Overview
This topic describes how Global Traffic Manager (GTM) works with Web Application Firewall (WAF), Global Accelerator (GA), and Server Load Balancer (SLB).
GTM allows self-managed Domain Name System (DNS) servers to support intelligent DNS resolution, and ensures high availability and failover for GA instances, WAF instances, and origin servers.
Architecture
Front GTM instance: achieves intelligent DNS resolution and failover. If the DNS service provider of your domain name supports intelligent DNS resolution and does not require failover, the front GTM instance can be removed.
GA instance: accelerates global network transmission. In this example, the GA instance is used to accelerate the requests from the Chinese mainland to servers outside the Chinese mainland.
WAF instance: protects web applications and intelligently forwards DNS requests to the nearest nodes.
Back GTM instance: achieves failover and intelligent DNS resolution for multiple origin server addresses.
Preparations
The following table describes the resources that must be prepared before GTM can work with WAF, GA, and SLB.
Resource type | Resource content | Description |
GTM | gtm-cn-*****q5a001 | The front GTM instance. Note This instance achieves intelligent DNS resolution and failover. |
gtm-cn-*****id880y | The back GTM instance. Note This instance ensures high availability for multiple nodes of origin servers. | |
WAF | vbrqh41*********uohrsiojoxfkcfmh.aliyunwaf5.com | The WAF instance outside the Chinese mainland |
GA | ga-bp1y0fo9******jo9c2mq.aliyunga0017.com | The GA instance |
Domain name | demo.test.alidns.com | The test domain name |
SLB | 123.123.XXX.XXX 124.124.XXX.XXX | The SLB instance named Overseas-A-SLB The SLB instance named Overseas-B-SLB |
Procedure
Step 1: Configure a back GTM instance
1. Log on to the Alibaba Cloud DNS console.
2. Go to the Global Traffic Manager page and configure the back GTM instance. The following configurations are for reference only. You must configure the back GTM instance based on your business requirements.
Basic configurations
Instance Name: Back GTM.
Business Domain Name(Internet): Enter the canonical name (CNAME) assigned by WAF.
CNAME(Internet): Select Custom Access Domain Name.
Global TTL Period: Select 10 Minutes.
Configure address pools
Address Pool Name: Enter Overseas-A-SLB or Overseas-B-SLB.
Address Pool Type: Select IPv4.
Load Balancing Policy(Address): Select Return All Addresses.
Addresses:
Address: Enter 123.123.XXX.XXX for the address pool Overseas-A-SLB or 124.124.XXX.XXX for the address pool Overseas-B-SLB.
Mode: Select Intelligently Returned.
You must create two address pools: Overseas-A-SLB and Overseas-B-SLB. Enter the names and addresses of the address pools that are described in the preceding section.
If you want to enable the access policy based on geographical location, you do not need to specify the Region parameter.
Configure health checks
GTM supports ping-based health checks, TCP health checks, and HTTP or HTTPS health checks. For more information, see Enable the health check feature.
If the address pool contains the address of an SLB instance or an IP address that is hosted by Alibaba Cloud, select monitoring nodes of Internet service providers (ISPs) based on your business requirements.
Configure an access policy
Enable and configure the access policy based on geographical location. For more information about how to configure an access policy, see Access policies.
Policy Name: Global.
DNS Request Source: Select Global > Global.
Address Pool Type: Select IPv4.
Address Pool for Primary Address Pool Set: Select Overseas-A-SLB.
Address Pool for Secondary Address Pool Set: Select Overseas-B-SLB.
Step 2: Configure a WAF instance outside the Chinese mainland
Log on to the WAF console and configure the WAF instance outside the Chinese mainland. For more information, see Web Application Firewall. The following configurations are for reference only. You must configure the WAF instance based on your business requirements.
Domain Name: Enter demo.test.alidns.com.
Origin Server Address: Enter gtm-cn-npk20id880y.gtm-a4b5.com.
The WAF instances in the Chinese mainland have the same configurations as the WAF instances outside the Chinese mainland.
You can perform the following steps to obtain the domain name assigned by GTM:
Log on to the Alibaba Cloud DNS console. Click Global Traffic Manager in the left-side navigation pane. On the page that appears, find the instance that you want to manage, click Settings in the Actions column, and then click Advanced Settings. On the page that appears, click the Basic Settings tab and view the CNAME.
Step 3: Configure a GA instance
Log on to the GA console and configure the GA instance. For more information, see Global Accelerator.
The following section describes the general procedure for configuring a GA instance.
Purchase a basic bandwidth plan.
Configure a listener.
Configure an acceleration area.
Step 4: Configure a front GTM instance
Basic configurations
Instance Name: Front GTM.
Business Domain Name(Internet): Enter your domain name.
CNAME(Internet): Select System-assigned Access Domain Name.
Global TTL Period: Select 10 Minutes.
Configure address pools
Configure address pools for the GA instance, WAF instance overseas, and origin server.
Address pool for the GA instance:
Address Pool Name: Enter GA.
Address Pool Type: Select Domain Name.
Addresses: Enter the CNAME of the GA instance assigned for your business.
Address pool for the WAF instance overseas:
Address Pool Name: Enter WAF.
Address Pool Type: Select Domain Name.
Addresses: Enter the CNAME of the WAF instance assigned for your business.
Address pool for the original server
Address Pool Name: Enter Origin server.
Address Pool Type: Select IPv4.
Addresses: Enter the address of the origin server configured for your business. In this example, the address of one of the SLB instances overseas is entered.
Configure an access policy
Enable the access policy based on geographical location and configure global and overseas access policies.
Configure a global access policy:
Policy Name: Enter Global.
DNS Request Source: Select Global > Global.
Primary Address Pool Set:
Address Pool Type: Select Domain Name.
Address Pool: Select GA.
Load Balancing Policy(Address Pool): Select Return Addresses by Weight. If you select Domain Name for the Address Pool Type parameter, you can select only Select Return Addresses by Weight.
Secondary Address Pool Set:
Address Pool Type: Select Domain Name.
Address Pool: Select WAF.
Load Balancing Policy(Address Pool): Select Return Addresses by Weight. If you select Domain Name for the Address Pool Type parameter, you can select only Select Return Addresses by Weight.
Configure an overseas access policy:
Policy Name: Enter Overseas.
DNS Request Source: Select Overseas > Overseas.
Primary Address Pool Set:
Address Pool Type: Select Domain name.
Address Pool: Select WAF.
Load Balancing Policy(Address Pool): Select Return Addresses by Weight. If you select Domain Name for the Address Pool Type parameter, you can select only Select Return Addresses by Weight.
Secondary Address Pool Set:
Address Pool Type: Select IPv4.
Address Pool: Select Overseas SLB-A.
Load Balancing Policy(Address Pool): Select Return All Addresses.
Step 5: Configure a CNAME record
After you complete the preceding configurations, go to an authoritative DNS service platform to configure a CNAME record for the front GTM instance. The following figure shows the configuration of a CNAME record in the Alibaba Cloud DNS console.
