Essential guide to AWS Global Accelerator

developer

An accelerator can reduce the time it takes to reach a server, it does this by routing your network packets through to AWS global network (rather than going through the general internet).

To reach your server, packets may go faster via the AWS network, instead of the general internet network

Let’s create one

An accelerator also able to load balance and you can specify the weights/traffic dials (percentage of traffic that goes to each endpoints).

If your applications are stateful applications then choose SOURCE_IP for Client affinity (e.g. JWT is stateless, Java Tomcat HttpSession is stateful)

Configure the endpoint groups, I specified that 70% of traffic (Traffic dial) should go to my Singapore end group.

For each endpoint group I configure port overrides. Advantage of this is because in Linux for ports below to 1024 requires root privilege to run, I can use non root user to run services on higher ports. Running services as root is considered less secure (if the service gets cracked/hacked then the cracker/hacker will have root privilege).

You can also customize the health check parameters

Specify the endpoints in each endpoint group, here I am using EC2 instances, but they are other types you can choose from. I specified the same weight 128, which means I want traffic to be divided equally 50% 50% between the 2 instances.

Once created you can start testing.

On my instances, I have nginx running on port 80, 8080 and 8090.

Mine had a warning, I forgot to set the security groups to allow port 8080 and 8090. Let’s fix that.

All healthy after fixing security groups
AWS gives you 2 IP addresses for the accelerator
Instance 1 in Singapore
Same IP address but now showing Instance 2 in Singapore
Instance 2 in Singapore

Is client IP preserved?

After checking the nginx access logs, yes, client IP is preserved, which is good and as advertised.

However, even though I specified health checks to be done every 30 seconds. Seems like the health checks are a lot more frequent.

These are definitely not every 30 seconds. Therefore, you may want to tweak the health check settings, configure log rotation on nginx, etc
It also provides a DNS name
This is instance in Seoul
You can also create a Route53 DNS record to point to your accelerator

Unhealthy endpoints

Let’s see what is the behaviour of the accelerator when 1 or more endpoints are unhealthy. I stopped the nginx services on 2 of the Singapore instances.

The results are as expected, the accelerator will only choose the healthy endpoints. All good using any of the 2 accelerator IP addresses, the accelerator DNS name and Route53 DNS name.

AWS also provides a speed comparison tool so you can evaluate and see for yourself what are the speed improvements from where you are located. It is available on https://speedtest.globalaccelerator.aws/

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *