All Products
Search
Document Center

Global Traffic Manager:Configure an access policy

Last Updated:Sep 06, 2023

Overview

An access policy allows you to set an address pool that can be accessed by visitors based on your business requirements.

Prerequisites

  • A Global Traffic Manager (GTM) instance is created and GTM is authorized to access cloud resources.

  • At least two IP addresses are prepared for your application service. The IP addresses of the application service can be the public IP addresses of Alibaba Cloud resources or IP addresses that can be accessed over the Internet. These Alibaba Cloud resources include Server Load Balancer (SLB) and Elastic Compute Service (ECS) instances. We recommend that you select the public IP addresses of Alibaba Cloud resources.

Procedure

Rules

  • The latency-based access policy is available only for users of Alibaba Cloud DNS of Enterprise Ultimate Edition.

  • If the latency-based access policy is enabled, the load balancing policy specified for address pools does not take effect.

  • You can enable only one type of access policy for each GTM instance.

Configure a geographical location-based access policy

  1. Log on to the Alibaba Cloud DNS console.

  2. In the left-side navigation pane, click Global Traffic Manager. On the page that appears, find the desired GTM instance and click Settings in the Actions column.

    image..png
  3. On the Basic Settings page, click Settings in the Geographical Location-based Access Policy section.

    image..png
  4. Click Create Access Policy.

    image..png
  5. Configure an access policy.

    image..pngimage..pngimage..png
  1. Policy Name: You can enter a name that is easy to identify for the access policy, such as global.

  1. DNS Request Source: You can specify the required Domain Name System (DNS) request source based on the region from which client requests are sent. When you create an access policy for the first time, we recommend that you select Global for this parameter.

  1. Address Pool Type: Valid values are IPv4, IPv6, and Domain Name.

  1. Primary Address Pool Set: specifies the default address pool set that can be accessed by visitors. The primary address pool set consists of multiple address pools.

  1. Address Pool: You can select one or more existing address pools.

  1. Create Address Pool: If no address pool exists, you can click Create Address Pool to create and configure an address pool.

  1. Load Balancing Policy(Address Pool): Valid values are Return All Addresses and Return Addresses by Weight.

  2. Secondary Address Pool Set: The secondary address pool set consists of multiple address pools that visitors can access when the primary address pool set is unavailable.

    Note

    The load balancing policy specified for the access policy takes precedence over the load balancing policy specified for the address pools. The following table provides the details.

    Load balancing policy specified for the address pools

    Load balancing policy specified for the access policy

    Load balancing policy that takes effect

    Return all addresses

    Return all addresses

    Return all addresses

    Return addresses by weight

    Return addresses by weight

    Return addresses by weight

    Final weight of addresses = Weight of the addresses in the address pools × Weight of the address pools in the access policy

    Return all addresses

    Return addresses by weight

    Return addresses by weight

    Final weight of addresses = Weight of the address pools in the access policy

    Return addresses by weight

    Return all addresses

    Return all addresses

    For more information about how to set weights, see Set weights.

    Note

    GTM schedules traffic based on the scheduling feature of Alibaba Cloud DNS. During testing, DNS resolution results may be inconsistent with weight settings in some cases. This is because weighted round-robin is a coarse-grained method to schedule traffic and is set to route requests from local DNS servers. However, a local DNS server sends only one DNS request to the authoritative DNS server of Alibaba Cloud DNS within the time to live (TTL) period.

    For example, a domain name is accessed by users in both the China (Shanghai) and China (Beijing) regions. Assume that the local DNS server named Local DNS A is used to route requests from users in the China (Shanghai) region and the local DNS server named Local DNS B is used to route requests from users in the China (Beijing) region. When Local DNS A and Local DNS B initiate requests to Alibaba Cloud DNS, Alibaba Cloud DNS returns IP addresses based on the weight settings. However, all users whose requests are routed by the same local DNS server obtain the same IP address within the specified TTL period.

  1. Minimum Available Addresses: specifies the minimum number of available addresses in an address pool set that is available. If the number of available addresses in an address pool set is less than the value of the Minimum Available Addresses parameter, the address pool set is deemed unavailable.

    Important

    If you do not configure a secondary address pool set, GTM only removes abnormal addresses but does not trigger failover when the primary address pool set fails. After GTM removes abnormal addresses from the primary address pool set, GTM routes client requests to the IP addresses that are still available. This applies only when the primary address pool set still has available IP addresses.

Configure a latency-based access policy

  1. On the Basic Settings page, click Settings in the Latency-based Access Policy section.

    image..png
  2. Click Create Access Policy.

    image..png
  3. In the Create Access Policy panel, set the required parameters.

    image..pngimage..png
  1. Policy Name: You can enter a name that is easy to identify for the access policy, such as testdemo.

  1. Primary Address Pool Set: specifies the default address pool set that can be accessed by visitors. The primary address pool set consists of multiple address pools.

  1. Address Pool Type: The valid value is IPv4.

  1. Address Pool: You can select one or more existing address pools.

  1. Create Address Pool: If no address pool exists, you can click Create Address Pool to create and configure an address pool.

  1. Minimum Available Addresses: specifies the minimum number of available addresses in an address pool set that is available. If the number of available addresses in an address pool set is less than the value of the Minimum Available Addresses parameter, the address pool set is deemed unavailable.

  1. Maximum Addresses Returned: After you enable the latency-based access policy, GTM routes client requests to an application server cluster that has the lowest latency. This parameter allows GTM to return one to eight addresses that have the lowest latency.

  1. DNS Resolution with Optimal Latency: After you turn on DNS Resolution with Optimal Latency, GTM intelligently returns the addresses with optimal latency. The number of these addresses is less than the value of the Maximum Addresses Returned parameter.

  1. Secondary Address Pool Set: The secondary address pool set consists of multiple address pools that visitors can access when the primary address pool set is unavailable.