All Products
Search
Document Center

Global Accelerator:Add and manage intelligent routing listeners

更新時間:Nov 13, 2024

After you create an intelligent routing listener for a Global Accelerator instance, the GA instance automatically selects a nearby and healthy endpoint group and forwards client requests to the optimal endpoint in the endpoint group.

Prerequisites

Add and manage intelligent routing listeners

Add a TCP or UDP listener

  1. Configure the listener and the protocol.

    1. Log on to the GA console.

    2. On the Instances page, find the GA instance that you want to manage and click Configure Listeners in the Actions column.

    3. On the Listeners tab, click Add Listener.

      Note

      If this is the first time that you add a listener or if no listener is created for the specified Global Accelerator instance, skip this step.

    4. In the Configure Listener & Protocol step, configure the parameters described in the following table and click Next.

      Parameter

      Description

      Listener Name

      Enter a name for the listener.

      Routing Type

      Select a routing type. In this example, Intelligent Routing is selected.

      • Intelligent Routing: automatically selects a nearby and healthy endpoint group based on network latency and forwards client requests to the optimal endpoint in the endpoint group.

      • Custom Routing: generates a port mapping table based on the listener port range, the port ranges of the destination endpoint groups, and the IP addresses of endpoints (vSwitches). This way, traffic is routed to specific IP addresses and ports of specified vSwitches. For more information about how to configure a custom routing listener, see Add and manage custom routing listeners.

        Note

        Custom routing listeners are in invitational preview. To use custom routing listeners, submit an application to your account manager. After your application is approved, you can use custom routing listeners.

      Protocol

      Select a protocol for the listener. Valid values:

      • TCP

        • TCP is a connection-oriented protocol that provides high reliability. Before you transmit data, you must establish a stable connection with the peer.

        • Session persistence is based on source IP addresses.

        • Source IP addresses are visible at the network layer.

        • Data is transmitted at a slow rate.

      • UDP

        • UDP is unreliable and not connection-oriented. Three-way handshakes are not required before UDP packets are transmitted. UDP does not support fault tolerance or retransmission.

        • Data is transmitted at a high rate.

      Port Number

      Specify a port for the listener to receive and forward requests to endpoints. Valid values: 1 to 65499.

      You can specify up to 30 ports for each listener. Separate multiple listener ports with commas (,). For example, you can enter 80,90,8080.

      If you want to specify a port range, use a hyphen (-). Example: 80-85.

      Note
      • TCP, HTTP, and HTTPS listeners must use different ports.

      • UDP listeners and HTTP/3 listeners must use different ports.

      • You can specify more than 300 consecutive listener ports for a listener in specific regions. For more information, see Advanced listeners.

      Advanced Settings

      Configure the Client Affinity and Idle Connection Timeout Period parameters.

      Client Affinity

      Specify whether to enable client affinity.

      • If you select Source IP Address from the drop-down list, client affinity is enabled. After client affinity is enabled, requests from a specific client IP address are forwarded to the same endpoint.

      • If you select Disabled from the drop-down list, client affinity is disabled. After client affinity is disabled, requests from a specific client IP address may be forwarded to different endpoints.

      Idle Connection Timeout Period

      Specify the timeout period of an idle connection. If no data is transmitted during the timeout period, GA closes the current connection. When a new request is received, GA establishes a new connection.

      The valid values vary based on the listener protocol:

      • Valid values for TCP listeners: 10 to 900. Default value: 900. Unit: seconds.

      • Valid values for UDP listeners: 10 to 20. Default value: 20. Unit: seconds.

      Note

      If your standard GA instance does not support configuring the timeout period of idle connections for intelligent routing listeners, the instance may be using an earlier version. To configure the timeout period of idle connections for intelligent routing listeners, contact your account manager to upgrade your GA instance.

  2. Configure endpoints.

    Each listener is associated with an endpoint group. You can associate an endpoint group with a listener by specifying the region to which you want to distribute network traffic. After you associate an endpoint group with a listener, traffic is distributed to the optimal endpoint in the associated endpoint group.

    In the Configure Endpoint Group step, configure the parameters described in the following table and click Next.

    This topic describes only how to configure endpoints and endpoint groups. For information about health checks, see Create a default endpoint group. For more information about endpoints and endpoint groups, see Overview.

    Parameter

    Description

    Endpoint Group Name

    Specify a name for the endpoint group.

    Region

    Select the region where the endpoint group is deployed.

    Configuration

    Client requests are routed to endpoints. To add an endpoint, specify the following parameters:

    • Backend Service Type: If your backend server is deployed on Alibaba Cloud, you can select Alibaba Cloud Public IP Address, ECS, ENI, CLB, ALB, NLB, or OSS. If your backend server is not deployed on Alibaba Cloud, you can select Custom IP Address or Custom Domain Name.

      Note
      • If your standard GA instance does not support ALB instances, ECS instances in VPCs, CLB instances in VPCs, NLB instances, or ENIs as endpoints, your instance may be of an earlier version. Contact your account manager to upgrade your GA instance.

      • UDP listeners do not support ALB instances as endpoints.

      • To ensure that your GA instance is connected to an endpoint, you must configure an access control policy for the endpoint based on the connection type.

        • Internet connection: The access control policies of the endpoint, such as security group rules or firewall settings, must allow the public IP address of the endpoint.

        • Private connection: The access policies of the endpoint, such as security group rules or firewall settings, must allow the CIDR block of the vSwitch to which the endpoint belongs. The number of idle private IP addresses of the vSwitch must be equal to or greater than eight.

      • The public IP addresses of endpoints associated with a GA instance are unique and are not shared with other GA instances. For information about how to view the public IP address of an endpoint, see View the public IP address of an endpoint.

      • If no service-linked roles exist when you specify Elastic Compute Service (ECS) instances, elastic network interfaces (ENIs), Classic Load Balancer (CLB) instances, Application Load Balancer (ALB) instances, Network Load Balancer (NLB) instances, or Object Storage Service (OSS) buckets as endpoints, the system automatically creates the corresponding service-linked role. For more information, see AliyunServiceRoleForGaVpcEndpoint, AliyunServiceRoleForGaAlb, AliyunServiceRoleForGaOss, and AliyunServiceRoleForGaNlb.

    • Backend Services: Enter the IP address, domain name, or instance ID of the backend server.

    • Weight: Specify a weight for the endpoint. Valid values: 0 to 255. GA distributes network traffic to endpoints based on the weights.

      Warning

      If you set the weight of an endpoint to 0, Global Accelerator stops distributing network traffic to the endpoint. Proceed with caution.

    You can click + Add Node to add more endpoints. You can create up to four endpoints in each endpoint group. If you want to add more endpoints, go to the Quota Management page and increase the quota. For more information, see Manage GA quotas.

    Preserve Client IP

    Specify whether to preserve client IP addresses.

    If you enable this feature, the backend server can obtain client IP addresses. For more information, see Preserve client IP addresses.

    Traffic Distribution Ratio

    Set the traffic distribution ratio for the endpoint group. The Traffic Distribution Ratio parameter is available only when you configure an endpoint group for a TCP or UDP listener.

    Valid values: 0 to 100.

    Note

    Cross-border Acceleration Settings

    Read Compliance Commitments Regarding Cross-border Data Transfers and select Agree to the Preceding Compliance Agreement.

    This parameter is required only when cross-border acceleration is disabled for your GA instance but your service requires cross-border acceleration between the Chinese mainland and regions outside the Chinese mainland or between different countries and regions.

  3. Confirm the configurations.

    In the Configuration Review step, confirm the configurations of the listener and endpoints, and then click Submit.

    If you want to modify settings, click Modify in the corresponding section. Then, you are redirected to the configuration page.

    Note

    If this is the first time you add a listener, the listener takes effect after 3 minutes. If you modify the configurations of a listener, the new configurations take effect after 1 minute.

Add an HTTP or HTTPS listener

  1. Configure the listener and the protocol.

    1. Log on to the GA console.

    2. On the Instances page, find the GA instance that you want to manage and click Configure Listeners in the Actions column.

    3. On the Listeners tab, click Add Listener.

      Note

      If this is the first time that you add a listener or if no listener is created for the specified Global Accelerator instance, skip this step.

    4. In the Configure Listener & Protocol step, configure the parameters and click Next.

      Parameter

      Description

      Listener Name

      Enter a name for the listener.

      Routing Type

      Select a routing type. In this example, Intelligent Routing is selected.

      • Intelligent Routing: automatically selects a nearby and healthy endpoint group based on network latency and forwards client requests to the optimal endpoint in the endpoint group.

      • Custom Routing: generates a port mapping table based on the listener port range, the port ranges of the destination endpoint groups, and the IP addresses of endpoints (vSwitches). This way, traffic is routed to specific IP addresses and ports of specified vSwitches. For more information about how to configure a custom routing listener, see Add and manage custom routing listeners.

        Note

        Custom routing listeners are in invitational preview. To use custom routing listeners, submit an application to your account manager. After your application is approved, you can use custom routing listeners.

      Protocol

      Select a network transmission protocol for the listener. Valid values:

      • HTTPS: HTTPS has the following features:

        • HTTPS is a connection-oriented protocol that provides high reliability. Before you transmit data, you must establish a stable connection with the peer.

        • You can bind SSL certificates to servers. This ensures the high reliability of data.

        • Data transmission is encrypted.

      • HTTP: HTTP has the following features:

        • HTTP is a connection-oriented protocol that provides high reliability. Before you transmit data, you must establish a stable connection with the peer.

        • Data is transmitted at a high rate.

        • Data transmission is not encrypted.

      Maximum HTTP Version

      Select the maximum HTTP version supported by GA. You must select Maximum HTTP Version only if you set Protocol to HTTPS.

      • HTTP/1.1: Compared with HTTP/1.0, HTTP/1.1 supports persistent connections and pipelines, but may encounter head-of-line blocking issues.

      • HTTP/2 (default): HTTP/2 is based on TCP and supports multiplexing and header compression to improve the concurrency of a single connection.

      • HTTP/3: HTTP/3 uses the UDP-based QUIC protocol to resolve head-of-line blocking issues. HTTP/3 supports error recovery and flow control to improve the stability and efficiency of transmission.

        The latest HTTP/3 version is h3, which is compatible with Google Chrome 87 or later. If you use another browser, make sure that the browser supports HTTP/3.

      GA supports forward compatibility for HTTP. For example, if you select HTTP/3 and the client does not support HTTP/3, GA allows the client to send HTTP/2 or HTTP/1.1 requests.

      Note
      • By default, the feature to select the maximum HTTP version is unavailable. To use the feature, contact your account manager.

      • You cannot select HTTP/3 for subscription Global Accelerator instances.

      • TLS Security Policies takes effect only for non-HTTP/3 connections. HTTP/3 connections use the built-in default security policy.

      Port Number

      Specify a port for the listener to receive and forward requests to endpoints. Valid values: 1 to 65499.

      You can configure only one listener port for each HTTP or HTTPS listener.

      Note
      • TCP, HTTP, and HTTPS listeners must use different ports.

      • UDP listeners and HTTP/3 listeners must use different ports.

      Server Certificate

      Select the server certificate that you obtained. This parameter is required only when you set Protocol to HTTPS.

      Server certificates ensure that data transmission over GA is encrypted.

      For more information about how to purchase a certificate, see Select and purchase a certificate and Apply for a certificate.

      If the required service-linked role does not exist when you configure a server certificate for a Global Accelerator instance, the system automatically creates the service-linked role. For more information, see AliyunServiceRoleForGaSsl.

      TLS Security Policies

      Select the TLS security policy required by your service. You need to configure a TLS security policy only if you set Protocol to HTTPS. TLS Security Policies takes effect only for non-HTTP/3 connections. HTTP/3 connections use the built-in default security policy.

      A TLS security policy contains TLS protocol versions and cipher suites that are available for HTTPS.

      For more information about TLS security policies, see TLS security policies.

      Advanced Settings

      Configure the Client Affinity, Idle Connection Timeout Period, Connection Request Timeout, and Custom HTTP Headers parameters.

      Client Affinity

      Specify whether to enable client affinity.

      • If you select Source IP Address from the drop-down list, client affinity is enabled. After client affinity is enabled, requests from a specific client IP address are forwarded to the same endpoint.

      • If you select Disabled from the drop-down list, client affinity is disabled. After client affinity is disabled, requests from a specific client IP address may be forwarded to different endpoints.

      Idle Connection Timeout Period

      Specify the timeout period of an idle connection. If no request is received during the timeout period, GA closes the current connection. When a new request is received, GA establishes a new connection.

      Valid values: 1 to 60. Default value: 15. Unit: seconds. To specify a longer timeout period for pay-as-you-go GA instances, go to Quota Center.

      Note

      If your standard GA instance does not support configuring the timeout period of idle connections for intelligent routing listeners, the instance may be using an earlier version. To configure the timeout period of idle connections for intelligent routing listeners, contact your account manager to upgrade your GA instance.

      Connection Request Timeout

      Specify the timeout period of a request. If the backend server does not respond within the timeout period, GA returns the HTTP 504 error code to the client.

      Valid values: 1 to 180. Default value: 60. Unit: seconds. You can specify a longer timeout period for pay-as-you-go GA instances. To increase the quota, go to Quota Center.

      Note

      If your standard GA instance does not support configuring the request timeout period for intelligent routing listeners, the instance may be using an earlier version. To configure the request timeout period for intelligent routing listeners, contact your account manager to upgrade your GA instance.

      Custom HTTP Headers

      Select the HTTP headers that you want to add.

      • Obtain the GA instance ID by using the GA-ID header

      • Obtain the information about the acceleration region by using the GA-AP header

      • Obtain the listening protocol of the GA instance by using the GA-X-Forward-Proto header

      • Obtain the listening port of the GA instance by using the GA-X-Forward-Port header

      • Obtain client IP addresses by using the X-Real-IP header

  2. Configure endpoints.

    Each listener is associated with an endpoint group. You can associate an endpoint group with a listener by specifying the region to which you want to distribute network traffic. After you associate an endpoint group with a listener, traffic is distributed to the optimal endpoint in the associated endpoint group.

    In the Configure Endpoint Group step, configure parameters and click Next. The following table describes the parameters.

    This topic describes only how to configure endpoints and endpoint groups. For information about health checks, see Create a default endpoint group. For more information about endpoints and endpoint groups, see Overview.

    Parameter

    Description

    Endpoint Group Name

    Specify a name for the endpoint group.

    Region

    Select the region where the endpoint group is deployed.

    Configuration

    Client requests are routed to endpoints. To add an endpoint, configure the following parameters:

    • Backend Service Type: If your backend server is deployed on Alibaba Cloud, you can select Alibaba Cloud Public IP Address, ECS, ENI, CLB, ALB, NLB, or OSS. If your backend server is not deployed on Alibaba Cloud, you can select Custom IP Address or Custom Domain Name.

      Note
      • If your standard GA instance does not support ALB instances, ECS instances in VPCs, CLB instances in VPCs, NLB instances, or ENIs as endpoints, your instance may be of an earlier version. Contact your account manager to upgrade your GA instance.

      • To ensure that your GA instance is connected to an endpoint, you must configure an access control policy for the endpoint based on the connection type.

        • Internet connection: The access control policies of the endpoint, such as security group rules or firewall settings, must allow the public IP address of the endpoint.

        • Private connection: The access policies of the endpoint, such as security group rules or firewall settings, must allow the CIDR block of the vSwitch to which the endpoint belongs. The number of idle private IP addresses of the vSwitch must be equal to or greater than eight.

      • The public IP addresses of endpoints associated with a GA instance are unique and are not shared with other GA instances. For information about how to view the public IP address of an endpoint, see View the public IP address of an endpoint.

      • If no service-linked roles exist when you specify Elastic Compute Service (ECS) instances, elastic network interfaces (ENIs), Classic Load Balancer (CLB) instances, Application Load Balancer (ALB) instances, Network Load Balancer (NLB) instances, or Object Storage Service (OSS) buckets as endpoints, the system automatically creates the corresponding service-linked role. For more information, see AliyunServiceRoleForGaVpcEndpoint, AliyunServiceRoleForGaAlb, AliyunServiceRoleForGaOss, and AliyunServiceRoleForGaNlb.

    • Backend Services: Enter the IP address, domain name, or instance ID of the backend server.

    • Weight: Specify a weight for the endpoint. Valid values: 0 to 255. GA distributes network traffic to endpoints based on the weights.

      Warning

      If you set the weight of an endpoint to 0, Global Accelerator stops distributing network traffic to the endpoint. Proceed with caution.

    You can click + Add Node to add more endpoints. You can create up to four endpoints in each endpoint group. If you want to add more endpoints, go to the Quota Management page and increase the quota. For more information, see Manage GA quotas.

    Preserve Client IP

    Specify whether to preserve client IP addresses.

    By default, client IP address preservation is enabled for HTTP and HTTPS listeners. GA preserves the IP address of a client in the X-Forwarded-For HTTP header. For more information, see Preserve client IP addresses.

    Backend Service Protocol

    Select the protocol that is used by the backend service. The Backend Service Protocol parameter is available only when you configure an endpoint group for an HTTP or HTTPS listener.

    • HTTP(default)

    • HTTPS

    Note
    • If the listener protocol is HTTP, this parameter is automatically set to HTTP and cannot be modified.

    • If you select HTTPS for Backend Service Protocol, the backend service supports the following TLS versions: TLS 1.0, TLS 1.1, TLS 1.2, and TLS 1.3. In addition, GA automatically negotiates with the backend service on which TLS version to use. By default, TLS 1.3 is disabled. To use TLS 1.3, contact your account manager.

    Protocol Version

    Select the protocol version used by the backend service. The IP Version parameter is available only when you select HTTPS for Backend Service Protocol.

    • HTTP/1.1 (default)

    • HTTP/2

      After you enable HTTP/2 origin fetch, backend HTTPS services can benefit from the advantages of HTTP/2 to greatly improve service performance, reduce network latency and overheads, and improve access experience.

      This protocol version is suitable for backend services that support HTTP/2. If your backend services support only HTTP/2, you must select HTTP/2.

    Note
    • By default, the IP Version parameter is disabled. To enable this parameter, contact your account manager.

    • If you select HTTP/2, the following limits apply:

      • WebSocket is not supported.

      • HTTP/2 Server Push is not supported.

      • Google Remote Procedure Call (gRPC) requests that use HTTP/2 cannot be accelerated.

    Port Mapping

    If the listener port and the port that is used by the endpoint to provide services are different, you must configure this parameter. The Port Mapping parameter is available only when you configure an endpoint group for an HTTP or HTTPS listener.

    • Listener Port: Enter the listener port.

    • Endpoint Port: Enter the port over which the endpoint provides services.

    If the listener port and the port that the endpoint uses to provide services are the same, you do not need to add a port mapping. GA automatically distributes client requests to the listener port of the endpoint.

    Cross-border Acceleration Settings

    Read Compliance Commitments Regarding Cross-border Data Transfers and select Agree to the Preceding Compliance Agreement.

    This parameter is required only when cross-border acceleration is disabled for your GA instance but your service requires cross-border acceleration between the Chinese mainland and regions outside the Chinese mainland or between different countries and regions.

  3. Confirm the configurations.

    In the Configuration Review step, confirm the configurations of the listener and endpoints, and then click Submit.

    If you want to modify settings, click Modify in the corresponding section. Then, you are redirected to the configuration page.

    Note

    If this is the first time you add a listener, the listener takes effect after 3 minutes. If you modify the configurations of a listener, the new configurations take effect after 1 minute.

What to do next

Operation

Description

Modify a listener

You can modify a listener to meet your business requirements. The configurations that you can modify include the basic settings, protocol, SSL certificate, and endpoint group of the listener. The routing type of a listener cannot be modified.

  1. On the Listeners tab, find the listener that you want to modify and click Modify in the Actions column.

  2. On the Edit Listener page, modify the basic settings, protocol, SSL certificate, or endpoint group of the listener and then click Next.

    For more information about the basic settings, protocol, SSL certificate, and endpoint group of a listener, see Add a TCP or UDP listener and Add an HTTP or HTTPS listener.

Delete a listener

You can delete a listener. After a listener is deleted, the endpoint group that is associated with the listener is also deleted.

  1. On the Listeners tab, find the listener that you want to delete and click Delete in the Actions column.

  2. In the Delete Listener message, click OK.

Configure a virtual endpoint group and a forwarding rule for a listener

After you create an intelligent routing listener, you can configure a virtual endpoint group and a forwarding rule for the listener. After the configuration is complete, the listener can forward the requests that meet the forwarding conditions to the default endpoint group or a virtual endpoint group based on the forwarding rule. This way, a GA instance can accelerate access to multiple endpoints at the same time. For more information, see the following topics:

References