All Products
Search
Document Center

Access policies

Last Updated: Jun 23, 2021

What are access policies?

Access policies include the intelligent DNS resolution, default address pools and alternative address pools, and switchover policies of active address pools. You can create multiple access policies for a Global Traffic Manager (GTM) instance. You can configure different resolution response address pools for visitors from different networks or regions. This configuration allows these visitors to connect to the nearest node and implement automatic failover.

Types of access policies

1. Geographical location-based access policies

These policies allow visitors from different regions or networks to access the nearest node and accelerate content delivery based on the geographical locations of these visitors.

2. Latency-based access policies

These policies allow GTM to detect the access latency between the location of a user and the region in which an application is deployed. Then, GTM routes user requests to the application server cluster that has the lowest latency. This feature is available only for the Ultimate Edition.

Features

1. Geographical location-based access policies

On the Basic Configuration tab, select Enabled on the Access Policy Based on Geographical Location card of the Access Policy Type section.

1234

1. Add Access Policy

To configure different address pools for visitors from various networks or regions, you can add an access policy.

2. Policy Name

When you add or modify an access policy, we recommend that you specify an informative name for the access policy.

3. DNS Request Sources

DNS request sources allow you to implement intelligent DNS resolution. After you specify a region in an access policy, access to an application from this region is routed to the specified address pool set. In this case, select Global to indicate all users.

Rules:

  • If only one access policy is configured and no specific business requirements exist, you must set the DNS Request Sources parameter to Global.

  • If you configure multiple access policies, you must specify Global as one of your DNS request sources. Otherwise, the application may not be accessible in some regions.

  • You cannot select the options that have been used in other access policies. These options are unavailable.

    • The preceding rule does not apply when the primary address pool set includes only IPv4 or IPv6 addresses.

      • For example, a global access policy already exists and you set the Address Pool Type parameter to IPv4 in the Primary Address Pool Set section. In this case, if you need to add another global access policy, set the Address Pool Type parameter of the new access policy to IPv6.

  • If multiple access policies exist, you can set the DNS request sources parameter to only ISP or Mainland China.

  • If you set the CNAME(Public Network) parameter to Custom Access Domain Name, the value of the DNS Request Sources parameter must be the same as the value of the ISP Line parameter. For example, if you select ISP in the ISP Line field, you must select ISP and Global in the DNS Request Sources field.

The following table describes the carriers and regions that are supported by intelligent DNS resolution.

For more information, see Support lines. The Ultimate Edition supports subdivided ISP lines.

Line

Standard Edition

Ultimate Edition

Global

All users

All users

ISP

China Telecom, China Unicom, China Mobile, and China Dr.Peng

China Telecom, China Unicom, China Mobile, China Dr.Peng, China Edu, and China TV Network

Mainland China

North China, South China, East China, Northeast China, Northwest China, Southwest China, and Central China

North China, South China, East China, Northeast China, Northwest China, Southwest China, and Central China

Overseas

Outside mainland China, Asia, Europe, North America, South America, Africa, and Oceania

Outside mainland China, Asia, Europe, North America, South America, Africa, and Oceania

Alibaba Cloud

China (Qingdao), China (Beijing), China (Zhangjiakou), China (Hohhot), China (Hangzhou), China (Shanghai), China (Ulanqab), China (Shenzhen), China (Heyuan), China (Guangzhou), China (Chengdu), China (Hong Kong), Singapore (Singapore), Australia (Sydney), Malaysia (Kuala Lumpur), Indonesia (Jakarta), Japan (Tokyo), Germany (Frankfurt), UK (London), US (Silicon Valley), US (Virginia), India (Mumbai), and UAE (Dubai)

4. Primary Address Pool Set and Secondary Address Pool Set

In most cases, users access a primary address pool set by default. The primary address pool set consists of multiple address pools of the same type. If the primary address pool set is unavailable, GTM automatically switches between the primary address pool set and the secondary address pool set based on the switchover policy.

5. Address Pool Type: Valid values: IPv4, IPv6, and Domain.

6. Select Address Pool: After you select an address pool type, select the required address pool from the existing address pools.

7. Create Address Pool: If no existing address pool exists, click Create Address Pool. In the Create Address Pool dialog box, set the required parameters, and click Confirm to create an address pool.

8. Load Balancing Policy(Address Pool): Valid values: Return all address and Return addresses by weight.

9. Min. Number of Available Addresses: specifies the minimum number of available addresses in the address pool set. If the number of available addresses is less than the minimum number of available addresses, the address pool set is unavailable.

10. Edit and Delete

Edit: to modify the details of the access policy. These details include the name, default address pool set, secondary address pool set, and DNS request sources.

Delete: to delete the access policy.

11. Switchover Policy of Effective Address Pool Set

The Switchover Policy of Effective Address Pool Set parameter includes the following valid values: Auto Switch and Manual Switch. This parameter allows you or GTM to switch between the primary address pool set and secondary address pool set.

Mode

Condition

Primary address pool set

Secondary address pool set

Manual switch

The primary address pool set is specified.

  • ✅(and returns the primary address pool set address by load policy)

The secondary address pool set is specified.

  • ✅(and returns the pooled address of the backup address pool by load policy)

Auto switch

The primary address pool set is specified. The secondary address pool set is not specified.

  • ✅(and returns the primary address pool set address by load policy)

The primary address pool set and secondary address pool set are specified. The primary address pool set is available.

  • ✅(and returns the primary address pool set address by load policy)

The primary address pool set and secondary address pool set are specified. The primary address pool set is unavailable. The secondary address pool set is available.

  • ✅(and returns the pooled address of the backup address pool by load policy)

The primary address pool set and secondary address pool set are specified. The primary address pool set and secondary address pool set are unavailable. The number of available addresses in the primary address pool set is greater than the number of available addresses in the primary address pool set.

  • ✅(and return all addresses in the main address pool set by load policy, including non-live addresses)

Notice

If it is a delayed access policy, the non-surviving address is not returned.

The primary address pool set and secondary address pool set are specified. The primary address pool set and secondary address pool set are unavailable. The number of available addresses in the primary address pool set is less than the number of available addresses in the primary address pool set.

  • ✅(and returns all addresses in the set of ready addresses by load policy, including non-live addresses)

    Notice

    If it is a delayed access policy, the non-surviving address is not returned.

The primary address pool set and secondary address pool set are specified. The primary address pool set and secondary address pool set are unavailable. The number of available addresses in the primary address pool set is equal to the number of available addresses in the primary address pool set.

  • ✅(and returns all addresses in the main address pool set by load policy, including non-live addresses)

    Notice

    If it is a delayed access policy, the non-surviving address is not returned.

2. Latency-based access policies

On the Basic Configuration tab, select Enabled on the Access Policy Based on Latency card of the Access Policy Type section.

56

1. Address Pool Type

Latency-based access policies support only IPv4 address pools.

2. Max. Number of Addresses Returned

  • The default value 1 indicates that if an application service has multiple IP addresses, GTM returns one IP address with the lowest access latency.

  • If this parameter is set to a value that is greater than 1 and less than 8, GTM returns multiple IP addresses with the lowest access latency.

3. Latency Resolution Scheduling Optimization

  • This feature can be enabled only if the Max. Number of Addresses Returned parameter is set to a value that is greater than 1.

  • If you enable this feature, GTM returns an optimal address from the addresses that are specified by the Max. Number of Addresses Returned parameter.

Procedure

1 . Log on to the Alibaba Cloud DNS console.

2 . In the left-side navigation pane, click Global Traffic Manager, click the required instance ID. On the Basic Configuration page, click the Basic Configuration tab, and select the required access policy type.

3 . Click Set Access Policy on the enabled access policy type card. The required Access Policy Configuration page appears.

4 . On the Access Policy Configuration page, click Add Access Policy, set the required parameters. These parameters include Policy Name, Primary Address Pool Set, Secondary Address Pool Set, DNS Request Sources for graphical location-based access policies, Max. Number of Addresses Returned for latency-based access policies, and Latency Resolution Scheduling Optimization for latency-based access policies.

Note: If no option exists in the Select Address Pool field, click Create Address Pool. In the Create Address Pool dialog box, set the required parameters, and click Confirm to create an address pool.

  • Geographical location-based access policies

1122

  • Latency-based access policies

    3344