Build High-Availability Global Routing with GTM, WAF, and SLB - Alibaba Cloud DNS

This topic describes how to use Global Traffic Management (GTM) with Web Application Firewall (WAF), Global Accelerator (GA), and Server Load Balancer (SLB). GTM addresses the limitations of self-built DNS systems that lack intelligent resolution and scheduling. It also provides high availability and failover for GA, WAF, and origin servers.

Architecture

Front-end GTM: Implements intelligent DNS resolution and failover. You can remove this GTM layer if your domain name's DNS service provider already supports intelligent DNS resolution and you do not require failover redundancy.

GA: Implements global acceleration. In this example, GA is used to accelerate requests from the Chinese mainland to servers located outside the Chinese mainland.

WAF: Implements Web Application Protection and intelligently routes DNS resolution requests to the nearest node.

Back-end GTM: Implements failover redundancy for multiple origin addresses, along with intelligent DNS resolution and scheduling.

Preparations

You must have the following resources:

Resource Name	Resource Content	Remarks
Global Traffic Management	gtm-cn-*****q5a001	GTM① Note Implements intelligent DNS resolution, scheduling, and failover
Global Traffic Management	gtm-cn-*****id880y	GTM② Note Implements high availability (HA) for multiple nodes of the origin server
Web Application Firewall	vbrqh41*********uohrsiojoxfkcfmh.aliyunwaf5.com	WAF outside the Chinese mainland
Global Accelerator	ga-bp1y0fo9******jo9c2mq.aliyunga0017.com	GA acceleration
Domain Name	demo.test.alidns.com	Test domain name
Server Load Balancer (SLB)	123.123.XXX.XXX 124.124.XXX.XXX	SLB-A outside the Chinese mainland SLB-B outside the Chinese mainland

Procedure

I. Global Traffic Management (back-end GTM configuration)

Log on to Alibaba Cloud DNS-Global Traffic Manager.
In the list of GTM instances, find the destination instance and click Configure in the Actions column. (The following configurations are examples. You must replace them with your actual resource details during configuration.)
Basic configurations
- Instance Name: Back-end GTM
- Service Domain Name: The CNAME assigned by WAF
- Access CNAME: A custom access domain name
- Global TTL: 10 minutes
Address pool configurations
- Address Pool Name: SLB-A outside the Chinese mainland (and SLB-B outside the Chinese mainland)
- Address Pool Type: IPv4
- Load Balancing Policy: Return all addresses
- Address List:
  - Address: 123.123.XXX.XXX (and 124.124.XXX.XXX)
  - Mode: Smart Return
Note
You need to create two address pools: SLB-A outside the Chinese mainland and SLB-B outside the Chinese mainland. Set the address pool names and addresses to the values mentioned previously.
If you use a location-based access policy, you can ignore the Address Location configuration.
Health check configurations
GTM supports health checks over PING, TCP, and HTTP(S). For more information, see Enable health checks.
Note
If the address pool contains SLB instances or Alibaba Cloud IP addresses, select carrier-specific monitoring nodes as needed.

Access policy configuration

Enable and configure the Location-based Access Policy. For more information about the configuration, see Access policies.

Policy Name: Global
Source of DNS Requests: Global-Global
Address Pool Type: IPv4
Primary Address Pool: SLB-A outside the Chinese mainland
Failover Address Pool: SLB-B outside the Chinese mainland

II. Web Application Firewall configuration (outside the Chinese mainland)

Log on to the Web Application Firewall console to configure the WAF instance that is deployed outside the Chinese mainland. For more information, see What is Web Application Firewall. (The following configurations are examples. You must replace them with your actual resource details during configuration.)

Domain Name: demo.test.alidns.com
Origin Server Address: gtm-cn-npk20id880y.gtm-a4b5.com

Note

The configuration is the same for instances both inside and outside the Chinese mainland.

To obtain the CNAME assigned by GTM:

Log on to the Alibaba Cloud DNS console and go to Global Traffic Management > Basic Configuration > Access CNAME (Internet).

III. Global Accelerator (GA) configuration

Log on to the Global Accelerator console to perform the configuration. For more information, see What is Global Accelerator.

The steps are as follows:

Purchase a premium bandwidth plan.
Configure a listener.
Configure an acceleration area.

IV. Global Traffic Management (front-end GTM configuration)

Basic configurations

Instance Name: Front-end GTM
Service Domain Name: Enter your actual service domain name.
Access CNAME: The CNAME assigned by the system.
Global TTL: 10 minutes

Address pool configurations

Configure the GA acceleration address pool, the WAF address pool (outside the Chinese mainland), and the origin server address pool.

111

GA acceleration address pool:

Address Pool Name: GA Acceleration

Address Pool Type: Domain Name

Address List: Enter the CNAME of the GA instance that is assigned to your service.

WAF (outside the Chinese mainland) address pool:

Address Pool Name: WAF (outside the Chinese mainland)

Address Pool Type: Domain Name

Address List: Enter the CNAME of the WAF instance (outside the Chinese mainland) that is assigned to your service. Origin server address pool:

Address Pool Name: Origin Server

Address Pool Type: IPv4

Address List: Enter the actual origin server address. In this example, enter the address of one of the SLB instances deployed outside the Chinese mainland.

image..png