Yash Shah
Problem Statement
Recently We Guys were facing issues with whitelisting our application to third parties behind an ALB. As ALB IP gets changes frequently. Came up on a solution using NLB and assign Elastic IP. But Still Many features of ALB we were missing.
We started looking for a solution and came up with the latest AWS service Global Accelerator. The following service not only helps what we need but also baked many use cases which are very fascinating.
Setting up Regional DR
Easily move endpoints between Availability Zones or AWS Regions without needing to update your DNS configuration or change client-facing applications
Control traffic up or down for a specific AWS Region
About AWS Global Accelerator?
Global Accelerator became publicly available in late 2018
The main use case for users is the ability to get a static IPv4 address that isn’t tied to a region
With global accelerator, customers get two globally anycast IPv4 addresses that can be used to load balance across 14 unique AWS regions
A user request will get routed to the closest AWS edge POP based on BGP routing. From there, you can load balance requests to the AWS regions where your applications are deployed
Global accelerator comes with traffic dials that allow you to control how much traffic goes to what region, as well as instances in that region. It also has built-in health checking to make sure traffic is only routed to healthy instances.
AWS Global Accelerator always routes user traffic to the optimal endpoint based on performance, reacting instantly to changes in application health, your user’s location, and policies that you configure
Some primitive in Global Accelerator
Global Accelerator, think of this of your anycast endpoint. It’s a global primitive and comes with two IPv4 addresses.
Listener which defines what port and protocol (TCP or UDP) to listen on. A Global Accelerator can have multiple listeners
For each Listener, you then create one or more Endpoint Groups. An endpoint group allows you to group endpoints together by region. For example a region ap-south-1 can be an endpoint group.You can even control the percentage of traffic that you want to send to that region.
For every Endpoint group we have multiple Endpoint, this can be either an Elastic IP address, a Network Load Balancer, or an Application Load Balancer. For each endpoint, you can configure a weight that controls how traffic is load-balanced over the various endpoints within an endpoint group.
Hand's On
Prerequisite:
Setup two small app behind alb in different region. So that we can connect to the Endpoint in Global Accelerator.
Whenever you open Global Accelerator you will be redirected to Oregon.
Step:-
The complete global Accelerator creation is a 4 step process that we will be going through step by step.
Step 1:
Create an Accelerator.
Provide the accelerator name. If you go Bring your own IP addresses (BYOIP) then you can choose the IPv4 option in the accelerator. Otherwise, as will assign two static IPs from amazon's pool of IP Addresses. Finally tag your accelerator with required key-name accordingly.
Step 2:
Add Listener to the accelerator. Specify a port, port range, or multiple port ranges that you want the listener to listen on.
Note :- If you have stateful applications, Global Accelerator can direct all requests from a user at a specific client IP address to the same endpoint resource, to maintain client affinity.
By default, client affinity is None and Global Accelerator distributes traffic equally between the endpoints in the endpoint groups for the listener.
Step 3
Add an endpoint group for each AWS Region that you want to direct traffic
An endpoint group is associated with a specific AWS Region. Endpoint groups include one or more endpoints in the Region.
For each AWS Region that you want to direct traffic to, add one endpoint group. You can't have more than one endpoint group per Region.
You can increase or reduce the percentage of traffic that would be otherwise directed to an endpoint group by adjusting a setting called a traffic dial.
Step 4
Last Step is the creation of the endpoint.
Note :- If you are going for EC2 Instance then you have to specify the health check for your application. If you are going for LoadBalancer's then it will use the health check used by loadbalancers for traffic sending.
Time to start testing.
Now that we have our anycast global load balancer up and running, it’s time to start testing. To check if load balancing works as expected, I’m using to following test:
for i in {1..100}; do curl -s -q http://13.248.138.197 ;done | sort -n | uniq -c | sort -rn
Global Accelerator Routing vs Normal Routing
An interesting difference between Global Accelerator and regular public ec2 IP addresses is how traffic is routed to AWS. For Global Accelerator, AWS will try and get traffic on its own network as soon as possible. As compared to the scenario with regular AWS public IP addresses; Amazon only announces those prefixes out of the region where the IP addresses are used. That means that for Global Accelerator IP addresses your traffic is handed off to AWS at its closest Global Accelerator POP and then uses the AWS backbone to get to the origin. For regular AWS public IP addresses, AWS relies on public transit and peering to get the traffic to the region it needs to get to
Let’s look at a traceroute to illustrate this. One of my origin servers in the ap-south-1 regions is 13.232.169.234, a traceroute to that ec2 instance in Mumbai from my local machine
In this case the handoff is from static-delhi.vsnl.net.in to static-mumbai.vsnl.net.in via public routing.
Now, as a comparison, we’ll look at a traceroute from the same server in Mumbai to the anycast Global Accelerator IP
The Global Accelerator only relies on lesser hops than the previous one. In this case, AWS is announcing the prefix locally via the Internet Exchange and it is handed off to AWS on the second hop. Quite a latency difference.
Conclusion
I think Global Accelerator is a powerful service. Having the ability to flexibly steer traffic to particular regions and even endpoints gives you a lot of control, which will be useful for high traffic applications. It also makes it easier to make applications highly available even on a per IP address basis (as compared to using DNS based load-balancing). A potentially useful feature for Global Accelerator would be to combine it with the Bring Your Own IP feature.
I personally used the Global Accelerator to provide 2 static IP to my ALB for third party whitelisting.
Top comments (0)