
Phenomenon Description
Connection failure when initiating from a CVM instance to a TencentDB instance via the private network.
Note:
There are various methods to connect to a CDB instance, such as through a private network, public network, or via CCN; each requiring different conditions for connection. For instance, if you attempt to connect to CDB instance through a public network and enter the instance's private network address in the command line, the connection will fail. Similarly, if you are using a Lighthouse instance and try to connect directly to the CDB without going through CCN, the connection will also fail. Therefore, in case of a connection failure, we recommend you first refer to Getting Started > Connecting to MySQL Instances > Overview to ensure correct usage of connection methods and application scenarios.
Summary of Causes
Probable Causes | Description |
The password is incorrect. | |
The CVM and MySQL instances are in the same region but within different VPC networks. | |
The CVM and MySQL instances reside in different regions and belong to separate VPC networks. | |
The configuration for CVM DFW is incorrect. | |
The configuration of MySQL DFW is incorrect. | |
The database account has restricted the specific server address for access. | |
The connection command is flawed. | |
The IP and port in the command line or configuration file are erroneous. | |
The MySQL instance's disk is full, maximum connections have been reached, the timeout parameter setting is problematic, or it's undergoing master/slave switch, among other issues. | |
MySQL instance operating status | |
CVM instance status | The CVM instance is in isolation or shut down. It can be restored or powered on through the Console. |
Solution Strategy
1. Diagnosing the cause through a checking tool
The TencentDB console provides a one-click connection check tool to help identify the possible causes of connection refusal, allowing you to, based on the prompts, make modifications before attempting to reconnect to the instance.
2. Self-Diagnosis
If the One-Click Connection Check tool fails to locate the problem, or if you require solutions to potential causes, you may proactively identify the issue using the failure causes detailed below.
Steps
I. Utilizing the One-Click Connectivity Checker Tool to Ascertain the Cause and Implement Corresponding Actions
1. Log in to the TencentDB for MySQL console and click the ID of the instance under examination in the instance list to access the instance management page.
2. On the instance management page, select Connection Check > Private Network Check.
Note:
To distinguish between private and public network addresses, refer to the basic information on the instance details page.
3. Add CVM instances that will access this MySQL instance.
4. Upon completion of the addition, click Start Check. A check report will be generated once the inspection task is completed.
5. Based on the inspection report, locate the issue, make adjustments according to the recommendations, and then reestablish the connection to MySQL.
Check Items | Exception Handling |
MySQL Instance Status | Your MySQL instance has been detected as terminated. If the instance was not intentionally eliminated, it can be reinstated from the Recycle Bin. |
CVM instance status | Your CVM instance has been discerned as terminated. If this was not an intentional act, the instance can be revived from the Recycle Bin. |
| Your CVM instance has been identified as powered off. If you wish to resume the usage of this CVM instance, please proceed to the console to initiate the CVM instance. |
CVM and MySQL are under the same VPC | Your CVM and MySQL instances have been identified as not being within the same VPC subnet. The CVM needs to be placed within the same VPC in the same region as MySQL. Please refer to Network Issues to modify the VPC. |
CVM security group policy | The outbound rule of the DFW bound to your CVM instance has been identified as blocked to IP port access. Please refer to Incorrect CVM DFW Configuration to unblock the outbound rule. |
MySQL security group policy | The inbound rule of the DFW bound to your MySQL instance has been identified as blocked to IP port access. Please refer to Incorrect MySQL DFW Configuration to unblock the inbound rule. |
II. If the tool check fails to resolve the issue, consider the following causes.
Password Issue: The password is incorrect.
If the password used during the connection is incorrect, you can either reset your password or create a temporary account with necessary permissions to log in the database.
Network Issue 1: The CVM and MySQL are in the same region but belong to different VPC networks.
By default, both the CVM and MySQL are of the VPC network type and can directly interconnect via a private network when located in the same VPC. If they are in the same region but different VPCs, you could migrate MySQL to the VPC where the CVM resides, enabling intercommunication between CVM and MySQL. For the operation, please refer to Switching Networks.
Network Issue 2: The CVM and MySQL are in different regions and belong to different VPC networks.
If the CVM and MySQL are in different regions and belong to different VPC networks, the CVM cannot connect to MySQL directly through the private network. We recommend using a CVM in the same VPC as MySQL for connection. If there is no current CVM instance in the same region as MySQL, you can create a new CVM instance in the same region and VPC network as MySQL on the CVM purchase page.
DFW Configuration Issue 1: Faulty CVM DFW Configuration
To use a CVM to connect to MySQL, you need to configure outbound rules in the CVM's DFW. When the outbound rule target is set to something other than 0.0.0.0/0 and the protocol port isn't set to ALL, you need to add the private IP and port of the MySQL into the outbound rules.
1. Log in to the DFW Console, click on the name of the DFW to access the details page of the DFW assigned to the CVM.
2. On the Outbound Rules tab, click on Add Rule.
Choose MySQL(3306) for "Type", input your MySQL's private IP address(range) for "Destination", and set "Policy" to Allow.
DFW Configuration Issue 2: Incorrect MySQL DFW Settings
If a specified CVM is to connect with the MySQL instance, you need to set up inbound rules in the MySQL DFW. When the inbound rule source is set to something other than 0.0.0.0/0 and the protocol port isn't set to ALL, you need to add the IP and port of the MySQL into the inbound rules.
1. Log in to the DFW Console and click on the DFW name to enter the details page of the DFW bound to the MySQL.
2. Navigate to the Inbound Rules tab and click on Add Rule.
3. Provide the IP address(range) that should be allowed to connect and the necessary port information (e.g., MySQL internal port). Set it to allow. Choose MySQL(3306) as "Type"; as "Source", input your MySQL's private IP address(range); and set "Policy" to Allow.
Authorized Host Address Issue: The database account has restricted access to specific host addresses
In addition to DFW, subnet, and other network environment restrictions, the database account is also subject to constraints imposed by the MySQL account system itself. If a database account specifies certain host addresses, connections from other addresses to MySQL will be denied. You can enhance the security of your database connection by using the MySQL console to modify the host addresses authorized by the database account.
1. Log in to the TencentDB for MySQL console, select an instance ID from the instance list, and enter the instance management page.
2. Navigate to DMC > Account Management, locate the account for which host modification is required, and in the Operation column, choose More > Modify Host.
3. In the pop-up dialog box, enter the new host address and click OK to modify the host address authorized to the account.
Note:
The host address can be an IP or include
% (indicating no limits on the IP range). Multiple hosts should be separated using a line break, space, or the symbols ; , |.Example 1: Entering
Example 2: Entering 10.5.10.% allows clients within the 10.5.10.% IP range to use this account to connect to the database.
Syntax issue with the connection: The connection command is incorrect
Please verify the correctness of the connection command. Refer to the standard command for private network connections:
mysql -h <Internal IP Address> -u <username, default is root> -P <port number, default is 3306> -p
<Internal IP address>: Replace with the private network address of your target MySQL database instance, which can be viewed on the instance details page in the MySQL console.
Note:
The default port for MySQL is 3306.
When the port number is 3306, the <Internal IP Address> should be replaced with the IP address only. For instance, if the private network address is 10.16.0.11:3306, you should simply input 10.16.0.11.
<username, default is root>: Replace with the account name of your target MySQL database instance. The default account name is `root`.
IP and Port Issue: Errors exist in the IP address or port specified in the command line or configuration file.
When attempting to connect to the database using commands, please ensure that the internal IP and port number of the instance are correct. These details can be accessed from the instance details page in the TencentDB for MySQL console.
MySQL Instance Issues: Issues may include the disk space of the MySQL instance being filled to capacity, the maximum number of connections being reached, incorrect timeout parameter settings, or the instance undergoing a source-replica switch.
If the MySQL instance disk is full, it may affect database connectivity. It's recommended to scale the disk capacity. Refer to Adjusting Database Instance Specification for the procedure.
When the error message "ERROR 1040(00000): Too many connections" appears, this indicates that the maximum number of connections for the current Cloud database instance has been exceeded. Common causes and solutions include:
i. If there are too many sleep threads, it's advised to decrease the values of the wait_timeout and interactive_timeout parameters via the console. Refer to Setting Instance Parameters for this action.
ii. If there are few sleep threads and no slow query accumulation, it's suggested to increase the max_connections parameter value via the console. Refer to Setting Instance Parameters for this action.
Verify if the MySQL instance is in a "master-slave switch state", as connection attempts can fail if the MySQL instance is in the middle of a master-slave switch. After the switch has completed, resume connection attempts using the command.
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No