Use GA to accelerate ALB backend applications - Global Accelerator

If your service deployed on Application Load Balancer (ALB) is accessible to global users, user experience may be affected by high network latency, network jitters, and packet loss caused by poor Internet quality. Use Global Accelerator (GA) to accelerate your applications, letting end-user requests connect to the nearest Alibaba Cloud access point and reach your application servers over Alibaba Cloud's accelerated network.

Use case

A company has deployed a high-availability service in the Alibaba Cloud China (Hangzhou) region using an ALB and plans to serve end-users across multiple regions globally. An internal-facing ALB cannot serve users over the Internet until it is integrated with GA. Due to the poor quality of cross-region public networks, some end-users may experience high network latency.

To solve this problem, the company deploys GA. This lets end-user requests connect to the nearest Alibaba Cloud access point for network acceleration, improving the user experience.

Prerequisites

An ALB instance is created and managed. For more information, see Create and manage an ALB instance.
A server group is created for the ALB instance. For more information, see Create and manage server groups.
Two Elastic Compute Service (ECS) instances are added to the server group, and applications are deployed on the ECS instances. In this example, the ECS instances are named ECS01 and ECS02.
In this example, the Alibaba Cloud Linux 3 operating system is used. NGINX is used to configure the backend HTTP service that uses port 80.
Sample commands for deploying test applications on ECS instances
ECS command reference:
```
yum install -y nginx
systemctl start nginx.service
cd /usr/share/nginx/html/
echo "Hello World ! This is ECS01." > index.html
```
Sample command for deploying testing applications on ECS02:
```
yum install -y nginx
systemctl start nginx.service
cd /usr/share/nginx/html/
echo "Hello World ! This is ECS02." > index.html
```
You have registered a custom domain name, completed the ICP filing, and configured a CNAME record for the domain name that points to the ALB instance.
An HTTP listener or an HTTPS listener is created for the ALB instance. If you use an HTTPS listener, you must create and request a certificate or upload a third-party certificate to the SSL Certificate Service and attach a custom domain name.

Procedure

You can use one of the following methods to configure GA to accelerate ALB backend applications:

Add ALB as a backend service in the GA console. You can use custom GA configurations.
Configure GA in the ALB console. This method is suitable for users who want to accelerate ALB applications in an efficient manner.

Add ALB in the GA console

Step 1: Configure basic information

In this example, a pay-as-you-go standard GA instance is used.

On the GA console, go to the Standard Instance > Instances page, click Create Standard Pay-as-you-go Instance.
In the Basic Instance Configuration step, configure the basic information and click Next.

Step 2: Configure an acceleration area

In the Configure Acceleration Area step, add an acceleration region, allocate bandwidth to the region, and then click Next.

This example uses the US (Silicon Valley) region as an example. The Acceleration Area parameter is set to US (Silicon Valley), and the ISP Line Type parameter is set to BGP (Multi-ISP). You can keep the default values for other acceleration area parameters or modify them as needed.

Step 3: Configure a listener

In the Configure listeners step, configure the forwarding protocol and the port, and then click Next.

In this scenario, the Protocol is set to HTTP and the Port is set to 80. Use the default values for other listener settings or modify them as needed.

Note

UDP listeners do not support ALB instances as endpoints.

HTTP监听.png

Step 4: Configure an endpoint group and endpoints

In the Configure an endpoint group step, configure the endpoint backend service, and click Next.
In this example, set Region to China (Hangzhou), Backend Service Type to ALB, and Backend Service to the target ALB instance. Then, read and select Compliance Commitments Regarding Cross-border Data Transfers. Use the default values for other endpoint group parameters or modify them as needed.
On the Configuration Review page, confirm the Global Accelerator configurations and click Submit.

Step 5: Configure a CNAME record

Configure your custom domain name to point to the CNAME assigned to the GA instance. This routes your service traffic through GA for acceleration.

If you already have a CNAME record pointing to the ALB, you can add a new CNAME record specifically for the US region pointing to GA for testing purposes. After successful testing, you can gradually expand this to other regions or retain only the CNAME record pointing to GA.

On the Public Zone page, find the target custom domain name and click Settings in the Actions column.
Note
For a domain name that is not registered with Alibaba Cloud, you must add the domain name to the Alibaba Cloud DNS console before you can configure DNS records.
On the DNS Settings page, click Add Record, configure a CNAME record, and then click OK.
In this scenario, Record Type is set to CNAME, Hostname is set to www, Query Source is set to the United States, North America, and Record Value is set to the CNAME of the GA instance. You can keep the default values for other DNS record parameters or modify them as needed.

Step 6: Test the acceleration performance

In this example, an Internet-facing ALB instance, a GA instance whose backend server is deployed in the China (Hangzhou) region, and a client in the US are used.

Test the network latency after GA is enabled.
1. The backend service is accessible from a browser at http://<custom domain name>. Refresh the browser multiple times. Requests are distributed between ECS01 and ECS02.
2. Run the curl -o /dev/null -s -w "time_connect: %{time_connect}\ntime_starttransfer: %{time_starttransfer}\ntime_total: %{time_total}\n" "http[s]://<custom domain name>" command to view the network latency after acceleration.
  The following figure shows the response.
Test the network latency before GA is enabled.
1. Access http://<custom domain name> from a browser. The backend service is accessible. Refresh the browser multiple times. Requests are distributed between ECS01 and ECS02.
2. Run the curl -o /dev/null -s -w "time_connect: %{time_connect}\ntime_starttransfer: %{time_starttransfer}\ntime_total: %{time_total}\n" "http[s]://<custom domain name>" command to view the packet latency before acceleration.
  The following figure shows the response.
Acceleration Performance Comparison: Description of Data Parameters
- time_connect: The time in seconds from the start until the TCP connection is established.
- time_starttransfer: The time in seconds from when the client sends a request until it receives the first byte of the response from the backend server.
- time_total: The total time in seconds from when the client sends a request until the backend server completes the response.
Parameter
After acceleration (s)
Before acceleration (s)
Performance gain (s)
Performance gain (%)
time_connect
0.008
0.017
0.009
52.9%
time_starttransfer
0.207
0.427
0.220
51.5%
time_total
0.207
0.427
0.220
51.5%
Note
The examples and data in this topic are for reference only. The actual acceleration performance on your service prevails.

In addition, you can use the One-time Probe Tool. Use the network probe tool to test the acceleration effect on your custom domain name and check the response time and data latency.

Configure GA in the ALB console

ALB is integrated with GA. You can enable GA in the ALB console. This simplifies GA configurations.

Limits

Each ALB instance can be associated with only one GA instance.
GA is not supported in the following scenarios:
- The ALB instance is not associated with a listener.
- The ALB instance or listener is being modified.
- The ALB instance is associated with a QUIC listener.
- The HTTPS listener associated with the ALB instance is in the following scenarios:
  - Mutual authentication is enabled for the HTTPS listener.
  - The HTTPS listener uses a custom TLS policy.
  - The HTTPS listener uses an additional certificate.
- A listener of the ALB instance is associated with a gRPC server group.
- GA is not available in the region of the ALB instance. For more information about the regions in which GA is available, see Acceleration areas and regions.
- The public CIDR block of the endpoint used by the GA instance is on the IP blacklist of the listener associated with the Internet-facing ALB instance or overlaps with a CIDR block on the IP whitelist. For more information, see How do I view the endpoint group IP addresses of a GA instance?

Step 1: Enable application acceleration for the ALB instance

Log on to the ALB console.
In the top navigation bar, select the region in which the ALB instance is deployed.
On the Instances page, click the ID of the instance that you want to manage.
On the Integrated Services tab, click Create GA.
1. Activate GA: If GA is not activated within your Alibaba Cloud account, read and select the terms of service and activate GA.
2. Acceleration Area: Click the Acceleration Area drop-down list to select an acceleration area. You can select the region where clients are located or the region that is nearest to the clients as the acceleration region of the GA instance. An acceleration area is a collection of Alibaba Cloud regions. Each acceleration area contains one or more Alibaba Cloud regions.
  Note
  - If the acceleration area contains a Chinese mainland region or a backend server is deployed in the Chinese mainland, you must apply for an Internet Content Provider (ICP) number for the domain name.
  - If the acceleration area and the origin server are deployed across borders, read and select the Compliance Commitments Regarding Cross-border Data Transfers. By default, cross-border communication uses premium bandwidth for acceleration.
After you complete the configurations, click OK.
Important
The first time you enable GA, all ALB listener information is synchronized to GA. However, listener configuration updates are not automatically synchronized to GA. You must manually update listener configurations in the GA console.

Step 2: Add a CNAME record

Configure a CNAME record to map the service domain name to the CNAME assigned by the GA instance. This accelerates access to the service.

After you enable GA for your ALB instance, the GA instance information, including the CNAME, is displayed on the Integrated Services tab.

If you already created a CNAME record that points to the ALB instance, you can specify North America_United States when you add a CNAME record that points to the GA instance. If the CNAME record works as expected, apply the CNAME record to other regions or retain only the CNAME record that points to the GA instance.

On the Public Zone page, find the target custom domain name and click Settings in the Actions column.
Note
For a domain name that is not registered with Alibaba Cloud, you must first add the domain name to the Alibaba Cloud DNS console before you can configure DNS records.
On the DNS Settings page, click Add Record, configure a CNAME record, and then click OK.
In this example, Record Type is set to CNAME, Hostname is set to www, Query Source is set to United States, North America, and Record Value is set to the CNAME of the GA instance. For other parameters for adding a DNS record, you can use the default values or modify them as needed.

Step 3: Verify the acceleration performance

In this example, an Internet-facing ALB instance, a GA instance whose backend server is deployed in the China (Hangzhou) region, and a client in the US are used.

Test the network latency after GA is enabled.
1. The backend service is accessible from a browser at http://<custom domain name>. Refresh the browser multiple times. Requests are distributed between ECS01 and ECS02.
2. Run the curl -o /dev/null -s -w "time_connect: %{time_connect}\ntime_starttransfer: %{time_starttransfer}\ntime_total: %{time_total}\n" "http[s]://<custom domain name>" command to view the network latency after acceleration.
  The following figure shows the response.
Test the network latency before GA is enabled.
1. Access http://<custom domain name> from a browser. The backend service is accessible. Refresh the browser multiple times. Requests are distributed between ECS01 and ECS02.
2. Run the curl -o /dev/null -s -w "time_connect: %{time_connect}\ntime_starttransfer: %{time_starttransfer}\ntime_total: %{time_total}\n" "http[s]://<custom domain name>" command to view the packet latency before acceleration.
  The following figure shows the response.
Acceleration Performance Comparison: Description of Data Parameters
- time_connect: The time in seconds from the start until the TCP connection is established.
- time_starttransfer: The time in seconds from when the client sends a request until it receives the first byte of the response from the backend server.
- time_total: The total time in seconds from when the client sends a request until the backend server completes the response.
Parameter
After acceleration (s)
Before acceleration (s)
Performance gain (s)
Performance gain (%)
time_connect
0.008
0.017
0.009
52.9%
time_starttransfer
0.207
0.427
0.220
51.5%
time_total
0.207
0.427
0.220
51.5%
Note
The examples and data in this topic are for reference only. The actual acceleration performance on your service prevails.

In addition, you can use the One-time Probe Tool. Use the network probe tool to test the acceleration effect on your custom domain name and check the response time and data latency.

FAQ

What type of GA instance is created?

A pay-as-you-go standard GA instance is created.

What additional fees are charged after GA is enabled?

You are charged GA fees, including GA instance fees, capacity unit (CU) fees, and data transfer fees. For more information, see Billing of pay-as-you-go GA instances.

After an ALB listener is added, why is GA not enabled for the listener?

ALB listener information is synchronized to GA only the first time you enable GA. Listener updates are not automatically synchronized to GA. You must manually manage listener information in the GA console.

Why do the access control policies of ALB not take effect after GA is enabled?

After GA is enabled, the accelerated domain name is the domain name of the GA instance. As a result, the ALB control policies do not take effect.

To control access from IP addresses, configure access control policies for the GA instance. For more information, see GA access control.

References

ALB billing overview: Billing methods and billable items of ALB.
GA billing overview: Billing methods and billable items of GA.
Cross-border acceleration configuration: For cross-border scenarios, the default option is BGP (Multi-ISP) Pro. If you require higher network quality, you can use Cross-region acceleration over Express Connect circuits.

Parameter	After acceleration (s)	Before acceleration (s)	Performance gain (s)	Performance gain (%)
time_connect	0.008	0.017	0.009	52.9%
time_starttransfer	0.207	0.427	0.220	51.5%
time_total	0.207	0.427	0.220	51.5%