This tutorial guides you through creating a Global Traffic Manager instance, automatically distributing user traffic to two addresses, and setting up health checks to implement failover.
Tutorial overview
Step | Description | Quick links |
Cloud Resource Access Authorization | When you use Global Traffic Manager for the first time, you need to authorize access to cloud resources. After authorization, Global Traffic Manager will have access permissions to your CloudMonitor alert notification groups. Note Each account only needs to be authorized once. If you have already completed the authorization, you can skip this step. | |
Creates an instance | When using Global Traffic Manager, you first need to create a Global Traffic Manager instance for your application service. There are two editions: Standard and Ultimate. | |
Create an IPAM pool | When using Global Traffic Manager, you need to create an IPAM pool for your application service addresses for address management. This includes: IPAM pool type, load balancing policy (address), address return mode, and other information. | |
Visit Strategy Configuration | Access policies are configured according to your business scenario requirements. In this step, you need to set which IPAM pool collection the end user will access. Currently, two types of access policies are supported: Geo-based Access Policy and Latency-based Access Policy. If you need to set corresponding resolution response addresses for DNS queries from different ISPs or regions, you need to select the Geo-based Access Policy type and add and configure access policies. If you need to implement intelligent user access to backend services with optimal network performance based on the network latency between the DNS query source and the address region, you need to select the Latency-based Access Policy type. | |
Basic configurations | When using Global Traffic Manager, you need to configure basic system settings for the created Global Traffic Manager instance, including the following: business domain information, CNAME access domain type, global TTL, alert notification group, and other related information. | |
Enable health checks | When enabled, you can monitor the availability status of application services in real-time, including configurations for Ping monitoring, TCP monitoring, and HTTP(S) monitoring. | |
Access GTM through CNAME with business domain | After Global Traffic Manager is configured and tested successfully, you need to point your application service's business domain to the Global Traffic Manager's CNAME access domain through a CNAME record to implement application service integration with Global Traffic Manager. |
Cloud resource access authorization
When using Global Traffic Manager for the first time, you need to authorize the service-linked role. After authorization, Global Traffic Manager will have access permissions to your CloudMonitor alert notification groups.
Each account only needs to be authorized once. If you have already completed the authorization, you can skip this step.
Creates an instance
To use Global Traffic Manager, you first need to purchase a Global Traffic Manager instance.
If multiple business domains resolve to the same addresses, these domains can point to the same GTM instance access domain through CNAME records. Otherwise, each business domain needs its own GTM instance.
Click the Create Instance button to go to the Global Traffic Manager product purchase page.
Based on your business requirements, refer to the specification description to select a version. Click the Buy Now button to place an order and make payment.
After the purchase is complete, an instance will be automatically generated on the Global Traffic Manager page.
Create an IPAM pool
An IPAM pool is a feature of Global Traffic Manager for managing application service addresses. One IPAM pool represents a group of IP addresses or domain names that provide the same application service.
In the Operation column of the target instance list, click Configure.
Select the Address Pool Configuration tab, and click Add Address Pool. After completing the parameter configuration, click Confirm.
For more information, see Address Pool Configuration.
Visit strategy configuration
"Latency-based access policy" is currently only available to Ultimate Edition users.
If "Latency-based access policy" is enabled, the load balancing policy configuration in the address pool will be ignored.
An instance can only enable one type of access policy.
Prerequisites
You have completed Create an instance and Cloud Resource Access Authorization.
Before configuring access policies, you need to prepare at least two IP addresses for your application service. These IP addresses can be public IP addresses of Alibaba Cloud products such as SLB or ECS, or other publicly accessible IP addresses. We recommend using public IP addresses of Alibaba Cloud products.
Procedure
Geo-based access policy configuration
In the Operation column of the instance list, click Configure for the target domain.
On the Basic Configuration page, click the Configure button next to Geo-based Access Policy.
Click Add Access Policy.
Configure the access policy. For more information, see Access Policy.
ImportantIf no backup address pool collection is set, it means that when the primary address pool collection fails, the system will remove the faulty address but does not support failover. If there are still surviving IP addresses in the primary address pool collection after removing the faulty address, the system will respond with the remaining surviving IP addresses.
For weight configuration, refer to Weight Configuration.
GTM uses Cloud DNS's scheduling capability. If you find that DNS resolution results occasionally do not match the weight configuration during testing, this is normal. Because weighted polling is a coarse-grained DNS traffic scheduling method that targets requests from local DNS servers, and local DNS servers only request from authoritative DNS (Cloud DNS) once within the TTL period.
For example, if your domain is accessed by users from Shanghai and Beijing, assuming Shanghai users use localDNSA and Beijing users use localDNSB. When localDNSA and localDNSB send query requests to Cloud DNS, Cloud DNS will respond according to the weighted policy configured by the user. However, within the TTL period, all users using the same local DNS will get the same resolution result.
Latency-based access policy configuration
On the Basic Configuration page, click the Configure button next to Latency-based Access Policy.
Click Add Access Policy to configure the access policy.
Fill in the configuration parameters in the Add Access Policy dialog box. For more information, see Access Policy.
Basic configurations
Basic configuration refers to the global system configuration for the created Global Traffic Manager instance, including the following: Instance Name, CNAME Access Domain Type, Business Domain, Global TTL, Alert Notification Group, and other related information.
Prerequisites
You have completed Create an instance, Cloud Resource Access Authorization, and Access Strategy Configuration.
Procedure
Click the Configure button in the Operation column of the target instance.
On the Basic Configuration page, click Modify, then complete the configuration items such as Instance Name, CNAME Access Domain Type, Business Domain, Global TTL, Alert Notification Group, and finally click Confirm. For more information, see Basic Configuration.
Enable health checks
Prerequisites
You have completed Create an instance, Create an IPAM pool, and other operations.
Procedure
In the Operation column of the instance list, click Configure.
Select the Address Pool Configuration tab, click the "+" sign in front of the address pool to expand the address pool information, and click Add to configure health checks.
Health Check Configuration
Configure health check rules for addresses in the address pool to obtain the availability status of application services.
Health check protocol: Supports Ping Health Check, TCP Health Check, and HTTP(S) Health Check. The default is Ping Health Check.
ImportantIf your application service addresses are located in mainland China, avoid selecting monitoring nodes from outside China. If your application service addresses are located outside China, avoid selecting monitoring nodes from mainland China to prevent false alarms due to network issues.
If all addresses in the address pool are Alibaba Cloud addresses and you are using blackhole filtering policy for fault testing, please select non-BGP monitoring nodes. (Reason: Blackhole filtering is an ACL policy that takes effect at the interconnection between Alibaba Cloud network and ISP networks, but traffic between Alibaba Cloud IPs mostly flows within the cloud network, reducing the effectiveness of detection.)
Access GTM through CNAME with business domain
If your domain uses Alibaba Cloud DNS, you need to configure a CNAME record in the Cloud DNS console.
Prerequisites
You have completed Cloud Resource Access Authorization, Create an instance, Access Strategy Configuration, and Basic configurations.
Procedure
Click the Configure button in the Operation column of the instance to enter the Basic Configuration page, then click the copy icon next to CNAME Access Domain (Public Network).
In the left-side navigation pane, select , click the Resolution Settings button in the Operation column of the target domain to enter the Resolution Settings page.
On the Resolution Settings page, add a CNAME record for your application service's business domain, pointing to the Global Traffic Manager's CNAME access domain, to implement integration with Global Traffic Manager service.