AWS Global Accelerator — Avoid DNS Cache issue.
AWS Global Accelerator (re:Invent 2018) is network layer service, which acts as an entry point to the internet applications you configured, with Global Accelerator’s static public IP addresses. The customers points to this static IP address instead of original IP Address of the your application. Let us see the advantage of this approach.
Imagine you configure the application in multiple AWS Regions and use Route 53 with Failover records for fault tolerance. When the primary server fails, Route 53 will resolve to secondary IP address and return to the client. Yes, AWS has done its duty !!! But what if the client OS caches primary IP Address for long time, and thereby connecting to non-exiting primary server again. This is where Global Accelerator comes into picture. Since the user connects only to Global Accelerator’s IP address, client doesn't have option to cache application’s original IP address.
Regional level load balancing is possible now with this service. You can configure Identical application in several AWS Regions and each application endpoints can be mapped to a common Global Accelerator. It does continuous monitoring of the endpoints. Non working endpoints are temporarily removed till it comes back. Global Accelerator return its 2 Any-casted IP address once it is configured. Client can connect one of them.
When the user access the application with IP Address provided by the Global Accelerator, AWS tries to pass the traffic through the nearest edge location to the user and proceed further via AWS infrastructure to reduce the latency.
Global Accelerator Setup
Before you configure AWS Global Accelerator you may have to setup applications. During the process of Global Accelerator configuration it prompts for the application endpoints. The application Endpoints can be in the form of Elastic Load Balancer or Elastic IP address. I have configured EC2 based web application in two AWS Regions namely, Singapore and Tokyo. It is mandatory that Elastic IP address(else run the instance behind an ELB) be configured for EC2 instances. Dynamic Public IP address doesn't make valid endpoint for you.
- Screenshot shows the web app’s EC2 instance properties for Singapore AWS Region.
2) Access above configured web site with Elastic IP address.
3) Screenshot below is of AWS Tokyo Region web app’s EC2 properties.
4) Access Tokyo web site with Elastic IP address. In order to identify which AWS Region is serving the web page, I have added different content here . But Ideally you will have same content in the production environment.
5) I Configure AWS Global Accelerator in Oregon Region. So search for AWS web console search for Global Accelerator. You get screen like below. Click “Create Accelerator”.
6) Now you have to enter name for Global Accelerator.
7) You will be configuring a listener next. This is the port by which client user is requesting for the service. Since we run web service it is 80. Select the protocol as TCP. Client affinity is set to None, other option being SourceIP applicable for stateful applications. Click Next.
8)Then you have to configure endpoint groups. An endpoint group act as a container for application endpoints. Since I have configured my web app in two AWS Regions I have to create two endpoint groups. Click Add endpoint group. From the dropdown list select the Regions you have configured web application. Traffic dial is set to 100 which is default value. Traffic dial 0 means Global Accelerator do not forward the traffic the end point group, may be you can do site maintance during that time. Click Configure health check.
9) Complete the self explanatory configuration below and click Save.
10) When it come back to previous screen, make sure that end point groups are configured for respective Regions. Screen looks like below. Click Next.
11) Click Add endpoint.
12) Select Endpoint type as Elastic IP address so that all valid endpoint for the Region is automatically listed. Repeat this for all the Endpoint groups. Click Create accelerator.
13) You can see AWS Global Accelerator is Deployed. It returns two public IP address ( irrespective of number of Region you have configured endpoints) from Network Zones.
14) Now you type one of the above public IP addresses in a web browser to make sure that you are able to access the web site via Global Accelerator.
15) Below the output of netstat command I run on my client machine, which shows session is established between the client machine and Global Accelerator IP address, not with the original IP address of web server.
Testing
Test AWS Global Accelerator by making only one endpoint(web app) active at a time. Each time you shutdown the instance you can see access is switching over to other Region.
Disclaimer: This is based on the experiment in a testing environment. You are required to modify the configuration according to your production setup need.
Related Blogs: I have indexed all the blogs I wrote, in the URL below
