As of 2023, Alibaba Cloud's infrastructure has currently served 28 public cloud regions and 86 zones across four continents worldwide. At the same time, Alibaba Cloud has more than 3200 edge nodes worldwide, with more than 2300 nodes within China. The data center network is a fully self-developed data center network system based on Alibaba Cloud's overall network QoS solution, which can accurately capture the path, congestion, packet loss, and other information of business flows. From a network perspective, Alibaba Cloud products provide users with quality BGP bandwidth and global transmission networks based on infrastructure capabilities.
With the increasing diversity trend and complexity of applications in the cloud, network optimization solutions need to be considered from the following aspects:
Global Deployment Optimization
The globalization of user businesses has brought about the need for globally deployed infrastructure. Alibaba Cloud provides Cloud Enterprise Network (CEN) and Global Accelerator (GA) products for global deployment scenarios.
Cloud Enterprise Network (CEN) is a high-availability network running on Alibaba Cloud's private global network. Cloud Enterprise Network uses Transit Routers (TR) to establish private communication channels between cross-region private networks and between private networks and local data centers, supports the definition of flexible intercommunication, isolation, and diversion strategies within the region, and helps you build a flexible, reliable, large-scale enterprise-level network on the cloud. Enterprise version Transit Router instances can support 100 Gbps of traffic forwarding, supporting up to 1000 VPCs.
Global Accelerator (GA) is used to cover the network acceleration of global users, realize global network nearest-neighbor access, can reduce the impact of latency, jitter, packet loss, and other network issues on the quality of service, and provides high availability and high-performance network acceleration services for global terminal customers. Because Alibaba Cloud has global network acceleration nodes, it can optimize the network quality of globally deployed applications based on Alibaba Cloud's global transmission network. Global Accelerator instances can support a maximum bandwidth processing capability of 4 Gbps, a maximum of 1 million concurrent connections, and are typically suitable for scenarios such as game acceleration, acceleration of multinational enterprise applications, and acceleration of Internet applications.
Network Path Optimization
In public network scenarios, such as the scenario of overseas traffic returning to Mainland China via the public network, the deficient quality of the cross-border public network leads to congestion and packet losses, while the absence of a direct back-to-country public network line results in high latency. Alibaba Cloud provides EIP of BGP (multi-line) boutique route, which can improve the access quality of international business. Compared with BGP (multi-line) route, BGP (multi-line) upscale route has lower latency when providing services for Mainland China terminal customers (excluding Mainland China data centers) by directly connecting Mainland China through operator upscale public networks. Currently, upscale EIP for the Asia-Pacific region has relatively complete coverage.
In the scenario of nearest-neighbor access, CDN can cache source station resources to Alibaba Cloud's globally distributed acceleration nodes. When the terminal user requests access and obtains the source station resources, they do not need to go back to the source and can obtain the resources cached on the CDN node nearby, thus improving resource access speed and simultaneously alleviating pressure on the source station.
In the scenario of dedicated link back to source, broadly speaking, Alibaba Cloud provides products like GA acceleration IP and Anycast EIP, which allow users and their terminals to access Alibaba Cloud's POP point via public network IP nearest-neighbor access. Through Alibaba Cloud's dedicated link, they can return to the source station, solving potential problems of delay and packet loss in international Internet lines.
Hybrid Cloud Network Optimization
When users need to connect local data centers IDC/headquarters/branches/mobile terminals and cloud private networks VPC to implement private network mutual visits, there are usually several solutions such as Express Connect, VPN, and Smart Access Gateway. On the whole, Express Connect establishes high-speed, stable, and secure private network communication and is undoubtedly the best choice from a performance perspective. But since the scenarios for which the several solutions apply are varied, there isn't much significance in simple horizontal comparison in practice, and the specific situation still needs choice based on the specific scenario. Serving as an option to connect IDC and cloud private network VPC, the Express Connect based on the physical dedicated line can support up to 100 Gbps bandwidth, while the VPN network based on public network link encryption is limited by the bandwidth of the public network IP. The maximum bandwidth supported by a single IPsec connection on Alibaba Cloud is currently 1000 Mbps.
ECS Network Performance Optimization
In network-intensive application scenarios of user businesses, such as NFV/SD-WAN, forwarding element businesses, video barrage services, etc., the performance capacity of a single ECS instance is crucial. With the research and development intensification of Alibaba Cloud's integrated hardware and software virtual switch technology, in the 7th generation network-enhanced ECS instances, leveraging the fourth-generation Apsara architecture, it provides predictably high performance. A single instance supports a network send/receive package capability of up to 30 million PPS and a network bandwidth foundation of up to 100 Gbit/s. The network performance of a single ECS represents the maximum access capability for internal and external networks that a user's computing power can obtain in the cloud. The current network performance provided by a single Alibaba Cloud ECS instance provides users with abundant optimization options.
Load Balancing Performance Optimization
In network-intensive application scenarios, Server Load Balancer (SLB) typically serves as the cluster's entry point, distributing traffic to different backend servers to expand the throughput capability of the application system. It can also eliminate single points of failure in the system, enhancing the availability of the application system. For Alibaba Cloud's SLB, it includes Application Load Balancer (ALB), Network Load Balancer (NLB), and Classic Load Balancer (CLB). They have different orientations. ALB is specifically for the 7th layer, it provides strong business processing performance and provides content-based advanced routing features. It is also the official Alibaba Cloud-native Ingress gateway. NLB is a 4th layer load balancer, supporting ultra-high performance and automatic elasticity. A single instance can reach 100 million concurrent connections. CLB, on the other hand, is more balanced, supporting TCP, UDP, HTTP, and HTTPS protocols, with good 4th layer processing capability and basic 7th layer processing capability.
From the perspective of performance optimization, in the scenario of handling 7th layer traffic, ALB is recommended, a single instance supports up to 1 million QPS and can achieve automatic elasticity. The processing capacity expands and contracts with business peaks. In the scenario of handling 4th layer connections, NLB is recommended. It supports ultra-high performance and flexible elasticity based on the NFV virtualization platform and does not rely on physical machines. It also supports demands for elasticity and rapid expansion. The maximum number of concurrent connections a single instance can support is 100 million, and it too can achieve automatic elasticity. The processing capacity expands and contracts with business peaks.
For applications that use CPU-intensive tasks like SSL/TLS encryption and decryption, using Application Load Balancer (ALB) and Network Load Balancer (NLB) can front load the SSL/TLS encryption and decryption work handled by servers onto the load balancer. When SSL/TLS offloading is configured within the load balancer, it is responsible for encrypting traffic coming from and sent to clients, while delivering unencrypted traffic to the backend. This frees up CPU resources on the backend server, improving the response time of the client, while also improving efficiency in certificate management work. Additionally, using NLB that supports the TCPSSL protocol can further optimize the performance of application systems in scenarios with ultra-high performance and large-scale TLS offloading.
When using ALB, enabling the HTTP2.0 protocol, which reuses TCP connections, can help application systems improve response speed and reduce redundant header field information in HTTP, saving network traffic.
Load balancing can distribute traffic to different types of backend services, including ECS, ENI, ECI, Function Compute, and private IP addresses. Combined with ALB application forwarding rules, traffic access for application systems can be controlled more flexibly based on different user request parameters (HTTP header parameters, HTTP request methods, URL paths, etc.).
Lastly, when designing cross-availability-zone high availability for load balancing, you need to consider the application system's latency sensitivity. When using cross-availability-zone high availability, load balancing will distribute traffic to backend services located in different availability zones. Although this improves the reliability of the system, it does add a certain amount of latency.
Finally, both ALB and NLB provide respective monitoring information and logs. Through monitoring and logs, you can understand the real-time operation status of load balancing. For example, you can use ALB access logs to find which requests take longer to respond or which backend services lead to performance issues.
Elastic Compute Service (ECS)
Container Compute Service (ACS)
