By Rohit Gupta, Solutions Architect
For many international businesses with a presence in China, network stability issues are often the biggest concern when their users or employees in China try to access services based in other countries and regions. In the past, resolving these issues required a lot of technical expertise and expensive leased network capacity. Thanks to Alibaba Cloud's network products, this is no longer the case. It is now a relatively simple and straightforward task to get your mission critical applications running smoothly for your Chinese user base! Read on.
Alibaba Cloud has several market-leading network products and services which help to resolve networking issues for customers in and outside of China, including Global Acceleration (GA for short). GA is a network acceleration product that provides a dedicated network connection between two Alibaba Cloud regions. One region is designated as the "service area" and one is the "accelerated area". The "service area" is the region which hosts the service or application your users need access to, while the "accelerated area" is an Alibaba Cloud region closest to your users (say, in China). The accelerated area will usually expose a public IP (a fundamental concept of GA) to users which they can use to access whatever service is hosted in the "service area".
The organization is a typical e-commerce business that sells fashion brands online to their wide customer base in and outside China. Their customers outside China are satisfied with the website access but the users in China don't get a consistent and/or good performance. For users in China, the access is usually slow and unstable, discouraging the shoppers and leading to a considerable fall in sales. To add to the misery, in a week's time, there is a huge global online sales event where they are expecting a substantial increase in website visits.
Hence, the organization needs a quick and definite solution to achieve following:
In some cases, the service your users want to access may not actually be hosted on Alibaba Cloud. In this case, you need to establish a proxy in the Alibaba Cloud "service area" region which can accept requests from the "accelerated area" and forward them on. The following is the typical architecture for a scenario where user access in China is accelerated for a website hosted in Sydney. Global Acceleration (GA) is used to send traffic from China to a proxy server located in Alibaba Cloud's Sydney region, which then forwards user traffic on to the correct address (website).
How does traffic flow in this solution? Let's take a look:
S.No | Component | Description |
1 | Accelerated area | An accelerated area is the area where you want to improve the user experience. China is the accelerated area for our setup |
2 | Service area | Service area is the area/region where the service that needs to be accelerated is hosted. Australia is the service area in our example |
3 | GA instance | An Alibaba Cloud GA instance must be created in the accelerated area/region. The GA instance can only bind to an Alibaba Cloud ECS instance or an Alibaba Cloud SLB |
4 | Reverse Proxy | If the origin server (where the service is hosted) is not an Alibaba Cloud ECS instance or SLB, you need to use a reverse proxy to route the traffic to Alibaba Cloud resources (SLB or ECS) You don't need a reverse proxy to bind to the GA instance if the service is hosted on an Alibaba Cloud ECS instance and/or a CDN is not being used to serve the website requests |
5 | CDN | This is an optional component. But if this is in place, you need to use a reverse proxy with GA to route the traffic because GA can't bind to a CDN domain at the backend |
6 | Origin server | This is the server that hosts the service to be accelerated. It could be an Alibaba Cloud ECS instance or a server outside Alibaba Cloud. As mentioned earlier, if it is non-Alibaba Cloud server, you must use a reverse proxy solution with the GA to route the traffic |
The proxy setup consists of a Server Load Balancer (SLB) and an ECS instance sitting behind it. The high level steps are:
# sudo apt-get update
# sudo apt-get install nginx
# cd /etc/nginx/sites-enabled
# ls –lrt
# vi myproxy
=====================================================================
server {
# listen 80;
# listen [::]:80;
listen 443 ssl;
listen [::]:443;
server_name xxxx.com;
ssl_certificate /etc/ssl/xxxx.crt;
ssl_certificate_key /etc/ssl/xxxx.key;
# ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
# ssl_ciphers RC4:HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# keepalive_timeout 60;
# ssl_session_cache shared:SSL:10m;
# ssl_session_timeout 10m;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header Host $http_host;
proxy_set_header Host fashionbunker.com.cn;
proxy_set_header X-Forwarded-Proto $scheme;
add_header Front-End-Https on;
location / {
proxy_pass https://xxxx.com;
}
}
======================================================================
For each domain that you want to redirect the traffic to, there should be a similar block entry in the proxy file
Note that an up to date SSL certificate should be available at the specified location if you want the traffic between proxy and the web server to be encrypted
You could also create an https listener and upload the SSL certificate if you want the traffic from SLB to the proxy to be encrypted as well. However, since between SLB and proxy it is the Alibaba Cloud internal network, I chose to create a TCP listener on port 443
Now we need to create a Global Acceleration (GA) instance in China. Global Acceleration is available under the VPC console
Next is to create CDN domain for accelerating your website. Note that to be able to create the CDN domain, you need to have an ICP licence
NOTE:
The last step in this setup would be to setup DNS geo routing. This has to be done with your DNS provider so that when a website access request is made, the DNS configuration is able to route the traffic via the closest CDN node and Global Acceleration's (GA's) public IP in case the request has originated from China.
The aforementioned solution was deployed and tested in a timely manner by Alibaba Cloud's architects and hence the customer was able to realize the gains during the online shopping event. Though the initial goal was to survive the shopping event, the performance in general was so much better that the customer decided to go ahead with the solution and subscribe to the Alibaba Cloud services as a long term arrangement.
How to Use Alibaba Cloud DNS's Private Zone and GTM Features
2,599 posts | 764 followers
FollowAlibaba Clouder - March 2, 2021
Alibaba Clouder - June 24, 2020
PM - C2C_Yuan - November 2, 2021
Rupal_Click2Cloud - June 21, 2021
Alibaba Cloud Community - September 26, 2023
Kevin Scolaro, MBA - May 16, 2024
2,599 posts | 764 followers
FollowAlibaba Cloud DNS is an authoritative high-availability and secure domain name resolution and management service.
Learn MoreA scalable and high-performance content delivery service for accelerated distribution of content to users across the globe
Learn MoreMore Posts by Alibaba Clouder
Raja_KT March 21, 2019 at 2:47 pm
Interestingone..."If the origin server (where the service is hosted) is not an Alibaba Cloud ECS instance or SLB, you need to use a reverse proxy to route the traffic to Alibaba Cloud resources (SLB or ECS) " .