Use GA to accelerate access to OSS resources - Global Accelerator

When users directly access Object Storage Service (OSS) resources, the access speed is limited by the downstream bandwidth of OSS and the region where the bucket is located. You can use Global Accelerator to allow clients to connect to the nearest access point of the Alibaba Cloud acceleration network, improving client access speed and experience. This topic describes how to use Global Accelerator to accelerate access to OSS resources.

Scenarios

This topic uses the following scenario as an example. A company has its headquarters in the US (Virginia) region, and its massive files are stored in Alibaba Cloud OSS. Due to unstable cross-border networks, the office in China (Hong Kong) often experiences issues such as latency, jitter, and packet loss when accessing OSS resources in the US (Virginia) headquarters.

You can deploy Global Accelerator and configure the backend service as the OSS address. Global Accelerator uses Alibaba Cloud's high-quality Border Gateway Protocol (BGP) bandwidth and global transmission network to accelerate access from clients in the China (Hong Kong) office to OSS resources in the US (Virginia) headquarters.

Prerequisites

You have activated OSS in the US (Virginia) region and have resources stored in a created bucket.

Procedure

Note

This topic uses a pay-as-you-go standard Global Accelerator instance as an example to describe how to configure Global Accelerator to accelerate access to OSS resources. Before you create a pay-as-you-go standard Global Accelerator instance, note the following information:

GA instances use the pay-by-data-transfer metering method. You do not need to associate a basic bandwidth plan with pay-as-you-go GA instances. The billing of data transfer over the GA network is managed by Cloud Data Transfer (CDT). For more information, see Pay-by-data-transfer.
The first time you use a pay-as-you-go GA instance, you must go to the Activate Service page to activate the pay-as-you-go Global Accelerator service.

Step 1: Configure basic information about an instance

Log on to the GA console.
On the Instances page, click Create Standard Pay-as-you-go Instance.

In the Basic Instance Configuration step, configure the parameters based on the following table and click Next.

Parameter	Description
GA Instance Name	Enter a name for the GA instance.
Instance Billing Method	Pay-As-You-Go is selected by default. You are charged instance fees, Capacity Unit (CU) fees, and data transfer fees for pay-as-you-go standard Global Accelerator instances. For more information about instance fees and CU fees, see Billing of pay-as-you-go GA instances. For more information about data transfer fees, see Pay-by-data-transfer.
Resource Group	Select the resource group to which the standard Global Accelerator instance belongs. The resource group must be created by the current Alibaba Cloud account in Resource Management. For more information, see Create a resource group.

Step 2: Configure an acceleration area

Specify acceleration regions and allocate bandwidth to each acceleration region.

In the Configure Acceleration Area step, configure the parameters based on the following table and click Next.

Parameter	Description
Acceleration Area	Select one or more regions from the drop-down list and click Add. In this example, the China (Hong Kong) region in the Asia Pacific section is selected.
Assign Bandwidth
Maximum Bandwidth	Specify the maximum bandwidth for the acceleration region. Each acceleration region supports a bandwidth range of 2 to 10,000 Mbit/s. The maximum bandwidth is used for bandwidth throttling. The data transfer fees are managed by CDT. In this example, the default value 200 Mbit/s is used. Important If you specify a small value for the maximum bandwidth, throttling may occur and packets may be dropped. Specify a maximum bandwidth based on your business requirements.
IP Protocol	Select the IP version that is used to connect to Global Accelerator. In this example, the default value IPv4 is selected.
ISP Line Type	Select an ISP line type for the Global Accelerator instance. BGP (Multi-ISP) is selected in this example.

Step 3: Configure a listener

A listener listens for connection requests and distributes the requests to endpoints based on the port and the protocol that you specify. Each listener is associated with an endpoint group. You can associate an endpoint group with a listener by specifying the region to which you want to distribute network traffic. After you associate an endpoint group with a listener, network traffic is distributed to the optimal endpoint in the endpoint group.

On the Configure listeners wizard page, configure the listener, and then click Next.

This section only introduces the configuration items relevant to this topic. You can keep the default configuration for other items. For more information, see Add and manage intelligent routing listeners.

Configuration	Description
Listener Name	Enter a name for the listener.
Routing Type	Select a routing type. In this example, select Intelligent Routing.
Protocol	Select the protocol type for the listener. In this example, select TCP. Note OSS supports HTTP and HTTPS access by default. For file transfer scenarios: For small file transfers, we recommend using HTTP or HTTPS listeners (only applicable when accessing OSS resources through custom domain names); for large file transfers, HTTP, HTTPS, and TCP listeners can all be used. Because HTTP and HTTPS protocols transfer data based on TCP connections, you can configure TCP listeners.
Port	Specify a port for the listener to receive and forward requests to endpoints. Valid values: 1 to 65499. You can specify up to 30 ports for each listener. Separate multiple listener ports with commas (,). For example, you can enter `80,90,8080`. If you want to specify a port range, use a hyphen (-). Example: `80-85`. In this example, enter 80,443.
Client Affinity	Select whether to maintain client affinity. Maintaining client affinity means that when a client accesses a stateful application, all requests from the same client can be directed to the same endpoint. In this example, select Source IP.

Step 4: Configure endpoint groups and endpoints

On the Configure an endpoint group wizard page, configure the endpoint group and endpoints according to the following information, and then click Next.

This section only introduces the configuration items relevant to this scenario. For more information about endpoint configuration items, see Add and manage endpoint groups for intelligent routing listeners.

Parameter	Description
Region	Select the region to which the endpoint group belongs. In this example, select US (Virginia).
Endpoint Configuration	An endpoint is the target host that client requests access. You can configure endpoints according to the following information: Backend Service Type: Select OSS. Backend Service: Select the OSS bucket that needs accelerated access. Weight: Enter the endpoint weight, with a value range of 0 to 255. Global Accelerator routes traffic to endpoints proportionally based on the weights you configure. In this example, keep the default value of 255. Warning If you set the weight of an endpoint to 0, Global Accelerator stops distributing network traffic to the endpoint. Proceed with caution.
Preserve Client IP	Select whether to preserve the client source IP. If you select to preserve the client source IP, the backend server can obtain the client source IP through this feature. For more information, see Preserve client IP addresses. In this example, keep the default configuration Do Not Preserve.

On the Configuration Review wizard page, confirm the information and click Submit.
Note
It takes 3 to 5 minutes to create a GA instance.
Optional: After the creation task is completed, click Go To Instance Details at the bottom of the creation task details list. On the instance details page, you can select tabs such as Instance Information, Listeners, Acceleration Areas, and others to view the instance configuration information.

Step 5: Configure Hosts or DNS resolution

If you use the OSS domain name provided by Alibaba Cloud to access backend OSS resources, you need to configure Hosts resolution locally. If you use a custom domain name (self-owned domain name) to access backend OSS resources, you need to configure DNS resolution. After configuration, requests to access backend OSS resources will be forwarded to Global Accelerator, achieving acceleration effects.

Configure Hosts resolution

You need to configure the local Hosts resolution file to add the accelerated IP as the resolution address for the OSS domain name. For OSS domain name composition rules, see Access OSS through IPv6 protocol.

Note

This example uses the Alibaba Cloud Linux 3 operating system for testing. Different types of operating systems have different test commands. For specific test commands, refer to your operating system's user guide.

Open a command line window on a computer in the China (Hong Kong) office.
Configure the Hosts resolution file.
1. Run the following command to open the /etc/hosts file:
```
vim /etc/hosts
```
2. Press the i key to enter edit mode, and add the following information at the end of the file:
```
<Accelerated IP> <Source BucketName>.<Endpoint of the source Bucket> 
```
  After making the changes, press the Esc key, enter :wq!, and press the Enter key to save the modified configuration file and exit edit mode.
Run the following command to restart the network service:
```
systemctl restart NetworkManager
```
After configuration, you can run the following commands to check the configured /etc/hosts file and whether the Hosts resolution configuration is effective:
```
cat /etc/hosts
ping <OSS domain name>
```
Upon verification, the /etc/hosts file has been written with the mapping relationship between the OSS domain name and the accelerated IP, and the Hosts resolution configuration is effective.

Configure DNS resolution

You need to configure DNS resolution to forward requests accessing backend OSS resources to Global Accelerator, achieving acceleration effects. You can choose any of the following methods:

Add an A record to point the backend OSS bucket domain name to an IPv4 address, which is the accelerated IP allocated by the Global Accelerator instance.
Add a CNAME record to point the backend OSS bucket domain name to another domain name, which is the CNAME address allocated by the Global Accelerator instance.

Before configuring DNS resolution, make sure you have bound the custom domain name to the bucket where the resources are located. Otherwise, you cannot pass OSS domain name verification. The custom domain name format here is <Source BucketName>.<Self-owned domain name>. For specific operations, see Map a custom domain name to the default domain name of a bucket.

Log on to the Alibaba Cloud DNS console.
If your domain name is not registered with Alibaba Cloud Domain Names, you must add your domain name to the Alibaba Cloud DNS console.
Note
If your domain name is not registered using Alibaba Cloud Domains, you must add your domain name to Alibaba Cloud DNS before you can configure a DNS record. For more information, see Add a domain name. If your domain name is registered using Alibaba Cloud Domains, skip this step.
On the Authoritative DNS Resolution page, find the target domain name, and click DNS Settings in the Actions column.
Based on your actual situation, choose one of the following operations to configure DNS resolution:
- If you did not enable Add CNAME Record Automatically (which directs access from the custom domain name to the bucket's public network domain name) when binding the custom domain name to the bucket where resources are located, click Add DNS Record.
- If you enabled Add CNAME Record Automatically (which directs access from the custom domain name to the bucket's public network domain name) when binding the custom domain name to the bucket where resources are located, click Modify in the Actions column for that record.

In the Add DNS Record or Edit DNS Record panel, complete the following configuration, and then click OK.

A record

Configuration	Description
Record Type	Select A. An A record is used to point a domain name to an IPv4 address.
Host Record	Enter the prefix of the accelerated domain name. If you did not enable Add CNAME Record Automatically when binding the custom domain name to the bucket where resources are located, enter the source bucket name as the host record. If you enabled Add CNAME Record Automatically when binding the custom domain name to the bucket where resources are located, make sure the host record is the source bucket name, no modification is needed.
DNS Request Source	Keep the default.
TTL	Indicates the cache time of DNS records on DNS servers. The smaller the value, the faster the modified records take effect across different locations. In this example, use the default value of 10 minutes.
Record Value	Enter the accelerated IP allocated by the Global Accelerator instance.

CNAME record

Configuration	Description
Record Type	Select CNAME. A CNAME record is used to point a domain name to another domain name.
Host Record	Enter the prefix of the accelerated domain name. If you did not enable Add CNAME Record Automatically when binding the custom domain name to the bucket where resources are located, enter the source bucket name as the host record. If you enabled Add CNAME Record Automatically when binding the custom domain name to the bucket where resources are located, make sure the host record is the source bucket name, no modification is needed.
DNS Request Source	Keep the default.
TTL	Indicates the cache time of DNS records on DNS servers. The smaller the value, the faster the modified records take effect across different locations. In this example, use the default value of 10 minutes.
Record Value	Enter the CNAME allocated by the Global Accelerator instance. You can view the CNAME allocated by the Global Accelerator instance on the Instances page.

After configuration, you can run the following command to check whether the DNS resolution configuration is effective:

ping <Custom domain name>

The following verification process uses configuring a CNAME resolution record as an example. Upon verification, if ping to the custom domain name is redirected to the Global Accelerator's CNAME, it indicates that the DNS resolution configuration has taken effect.

配置DNS解析后-验证.png

Step 6: Access testing

Complete the following operations to test whether clients in China (Hong Kong) can access OSS resources in the US (Virginia) headquarters through OSS domain names or custom domain names, and achieve accelerated access.

This example uses the ossutil tool provided by Alibaba Cloud OSS service to copy files from the source bucket in US (Virginia) to a client in China (Hong Kong). For specific installation methods, see Download and install ossutil.

Open a command line window on a computer in the China (Hong Kong) client.
Run the following command to copy files from the source bucket in US (Virginia) to the client in China (Hong Kong):
- Before GA is used:
```
ossutil64 --retry-times 10 -e <Endpoint of the source Bucket> -k <AccessKey Secret of the source account> -i <AccessKey ID of the source account> -f cp oss://<Source BucketName>/<Source file> ./
```
  Note
  When not using Global Accelerator for copying, the domain name you actually access is <Source BucketName>.<Endpoint of the source Bucket>. For example: testBucketName.oss-us-west-1.aliyuncs.com.
  Figure 1. Access response before acceleration
- After using Global Accelerator, the commands executed differ depending on whether a custom domain name is used.
  - Accelerated access without custom domain name:
```
ossutil64 --retry-times 10 -e <Endpoint of the source Bucket> -k <AccessKey Secret of the source account> -i <AccessKey ID of the source account> -f cp oss://<Source BucketName>/<Source file> ./
```
    Note
    The actual domain name and command executed here are the same as before using Global Accelerator, but you need to ensure that you have configured the Hosts resolution file to direct access requests to the accelerated IP of Global Accelerator. For specific operations, see Step 5: Configure Hosts or DNS resolution.
    When not using a custom domain name for copying, the domain name you actually access is <Source BucketName>.<Endpoint of the source Bucket>. For example: testBucketName.oss-us-west-1.aliyuncs.com.
    Figure 2. Access response with acceleration without custom domain name
  - Accelerated access with custom domain name:
```
ossutil64 --retry-times 10 -e <Self-owned domain name> -k <AccessKey Secret of the source account> -i <AccessKey ID of the source account> -f cp oss://<Source BucketName>/<Source file> ./
```
    Note
    Make sure you have configured DNS resolution files to direct access requests to Global Accelerator. For specific operations, see Step 5: Configure Hosts or DNS resolution.
    When using a custom domain name for copying, the domain name you actually access is <Source BucketName>.<Self-owned domain name>. For example: testBucketName.example.com
    Figure 3. Access response with custom domain name acceleration
Testing shows that using Global Accelerator reduces the response time for clients in China (Hong Kong) accessing OSS resources in US (Virginia).
Note
The acceleration effect of using Global Accelerator service to accelerate access from China (Hong Kong) clients to US (Virginia) OSS resources depends on your actual business testing.