Scenarios
An enterprise typically uses the IP addresses of multiple Internet service providers (ISPs) and a Domain Name System (DNS) to provide intelligent access to an application of the enterprise. This accelerates access to the application and provides high service quality for broadband users of different ISPs. The application uses the same domain name to provide services for all users.
If a China Unicom user accesses the domain name, the user is directed to the IP address 192.0.2.1 that is provided by China Unicom.
If a China Telecom user accesses the domain name, the user is directed to the IP address 192.0.2.2 that is provided by China Telecom.
If a China Mobile user accesses the domain name, the user is directed to the IP address 192.0.2.3 that is provided by China Mobile.
If a user of another ISP accesses the domain name, the user is directed to one of the preceding IP addresses based on the load balancing policy for the address pool set.
NoteAssume that the address pool set uses the Return all addresses policy as the load balancing policy.
After you create a global access policy and apply the access policy to all address pools, including those that contain 192.0.2.1, 192.0.2.2, and 192.0.2.3, the authoritative DNS server of Global Traffic Manager (GTM) returns all the IP addresses to the on-premises DNS. Then, the client randomly selects an IP address to establish a TCP connection.
Assume that the address pool set uses the Return addresses by weight policy as the load balancing policy.
After you create a global access policy and apply the access policy to all address pools, including those that contain 192.0.2.1, 192.0.2.2, and 192.0.2.3, the authoritative DNS server of GTM returns the IP address with the highest weight to the on-premises DNS. Then, the client uses this IP address to establish a TCP connection.
When the IP address of an ISP is unreachable, GTM automatically switches the access traffic to the IP address of another ISP.
How it works
GTM can return different IP addresses to users that access the same application based on the ISPs that provide network access for these users. GTM allows you to enable health check for each address pool and determines whether an IP address is reachable based on the health check result. If an IP address is unreachable, GTM switches user requests to the global address pool based on the global access policy.
Required resources
A domain name, for example, www.dns-example.com. We recommend that you use a domain name that is managed in the Enterprise Ultimate Edition of Alibaba Cloud DNS.
A GTM instance.
Three IP addresses: 192.0.2.1 of China Unicom, 192.0.2.2 of China Mobile, and 192.0.2.3 of China Telecom.
Configuration method
GTM configuration
1. Configure basic data.
Basic data indicates the global system configurations that you must complete for a GTM instance. The configuration items include the domain name, canonical name (CNAME) access type, global time-to-live (TTL), and alert group. For more information, see Basic settings.
Note: When you use the IP address of an ISP, set the CNAME(Public Network) parameter to Custom Access Domain Name. The custom domain name can be a domain name that has an ICP filing in the domain name list of your Alibaba Cloud account.
2. Configure address pools.
You can create an address pool for each ISP to store its IP addresses. This allows you to create different access policies for users from different networks or regions. Based on these access policies, users can connect to the nearest node and use automatic traffic switchover. For more information, see Address pool configurations. For example, you can create an address pool for each of the following IP addresses: 192.0.2.1 of China Unicom, 192.0.2.2 of China Mobile, and 192.0.2.3 of China Telecom. Then, create a global address pool that contains the three IP addresses, as shown in the following figure.
3. Configure health check
When you use GMT, you must enable health check for each address pool. This way, when the IP address of an ISP is unreachable, the traffic can be switched to the IP address of another ISP. For more information, see Enable the health check feature.
4. Configure access policies.
Access policy configurations include intelligent DNS resolution, the primary and secondary address pool sets, and the policy for switching the active address pool set. You can create multiple access policies for a GTM instance. You can configure different address pool sets for users from different networks or regions. This allows users to connect to the nearest node and use automatic traffic switchover. For more information, see Access policies.
Create an access policy for China Telecom users. Set the DNS Request Sources parameter to ISP - China Telecom, set the China Telecom address pool as the primary address pool set, and then leave the secondary address pool set unspecified. If the China Telecom address pool is unavailable, the request traffic of the China Telecom address pool is automatically switched to the global address pool to ensure the stable operation of the application. The following figure shows the configuration for your reference.
Create an access policy for China Unicom users. Set the DNS Request Sources parameter to ISP - China Unicom, set the China Unicom address pool as the primary address pool set, and then leave the secondary address pool set unspecified. If the China Unicom address pool is unavailable, the request traffic of the China Unicom address pool is automatically switched to the global address pool to ensure the stable operation of the application. The following figure shows the configuration for your reference.
Create an access policy for China Mobile users. Set the DNS Request Sources parameter to ISP - China Mobile, set the China Mobile address pool as the primary address pool set, and then leave the secondary address pool set unspecified. If the China Mobile address pool is unavailable, the request traffic of the China Mobile address pool is automatically switched to the global address pool to ensure the stable operation of the application. The following figure shows the configuration for your reference.
Create a global access policy for users of other ISPs. Set the DNS Request Sources parameter to Global - Global, set the global address pool as the primary address pool set, and then leave the secondary address pool set unspecified. The following figure shows the configuration for your reference.
Verification
You can check whether the configurations in GTM work as expected in the following way:
Verify access policies: Visit DNS Checker, enter the CNAME provided by GTM in the DNS CHECK section to check whether the domain name can be resolved to an IP address configured in the address pools.
Map your domain name to the CNAME provided by GTM
If the configurations in GTM meet your expectations, you can map your domain name to the CNAME provided by GTM to implement disaster recovery and smart access for your application, as shown in the following figure. For more information, see Connect a business domain name to GTM by using a CNAME.
Usage notes
1 . If you use ISP IP addresses that are not provided by Alibaba Cloud, you must set the CNAME(Public Network) parameter to Custom Access Domain Name to prevent ICP filing violations.
2 . If you set the CNAME(Public Network) parameter to Custom Access Domain Name, use a domain name that is managed in the Enterprise Ultimate Edition of Alibaba Cloud DNS to achieve the optimal effect.
3 . GTM is a DNS service that switches IP addresses resolved for a domain name to implement disaster recovery. Therefore, its performance is affected by the DNS caches of ISPs in different regions. It takes a specific period of time to update caches. If you require fast traffic switchover, we recommend that you purchase a GTM instance of the Ultimate Edition. Typically, traffic switchover can take effect within about 100 seconds after a fault is detected. The actual time required depends on the speed of cache update by the DNS server of the selected ISP. For more information, see How long is the failover period of GTM?