Configure disaster recovery to ensure the high availability of applications that are deployed across regions - Global Accelerator

This topic describes how to use Global Accelerator (GA) to accelerate applications that are deployed across regions and configure disaster recovery to ensure the high availability of the applications.

Background information

The headquarters of a financial enterprise is located in the US (Silicon Valley) region and the branch of the enterprise is located in the US (Virginia) region. The clients are located in China and Japan. To ensure that the application can run as normal and reduce potential risks, the application must meet the following requirements in terms of reliability:

If errors occur in the headquarters in the US (Silicon Valley) region, the enterprise can fail over to the branch in the US (Virginia) region.
Network issues that are caused by unstable cross-region Internet connections, such as network latency, network jitter, and packet loss, must be reduced.

You can create a GA instance, specify Japan (Tokyo) and China (Hong Kong) as acceleration regions, and then add Endpoint Group 1 and Endpoint Group 2 in the US (Silicon Valley) and US (Virginia) regions where the application is deployed. GA forwards client requests to endpoint groups based on their priorities and traffic distribution ratios.

You can enable the health check feature for multiple endpoint groups. If the endpoint group deployed in the headquarters fails to pass the health check, GA distributes new requests to the healthy endpoint group that is deployed in the branch. After the unhealthy endpoint group recovers, GA distributes requests to the endpoint group again. This ensures the high availability of the application that is deployed across regions and reduces network latency.

In addition, you can configure DNS settings based on the CNAME that is allocated by GA. After you complete the configurations, Alibaba Cloud DNS checks the sources of client requests and returns accelerated IP addresses based on the geographical locations of end users. This reduces network latency and accelerates access to the application. If errors occur in the Japan (Tokyo) region, you can fail over to the China (Hong Kong) region and distribute client requests to the global transmission network of Alibaba Cloud. This ensures the high availability of acceleration regions.

Procedure

Step 1: Purchase a GA service bundle

You can enter the information about the web service in the GA console. After you enter the information, the system generates a list of recommended services. The list includes a GA instance and a basic bandwidth plan.

Log on to the GA console.
In the upper-right corner of the Instances page, click Purchase Guide.
Note If this is the first time that you use the GA service, skip this step.

In the Enter the required information to generate a list of recommended services section, enter the required information and click Generate Service List.


Parameter	Description
Acceleration Area	Select the region that requires acceleration. In this example, China (Hong Kong) and Japan are selected.
Service Region	Select the region where the backend servers are deployed. In this example, US (Silicon Valley) and US (Virginia) are selected.
ICP Filing	Specify whether you have applied for an Internet Content Provider (ICP) number for the domain name of the application. In this example, No is selected.
Server Area	Specify whether the backend service is deployed on Alibaba Cloud. In this example, On Alibaba Cloud is selected.
Peak Bandwidth Range	Enter the bandwidth required during peak hours. Unit: Mbit/s. `10` is entered in this example.
Maximum Concurrent Connections	The maximum number of concurrent connections that a GA instance supports. When the number of existing concurrent connections reaches the upper limit, new connection requests are dropped. In this example, 5 Thousand is selected.

In the Recommended Service List section, click Generate Service List after you confirm the information.
Note The instance configurations in Recommended Service List provide the most cost-effective plan to run your services. You can also change the instance configurations on the buy page.

On the buy page, set the following parameters and click Buy Now to complete the payment.


Parameter	Description
Term	Select the subscription duration. Note The subscription duration applies to the services in the recommended service bundle. For example, if you set Term to 1 Year, the subscription duration of the specified GA instance and basic bandwidth plan is set to one year.
Specification	Select a specification for the GA instance. In this example, Small Ⅱ is selected.
Bandwidth Type	Select a bandwidth type for the basic bandwidth plan. In this example, Premium is selected.
Peak Bandwidth	Select the bandwidth limit of the basic bandwidth plan. In this example, 10 Mbit/s is selected.

Step 2: Add an acceleration area

After you purchase a GA instance, you can add an acceleration area, specify the region where users are located, and then allocate bandwidth to the region.

On the Instances page, find the GA instance that you created in Step 1: Purchase a GA service bundle and click the instance ID.
On the instance details page, click the Acceleration Areas tab. Then, click the Asia Pacific tab and click Add Region.
For more information about acceleration areas and regions, see Overview.

In the Add Acceleration Area dialog box, set the following parameters and click OK.


Parameter	Description
Regions	Select the region where the users that require the acceleration service are located. In this example, China (Hong Kong) is selected.
Bandwidth	Allocate bandwidth to the region. `5` Mbit/s is entered in this example.
Internet Protocol	Select the Internet protocol that is used by the users to connect to GA. In this example, IPv4 is selected.

Repeat the operations from Substep 2 to Substep 3 to add Japan as the acceleration region on the Asia Pacific tab and allocate 5 Mbit/s of bandwidth to the region.

You can view information about the acceleration area in the GA console. The following figure shows the configurations in this example.

Step 3: Add a listener and endpoint groups

A listener listens for connection requests and distributes the requests to endpoints based on the port and protocol that you specify. Each listener is associated with an endpoint group. You can associate an endpoint group with a listener by specifying the region to which you want to distribute network traffic. After you associate an endpoint group with a listener, network traffic is distributed to the optimal endpoints in the endpoint group.

On the instance details page, click the Listeners tab and then click Add Listener.

On the Configure Listener & Protocol wizard page, specify the following listener information and click Next.


Parameter	Description
Listener Name	Enter a name for the listener.
Protocol	Select a protocol for the listener. In this example, TCP is selected.
Port	Specify a listener port. The port is used to receive and forward requests to endpoints. Valid values: 1 to 65499. In this example, the value is set to `80`.
Client Affinity	Specify whether to enable client affinity. If client affinity is enabled, requests from the same client are forwarded to the same endpoint when the client connects to a stateful application. In this example, Source IP Address is selected.

On the Configure Endpoint Group wizard page, set the following parameters for Endpoint Group 1.


Parameter	Description
Endpoint Group Name	Enter a name for the endpoint group. The name must be 2 to 128 characters in length, and can contain letters, digits, underscores (_), and hyphens (-). The name must start with a letter.
Region	Select the region where you want to create the endpoint group. The servers that the clients want to access must be deployed in the specified region. In this example, US (Silicon Valley) is selected. Note The regions of endpoint groups must be unique. This means that you can create only one endpoint group in each region.
Traffic Distribution Ratio	Set the traffic distribution ratio for the endpoint group. Unit: %. Valid values: 0 to 100. In this example, `50` is entered. Note For more information about how to set traffic distribution ratios, see Distribute traffic across endpoint groups in different scenarios and Examples on how to configure the traffic distribution feature for multiple endpoint groups.
Backend Service	Specify whether the backend service is deployed on Alibaba Cloud. In this example, Alibaba Cloud is selected.
Preserve Client IP	Specify whether to preserve client IP addresses. After you enable this feature, backend servers can retrieve client IP addresses. In this example, client IP address preservation is disabled.
Endpoint	Endpoints are destinations of client requests. To add an endpoint, specify the following parameters: Backend Service Type: Select Alibaba Cloud Public IP Address. Important You can configure health checks for the following endpoints: Elastic Compute Service (ECS) instances in virtual private clouds (VPCs), Alibaba Cloud public IP addresses, and custom IP addresses or custom domain names of origin servers. If you specify Classic Load Balancer (CLB) instances or Application Load Balancer (ALB) instances as endpoints, the health check parameters that you configure for the endpoint group do not take effect. Backend Service: Enter the IP address of the backend service that you want to accelerate. In this example, the IP address of ECS01 that is deployed in the US (Silicon Valley) region is entered. Weight: Enter the weight of the endpoint. Valid values: 0 to 255. GA distributes network traffic to endpoints based on their weights. In this example, the weight of the endpoint is set to `100`. Warning If the weight of an endpoint is set to 0, GA stops distributing network traffic to the endpoint. Proceed with caution.
Health Check	Specify whether to enable or disable the health check feature. After you enable this feature, you can use health checks to check the status of endpoints. In this example, the health check feature is enabled.
Health Check Protocol	Select the protocol that you want to use for health checks. Valid values: TCP, HTTP, and HTTPS. In this example, HTTP is selected.
Port	Set the port of the endpoint to which probe packets are sent for health checks. Valid values: 1 to 65535. In this example, `80` is entered.
Health Check Interval	The interval between two consecutive health checks. Unit: seconds. Valid values: 1 to 50. In this example, 2 is entered.
URI	Specify the URI for health checks. The URI must be 1 to 80 characters in length and start with a forward slash (/). The URI can contain letters, digits, hyphens (-), forward slashes (/), periods (.), percent signs (%), question marks (?), number signs (#), and ampersands (&). The URI can also contain the following extended characters: `_ ; ~ ! ( ) * [ ] @ $ ^ : ' , +`. By default, GA sends a GET request to the default homepage of the backend service. If you do not want to use the default homepage for health checks, you can manually specify a URI. In this example, / is specified. Note This parameter is supported only for HTTP and HTTPS health checks.
Healthy Threshold	The number of consecutive health check failures that must occur before a healthy endpoint is considered unhealthy, or the number of consecutive health check successes that must occur before an unhealthy endpoint is considered healthy. Valid values: 2 to 10. In this example, 3 is entered.

Click + Add Endpoint Group to add Endpoint Group 2, configure the endpoint group based on the parameter description in Substep 3, and then click Next.
Set Region to US (Virginia) and set Backend Service of Endpoint to the IP address of ECS02 that is deployed in the US (Virginia) region. For other parameters, use the same configurations when you created Endpoint Group 1.
Note You can add multiple endpoint groups only for TCP and UDP listeners.
On the Confirm wizard page, confirm the configurations of the listener and the endpoint groups, and then click Submit.

Step 4: Add a domain name

To use Alibaba Cloud DNS, you must add domain names to Alibaba Cloud DNS.

Note

If your domain names are registered with Alibaba Cloud, skip this step. Alibaba Cloud automatically adds your domain names to Alibaba Cloud DNS after you register the domain names.
If you use a third party DNS service provider, import DNS records to Alibaba Cloud DNS.

Log on to the Alibaba Cloud DNS console.
On the Manage DNS page, click Add Domain Name.
In the Add Domain Name dialog box, enter the domain name of your web service, and then click OK.

Step 5: Upgrade Alibaba Cloud DNS

The Free Trial edition of Alibaba Cloud DNS is selected by default. Only the Enterprise Standard edition and Enterprise Ultimate edition can return IP addresses based on geographical locations. You must upgrade your Alibaba Cloud DNS.

On the Manage DNS page, find the domain name that you added in Step 4: Add a domain name and click Upgrade in the Actions column.
Specify the following parameters to upgrade Alibaba Cloud DNS:
- Edition: Select the edition to which you want to upgrade Alibaba Cloud DNS. You can select Enterprise Standard Edition or Enterprise Ultimate Edition in this example.
- DNS Protection: Select a protection plan for your domain name.
  - Not Required: does not provide DNS attack defense for domain names that are associated with the selected edition. If a domain name is under a DNS attack, you are notified by emails or text messages.
  - DNS Attack Defense Basic: provides basic DNS attack defense for domain names that are associated with the selected edition. The upper limit of basic DNS attack defense is no more than 10 million times of DNS attacks per second.
  - DNS Attack Defense Advanced: provides comprehensive DNS attack defense for domain names that are associated with the selected edition. This feature can protect your domain names against over 100 million DNS attacks per second.
  In this example, Not Required is selected.
- Quantity: Specify the number of domain names that can be associated with an Alibaba Cloud DNS instance. In this example, 1 is specified.
- Agreement of Service: Select the Alibaba Cloud DNS (Subscription) Agreement of Service check box.
Click Buy Now and complete the payment.

Step 6: Configure DNS settings

You can configure DNS settings to enable Alibaba Cloud DNS servers to return IP addresses based on the geographical locations of end users.

On the Manage DNS page, find the domain name that you added in Step 4: Add a domain name and click Configure in the Actions column.
Click Switch Path Type to switch from ISP to Region, and then click OK.
Click Add Record.
In the Add Record dialog box, set the following parameters and click Confirm.
- Type: Select CNAME from the drop-down list.
- Host: Enter the prefix of the subdomain name. In this example, @ is entered.
- ISP Line: Select Outside mainland China from the drop-down list and set Subline to Asia.
- Value: Enter the CNAME that is allocated by GA.
- TTL: Indicates how long a record is cached by a DNS server. A smaller TTL value indicates the less amount of time the resolver holds the information in its cache. In this example, 10 minute(s) is selected.

Repeat the operations in Substep 4 to add records for regions other than China (Hong Kong) and Japan (Tokyo).


Type	Host	ISP line	Value	TTL
CNAME	@	Outside the Chinese mainland. Set Subline to Asia.	ga-XX.aliyunga0018.com	10 minutes
A	@	Default	Origin server IP address. In this example, the IP address of ECS01 that is deployed in the US (Silicon Valley) region is selected.	10 minutes

Step 7: Test the connectivity

To check how disaster recovery ensures the high availability of the application that is deployed across regions, perform the following steps.

Note The following operating systems are used in this example. The command that is used to run the test may vary based on the operating system. For more information, refer to the user guide of the operating system.

Client operating system: Windows Server 2019.
Server operating system: Alibaba Cloud Linux 2.

Test the high availability of the acceleration regions

Block the China (Hong Kong) acceleration region in the backend and check the resolution results of client requests when errors occur in the China (Hong Kong) acceleration region.
1. Open the command prompt on clients in China (Hong Kong), Japan (Tokyo), and other regions.
2. Run the nslookup <Domain name of the web service> command to check the resolution results.
  The following resolution results are returned:
  - Client requests from China (Hong Kong) and Japan (Tokyo) are resolved to the accelerated IP address in the Japan (Tokyo) region.
    In most cases, when clients in China (Hong Kong) and Japan (Tokyo) access the application of the enterprise, the client requests are resolved to the CNAME allocated by GA. Then, GA maps the CNAME to the accelerated IP address that is closest to the clients and has the lowest latency. This way, client requests from China (Hong Kong) are resolved to the accelerated IP address in the China (Hong Kong) region. Client requests from Japan (Tokyo) are resolved to the accelerated IP address in the Japan (Tokyo) region. When errors occur in the China (Hong Kong) region, GA uses the CNAME to distribute client requests from China (Hong Kong) to Japan (Tokyo). The client requests are then forwarded to the global transmission network of Alibaba Cloud.
    The following figure shows the resolution result of client requests from the China (Hong Kong) region. The returned IP address is the accelerated IP address in the Japan (Tokyo) region.
  - Client requests from other regions are forwarded to the IP address of the origin server in the US (Silicon Valley) region.
After the China (Hong Kong) region recovers, use the preceding method to check the resolution result of client requests from the China (Hong Kong) region. The following figure shows that the returned IP address is the accelerated IP address in the China (Hong Kong) region.

Test the high availability of endpoint groups

Disconnect from the origin server in the US (Silicon Valley) region to simulate the failure of an endpoint group and test the access result.
1. Open a browser on clients in China (Hong Kong), Japan (Tokyo), and other regions.
2. Enter the domain name of the application that is deployed in the US (Silicon Valley) region and the US (Virginia) region.
  The following figures show the test results.
  - The following figure shows the access result after clients in the China (Hong Kong) region access the application. The responsive server is ECS02 that is deployed in the US (Virginia) region.
  - The following figure shows the access result after clients in the Japan (Tokyo) region access the application. The responsive server is ECS02 that is deployed in the US (Virginia) region.
After the server in the US (Silicon Valley) region recovers, use the preceding method to check the access results of client requests from the China (Hong Kong) and Japan (Tokyo) regions.
- The following figure shows the access result after clients in the China (Hong Kong) region access the application. The responsive server is ECS01 that is deployed in the US (Silicon Valley) region.
- The following figure shows the access result after clients in the Japan (Tokyo) region access the application. The responsive server is ECS01 that is deployed in the US (Silicon Valley) region.
Note The endpoint group that responds to client requests varies based on your business. If you configure multiple acceleration regions and endpoint groups for a GA instance, the resolution result of client requests varies based on the priority and traffic distribution ratio of each endpoint group. For more information, see Distribute traffic across endpoint groups in different scenarios.