By Sunny Jovita, Solution Architech Alibaba Cloud Indonesia
When the cloud products in a Virtual Private Cloud (VPC) need to communicate with the internet, several tools and services can be utilized to establish this connection efficiently and securely. Among these tools, Network Address Translation (NAT) Gateway, Elastic IP (EIP), and Server Load Balancer (SLB) are essential components for managing internet connectivity and traffic flow within a VPC.
While both GTM and SLB are use to manage traffic flow, they serve different purposes and operate at different levels within the network architecture.
Global Traffic Manager acts as a single point of control for managing traffic flow across an entire infrastructure, irrespective of its geographical location. GTM simplifies configuration and management by using Domain Name System (DNS) to resolve a domain name to multiple IP addresses. This allows different users to access different IP addresses based on various factors such as user location, server availability, and custom routing policies.
GTM provides the following advantages:
In terms of managing traffic flow, SLB can be utilized too, but GTM is more to inter-regional load balancing. SLB serves as a proxy to which user requests are sent, and then distributes these requests across different instances within the same region.
In most cases, SLB can be used to balance workloads across multiple IP addresses that reside in the same region. If you need to balance workloads across multiple SLB addresses that reside in different regions, use GTM.
Let’s take a look at several scenarios on how GTM works along with intelligent resolution DNS.
In most cases, enterprises deploy their application services on multiple servers whose IP addresses may come from data centers of different countries, regions, Internet service providers (ISPs), or vendors. You can use the Intelligent DNS resolution feature of Alibaba Cloud DNS to forward user requests to the nearest application servers.
Multiple servers -> multiple IP addresses.
However, DNS servers cannot detect the availability of IP addresses. So, when some IP addresses are unavailable because the corresponding application servers encounter faults or disasters, the DNS servers may still return the IP addresses of these faulty application servers to users. As a result, users fail to access the applications.
Servers are built in:
Some clients who access the server are coming from:
If the application servers in the Indonesia region are faulty, access traffic to the Indonesia region is forwarded to the application servers in the Singapore region. This ensures business continuity.
Need to 2 Global Traffic Manager (GTM) Instances.
GTM-US
GTM-Asia
Note:
This implementation restricts website access to only Asian and North American countries. Other regions are unable to access the website due to the specificity of the DNS request sources, which are configured to route exclusively to Asian and North American destinations
● User from US (Silicon Valley) access the website
Directed to the US (Virginia) server
● User from Japan access the website
Directed to the Indonesia server
● User from Singapore access the website
Directed to the Indonesia server
● User from Germany (Frankfurt) access the website
Unable to access the server, because the servers are routing only to Asia and North America areas.
root@iZgw8fi78u5t2e3cp7hsaaZ:~# ping collector.sunnydemo.cfd
ping: collector.sunnydemo.cfd: Name or service not known
The initial setup is not efficient because it limits access to only two continents (Asia and North America), which negatively affects users from other regions.
To improve accesibility, we propose a second approach where we configure the second GTM to handle requests from outside China without specifying North America. This adjustment allows users in Europe to access the second GTM, directing them to the nearest server in the US (Virginia).
To ensure that users from both Asia and North America can access the website effectively, we will change the GTM-US DNS request source to "Outside China" only.
Need to 2 Global Traffic Manager (GTM) Instances.
GTM-US
● Primary pool: set IP address IDN server (147.139.207.213)
● Secondary pool: set IP address SG server (47.236.253.37)
● Access policy: global
● DNS request source: Outside China > Asia
● User from US (Silicon Valley) accesses the website
Directed to the US (Virginia) server
● User from Japan accesses the website
Directed to the Indonesia server
● User from Singapore accesses the website
Directed to the Indonesia server
● User from Germany (Frankfurt) accesses the website
Directed to US (Virginia) server
We tested with a huge file being downloaded from each server to see how fast the download speed is.
File: 615,2 MB
● User from US (Silicon Valley) downloads the file
Result: 52s from US (Virginia) server
● User from Japan downloads the file
Result: 49s from IDN server
● User from Singapore downloads the file
Result: 48s from IDN server
● User from Germany (Frankfurt) downloads the file
Result: 50s from US (Virginia) server
This testing result shows that the combination of Intelligent DNS resolution and GTM are suitable to manage applications or resources deployed across multiple regions or globally and need to manage traffic flow based on factors like user location, server health, and custom routing policies, which leads to faster loading times and reduced latency.
While assessing the second approach, some questions arose:
What will happen if we configure the GTM as follows:
● 1st GTM: Outside China
● 2nd GTM: Outside China -> Asia
● Will this setup cause redundancy since Asia is included in "Outside China"?
● Will it only use the first GTM, or will there be collisions?
● Will Asian users go to the first GTM and users from other regions to the second GTM?
There won't necessarily be a collision if you set up the GTM instances this way.
● The second GTM instance will handle routing for users from outside Mainland China and within Asia
● The first GTM instance will handle users from outside Mainland China but outside of Asia (Europe, US)
● If the same subdomain name is used for users from different regions, the number of GTM instance required is determined by the number of intelligent resolution records.
● In this example, different IP addresses are returned to users from Indonesia and the US (Virginia), requiring two intelligent resolution records. Therefore, it's recommended to purchase 2 GTM instances.
A. When a user accesses your website, their DNS request reaches your main DNS zone.
B. Based on the user's location (if your DNS provider offers geo-location routing), they might be directed to a specific CNAME record depending on whether they're outside mainland China or not.
C. If location-based routing isn't available in your DNS provider, all users will be directed to a single CNAME record.
First GTM Instance (Asia):
● If the user is indeed outside mainland China, the first GTM instance would then check for their specific location (likely based on their IP address).
● If the user is in Asia, the GTM instance would route them to the appropriate server group or backend server in the Asian region.
Second GTM Instance (Other Regions):
● Users who aren't identified as being in Asia by the first GTM instance would be considered "outside mainland China and outside of Asia" and would be routed by the second GTM instance.
● Similar to the first instance, the second GTM instance would determine the user's specific location (Europe, US) and route them to the appropriate server group or backend server in that region.
Change Data Capture (CDC) Made Easy- A Step-by-Step Guide with Debezium and Kafka
Utilize Terraform to Install Alibaba Cloud Container for Kubernetes (ACK)
100 posts | 17 followers
FollowAlibaba Cloud Community - June 14, 2024
Thomas KW Poon - February 23, 2021
Alibaba Clouder - January 30, 2019
JJ Lim - April 19, 2022
Alibaba Cloud Vietnam - March 19, 2024
Alibaba Clouder - September 16, 2020
100 posts | 17 followers
FollowRespond to sudden traffic spikes and minimize response time with Server Load Balancer
Learn MoreAlibaba Cloud DNS PrivateZone is a Virtual Private Cloud-based (VPC) domain name system (DNS) service for Alibaba Cloud users.
Learn MoreA virtual private cloud service that provides an isolated cloud network to operate resources in a secure environment.
Learn MoreAlibaba Cloud offers an accelerated global networking solution that makes distance learning just the same as in-class teaching.
Learn MoreMore Posts by Alibaba Cloud Indonesia