All Products
Search

This Product

    Cloud Network Well-architected Design Guidelines:GA-accelerated WAN design

    Document Center

    Cloud Network Well-architected Design Guidelines:GA-accelerated WAN design

    Last Updated:Dec 18, 2025

    Overview

    Summary

    This topic describes how to develop a network layer acceleration solution for communication between clients and servers in cross-region and cross-border scenarios. The acceleration solution aims to reduce network latency between clients and servers and improve user experience. This solution solves issues such as slow loading and loading failures for gaming services, multinational corporations, cross-border e-commerce platforms, and applications that want to expand into the international market.

    Background information

    Acceleration is a common term which may refer to different effects and impact in different business scenarios. Acceleration can greatly improve user experience and work efficiency, but can also degrade user experience due to improper design. Therefore, designing a proper network acceleration solution based on the scenario is highly important. Acceleration solutions can be categorized into different types:

    • Content delivery acceleration: Use content delivery network (CDN) and dynamic content delivery network (DCDN) technologies to distribute and cache content to points of presence (PoPs) close to users.

    • Server-side acceleration: Use program optimization and data compensation measures to enhance server-side algorithms.

    • Client-side acceleration: Use multipath and similar solutions to schedule traffic to the optimal "last-mile" path among multiple paths, such as Wi-Fi, 4G, and 5G networks.

    • Intermediate acceleration between clients and servers: Shorten the data delivery distance or improve the transmission quality for connections.

      1. The best way to shorten the data delivery distance is to deploy business systems closer to user clients. Another measure is to use CDN technologies for content delivery. Frequently accessed static content is cached on PoPs to allow nearby access.

      2. To improve transmission quality for connections, requests are scheduled to connections that support higher stability and lower latency. Client requests can reach the server at a higher speed. This topic focuses on the design for this scenario.

    We recommend that you use Global Accelerator (GA) as the key service in the acceleration solution. Meanwhile, you can combine GA with Anti-DDoS, Web Application Firewall (WAF), Alibaba Cloud CDN, and Alibaba Cloud DNS to optimize the solution based on your business requirements.

    image

    As the key service in the acceleration solution, GA provides nearby access and intelligently schedules them to the destination servers over stable connections. GA supports Layer 4 (TCP and UDP) services and Layer 7 (HTTP and HTTPS) services. You can use GA to accelerate network access no matter whether your origin server is deployed on Alibaba Cloud.

    image

    FAQ

    • What GA is: Access from users to services over the Internet may be affected by multiple factors. GA can route requests to the Alibaba Cloud internal network to improve the reliability of intermediate connections, increase access stability, and reduce network latency.

    • Whether server-side changes are required: You do not need to make changes to server-side programs. When you configure an endpoint group for your GA instance, you only need to specify the public IP address or domain name used by the origin server to provide external services. If your origin server is deployed on Alibaba Cloud, you can directly use Alibaba Cloud resources.

    • How nearby access works: GA automatically assigns a local BGP IP address to each acceleration region. Each GA instance is automatically assigned a Canonical Name (CNAME). You can modify the A or CNAME record of a GA instance to switch network traffic.

    • How intelligent scheduling works: GA has a built-in scheduling system. After you specify a protocol and a port, GA automatically selects the optimal route for transmitting traffic to endpoint groups. GA supports intelligent routing and custom routing to meet the requirements of different business scenarios.

    For more information, see What is Global Accelerator?

    Design principles

    The key of a network acceleration solution is to accelerate access. Therefore, the design of this solution takes into consideration various factors to prevent issues that arise from solutions. The design of this solution focuses on stability, security, performance, and observability. It aims to implement simple but efficient acceleration.

    Key design

    Stability

    Most stability factors are taken into consideration by the GA service itself. You need to pay attention to the stability when multiple services are used and integrated.

    GA supports end-to-end high reliability:

    • After you create an acceleration region, only two public IP addresses are displayed in the GA console. However, a cluster is created and the BGP is enabled for the public IP addresses.

    • An acceleration region connects to endpoint groups over the Alibaba Cloud internal network. GA automatically selects the optimal route among various routes.

    • The endpoint groups are deployed as clusters to ensure stability of data forwarding.

    When you design an acceleration solution, pay attention to the following suggestions:

    • Method to switch between accelerated connections and unaccelerated connections:

      • If clients access your server through the domain name, we recommend that you configure a CNAME record and enable failover in the acceleration region. If you use an A record, make sure that the DNS service supports intelligent parsing based on regions to allow nearby access. CNAME records take effect more quickly than A records. In addition, specify a proper time to live (TTL) for the DNS record and browser cache settings.

      • If clients access your server through the public IP address and apps are installed on the clients, we recommend that you release a new version or a patch package to change the preset public IP address of the origin server. If no app is installed on the clients, directly change the public IP address assigned to the GA acceleration region.

    • Deployment of origin server services:

      • If your origin servers are deployed on Alibaba Cloud, we recommend that you deploy the servers as a cluster and use an appropriate Server Load Balancer (SLB) service based on your business protocol to build a cluster system. Deploy the backend servers across zones. If your business is highly important, we recommend that you deploy your servers across clusters in different regions, and configure GA to schedule traffic based on weights.

      • If your origin servers are not deployed on Alibaba Cloud, we also recommend that you deploy the business system as a cluster. In addition, pay attention to the configurations of the IP whitelist and health checks. First, check whether the origin servers limit access from source IP addresses. If yes, obtain the public IP address of the endpoint group in the GA console and add the IP address to the whitelist. Second, we recommend that you enable health checks for the endpoint group to probe the availability of the origin servers in real time. Otherwise, requests may not be responded by unavailable origin servers.

    Security

    In the GA acceleration solution, security design is mainly determined by the origin server type and business requirements. If you use GA to accelerate a website, combine GA with WAF. If you use GA to accelerate a gaming service, combine GA with Anti-DDoS You can combine GA with other services based on the traffic pattern, forwarding paths, and security requirements of your business. Common combinations:

    • Client -> DDoS -> GA -> WAF -> Server

      Ideal for multinational corporations and cross-border e-commerce platforms that are vulnerable to DDoS attacks and web attacks. Traffic is filtered by Anti-DDoS before being accelerated. Then, the traffic is scrubbed by WAF before being forwarded to the origin servers.

    • Client -> GA -> WAF -> Server

      Ideal for cross-border e-commerce platforms and websites that are vulnerable to web attacks and have scattered users. Traffic is accelerated before being scrubbed by WAF. Then, the traffic is forwarded to the origin servers.

    • Client -> WAF -> GA -> Server

      Ideal for cross-border e-commerce platforms and websites that are vulnerable to web attacks and have geographically concentrated users. Traffic is scrubbed before being accelerated. Then, the traffic is forwarded to the origin servers.

    • Client -> DDoS -> GA -> Server

      Ideal for gaming services and applications that are vulnerable to DDoS attacks. DDoS mitigation is performed before acceleration. Then, traffic is forwarded to the origin servers.

    Performance and scalability

    In the GA acceleration solution, the key factor is the acceleration effect. When you design the solution, focus on the following aspects:

    • Acceleration region: Select an acceleration region that is close to your users and close to high-capacity nodes. High-capacity nodes refer to nodes that have a high specification and high network quality. For example, if your users are close to the Philippines and Singapore, select Singapore, which is not only an Internet hub, but also has more network infrastructure resources.

    • Bandwidth capacity: We recommend that you remain your bandwidth usage at 70% to ensure smooth data transmission while being able to withstand traffic spikes.

    • GA instance types and billing methods:

      • If your business requires high scalability and experiences large traffic fluctuations, we recommend that you use the pay-as-you-go billing method. This billing method supports the pay-by-CU metering method and pay-by-data-transfer metering method for bandwidth resources. If you use the pay-by-CU metering method, the cluster capacity in the acceleration region automatically scales based on the traffic volume. If you use the pay-by-data-transfer metering method, the Internet traffic that enters the acceleration region, the cross-region internal traffic between the acceleration region and endpoint groups, and the Internet traffic from endpoint groups is automatically billed based on the amount of data transfers. You only need to specify a maximum bandwidth for the acceleration region based on the bandwidth requirements of your business during peak hours. You need to reserve sufficient bandwidth resources to ensure the scaling performance during peak hours.

      • If your business experience small traffic fluctuations, we recommend that you select the subscription billing method. You can select a GA instance type and bandwidth plans based on the concurrency and bandwidth requirements of your business.

    Observability

    When you use GA to accelerate access, you need to observe the acceleration effect and volume of access traffic and perform ORM and orchestration. GA and the services that it works with support monitoring and O&M in the console, such as bandwidth line charts, access logs, and operation logs. If you want to automate O&M, activate CloudMonitor and configure monitoring and alerting. If you use the pay-by-bandwidth, you can configure threshold-triggered alert rules for bandwidth usage. When bandwidth usage reaches the specified threshold, alerts are triggered and sent to the O&M engineers, who can increase the bandwidth in a timely manner to prevent business loss.

    • Automatic O&M: You can activate CloudMonitor and configure alert rules to monitor metrics of acceleration regions and endpoint groups, such as inbound and outbound bandwidth changes, inbound and outbound packet loss rates, inbound and outbound packet rates, and inbound and outbound bandwidth usage. You can configure threshold-triggered alerts, which are triggered when the metric reaches the specified threshold.

    • Troubleshooting: You can check for user errors in the GA operation log, troubleshoot inaccessibility issues by analyzing the access log, and assess the forwarding effect by observing the tunnel latency (latency between an acceleration region and an endpoint group) in CloudMonitor.

    Scenarios

    • Gaming services

      Gaming services have high requirements for real-time interaction. In most cases, a gaming service is deployed across servers in different regions or across servers in the same district. Gaming services highly value smooth user experience and real-time interactions no matter which deployment mode is used. Among all gaming services, multiplayer online battle arena (MOBA) and shooter games have the highest requirements for network latency. From the perspective of game deployment architecture, the network layer also needs to compensate for the latency when the game is deployed on servers in the same district.

      You can use GA to accelerate network access for platform servers, MOBA game servers, Layer 4 (TCP and UDP), and Layer 7 (HTTP and HTTPS) businesses, no matter whether the origin servers are deployed on or outside Alibaba Cloud. Meanwhile, you can combine GA with Anti-DDoS, WFA, CDN, and DNS to optimize the solution based on your business requirements.

      We recommend that you use the pay-as-you-go billing method and pay-by-CU metering method for your GA instance, and pay-by-data-transfer for cross-region bandwidth resources. You do not need to calculate the amount of bandwidth resources allocated to each acceleration region because GA can adapt to the traffic pattern in scenarios with large traffic fluctuations.

      However, card games, e-sports, and 5v5 MOBA games may use the same port for a large number of IP addresses. For such games, we recommend that you configure custom routing policies for GA to optimize the acceleration performance and improve user experience.

    • Multinational corporations

      Chinese companies that expand into the international market or foreign companies that expand into the China market may find it a challenge to use email services, office automation (OA) systems, and enterprise resource planning (ERP) systems across borders. Employees require quicker responses from office systems to ensure high work efficiency. However, data transmission over the Internet is not a choice because production data is sensitive. Using VPN gateways is an alternative choice but the connection, download, and upload speeds may be slow due to a long geographical distance. This reduces work efficiency and user experience.

      You can select an acceleration region that is close to your employees. If the traffic volume is relatively stable with only small traffic fluctuations, we recommend that you use the pay-by-bandwidth metering method, which is more cost-effective.

      Meanwhile, you can combine GA with security services such as WAF to improve data security while maintaining high work efficiency.

    • Cross-border e-commerce

      In recent years, consumers tend to shop around for the best deal. Some e-commerce businesses focus on a specific market segmentation and attract customers with high-quality items. However, some customers are geographically far from website servers, which may require cross-border transactions. In such scenarios, user experience may be degraded due to low Internet quality. In addition to user experience degradation, issues such as incorrect orders and payments may arise, causing great troubles.

      You can add acceleration regions to your GA instance based on the distribution of your customers. In addition, select an appropriate metering method based on the traffic pattern of your website. If your website experiences small traffic fluctuations, we recommend that you select the pay-by-bandwidth metering method. If your website experiences large traffic fluctuations, we recommend that you select the pay-by-data-transfer metering method.

      E-commerce platforms contain both static content, such as images and texts, and dynamic content, such as videos and inventory update data. To improve the acceleration performance, you can cache static content on PoPs of Alibaba Cloud CDN and use GA to fetch dynamic content from origin servers.

    • Apps that expand into the international market

      With the development of mobile technologies, apps have become an integral part of mobile phones. If you leave your place of residence for reasons such as traveling and working abroad, you may still need to use some apps.

      You can select acceleration regions for your GA instance based on the heatmap of app logons. When a user attempts to connect to the app server, GA returns an accelerated IP address based on the location of the user. Then, the user interacts with the app server over the acceleration line. This improves user experience.

    Terraform references

    GA-accelerated WAN

    Item

    References

    Website of Terraform modules

    terraform-alicloud-ga-acceleration-for-wide-area-networks

    GitHub URL

    terraform-alicloud-ga-acceleration-for-wide-area-networks

    Examples

    Examples

    Coding process:

    1. Create a GA instance and elastic IP addresses (EIPs).

    2. Configure the GA instance to accelerate the EIPs, and specify a maximum bandwidth for different regions.

    Required resources:

    • One GA instance

    • Two EIPs

    GA-accelerated game platform

    Item

    References

    Website of Terraform modules

    ga-acceleration-for-game-platform-server

    GitHub URL

    ga-acceleration-for-game-platform-server

    Examples

    Examples

    Coding process:

    1. Create GA Instance Create a virtual private cloud (VPC) and vSwitches. Create an Application Load Balancer (ALB) instance and add Elastic Compute Service (ECS) instances to the ALB instance as backend servers.

    2. Configure the GA instance to accelerate the ALB instance.

    Required resources:

    • One GA instance

    • One VPC

    • Two vSwitches

    • One ALB instance

    • Two ECS instances