Use DSW to pull models and container images from outside China across domains - Platform For AI

You may have difficulty accessing resources from outside China in your DSW instance. For example, you may encounter issues when you create an instance with a container image from docker.io or pull a model from huggingface.co. These access issues are often due to cross-domain network restrictions. To resolve these issues, you can create an Alibaba Cloud Global Accelerator (GA) instance. GA is a global network acceleration service that allows DSW to access models and images across domains.

Important

Use network resources responsibly. You cannot access websites that contain illegal information.

Billing

Global Accelerator (GA) is a cloud product that is billed separately. Fees include instance fees, capacity unit (CU) fees, and data transfer fees. For more information, see Global Accelerator Billing.

Procedure

This topic describes how to accelerate access to Hugging Face and Docker. Configure the settings based on your requirements. The following table lists the domain names that require acceleration.

Resource to accelerate	Domain names to accelerate
Hugging Face	`huggingface.co`, `cdn-lfs.hf.co` (the CDN distribution domain name for Hugging Face)
Docker	`docker.io`, `registry-1.docker.io`, `auth.docker.io`

Step 1: Create a standard Global Accelerator instance

The following steps describe only the key configurations. For a full list of parameters and their descriptions, see Create and manage standard Global Accelerator instances.

To create a standard instance, activate Global Accelerator and log on to the console. Click Create Standard Pay-as-you-go Instance. Configure basic information, such as the instance name, and then click Next.
Configure the acceleration area. In the Acceleration Area section, select the region where your DSW instance is located. Specify the required bandwidth, and then click Next.
Configure the listener. Enter a name and set Protocol to TCP and Port to 80,443. You can change these settings as needed.
Configure the endpoint.
- Region: You can select a region outside China. We recommend US (Silicon Valley).
- Endpoint Configuration: Configure a domain name for accelerated access. To add more domain names, create virtual endpoint groups.
  - Set Backend Service Type to Custom Domain Name.
  - For Backend Service, enter the domain name that you want to accelerate, such as huggingface.co.
  - Use the default value for Weight.
Review the configuration settings. Click Submit to confirm.

Step 2: Add virtual endpoint groups and configure forwarding rules

In the navigation pane on the left, click Standard Instances > Instances. Click the name of the instance you just created. Then, click the Listeners tab.
You can add other domain names to a virtual endpoint group for acceleration. Click the name of the existing listener to go to its configuration page. Click the Endpoint Group tab. The default endpoint group for huggingface.co, which you configured in Step 1, is already listed.
Add a separate virtual endpoint group for each additional domain name to accelerate. For example, you need to add groups for cdn-lfs.hf.co, docker.io, registry-1.docker.io, and auth.docker.io. Click Add Virtual Endpoint Group.
- Set Backend Service Type to Custom Domain Name.
- For Backend Service, enter the domain name that you want to accelerate.
- Use the default value for Weight.
Repeat this step to add the other domain names. When you are finished, five virtual endpoint groups are displayed.
Configure forwarding rules for the listener. On the listener configuration page, click the Forwarding Rule tab. For each of the five domain names that you want to accelerate, click Add Forwarding Rule.
- Domain Matching Rule: Exact Match.
- Forwarding Domain: Enter the domain name that you want to accelerate.
- Forward to: Select the endpoint group type and endpoint group that correspond to the domain name configuration.
When you are finished, you will have five forwarding rules:

Step 3: Use Global Accelerator in DSW

Acceleration method	Method 1: Accelerate access by modifying the hosts file of the DSW instance	Method 2: Accelerate access using PrivateZone
Scenarios	Retrieve models or other resources from outside China in an existing DSW instance.	Create a DSW instance with an image from outside China. Retrieve models or other resources from outside China in a DSW instance.
Does the DSW instance require a VPC, security group, and vSwitch?	Optional	Required
Does the DSW instance require a dedicated gateway and SNAT?	Optional. If you want to download large files and the network speed is insufficient, you can use a dedicated gateway to improve public network access speed.

Method 1: Accelerate access by modifying the hosts file of the DSW instance

Obtain an accelerated IP address. In the Global Accelerator console, click the name of your instance. On the Acceleration Areas tab, copy an Accelerated IP Address.
Modify the hosts file in the DSW instance. Open the web UI of your DSW instance. In the Terminal, run the vim /etc/hosts command. Add the accelerated IP address and the domain names that you want to accelerate to the file. Then, save the file and exit. The following figure shows an example of the format:

Method 2: Accelerate access using PrivateZone

In the Global Accelerator console, click the name of your instance. On the Instance Information tab, copy the CNAME.
Obtain the virtual private cloud (VPC) information for your DSW instance. For an existing instance, click the instance name to find the VPC information on the Instance Settings page.
Log on to the Alibaba Cloud DNS console. In PrivateZone, go to the User Defined Zones page and click Add Zone.
To use domains such as huggingface.co and cdn-lfs.hf.co, you must first configure the built-in authoritative domain name co. In the Effective in VPCs section, select the VPC that your DSW instance uses, which you identified in step 2. Click OK.
If you have not created the DSW instance yet, select this same VPC when you create the instance.
Then, click the name of the built-in authoritative domain co to go to the configuration page. Click Add Record. Because huggingface.co and cdn-lfs.hf.co share the same authoritative domain co, you must add a DNS record for each of them.
- Set the Record Type to CNAME.
- For Hostname, enter the host portion of the domain name, such as huggingface or cdn-lfs.hf.
- For Record Values, enter the Global Accelerator CNAME that you copied in step 1.
Follow the same method to configure docker.io, registry-1.docker.io, and auth.docker.io. After the configuration is complete, you will have two Built-in Authoritative Domain Names.

References

If the network access speed is insufficient, you can use a dedicated gateway to improve public network access speed.
For more information about DSW network access and configuration scenarios, see Network configuration.