MaxCompute cross-border access acceleration solution

Introduction to unites with global acceleration services to provide MaxCompute customers with cross-border access needs with a set of efficient and stable cross-border access acceleration solutions.

MaxCompute unites with global acceleration services to provide MaxCompute customers with cross-border access needs with a set of efficient and stable cross-border access acceleration solutions.

Background Information

A large number of MaxCompute customers going overseas often need to conduct cross-border visits due to the inconsistency of the location of the developers and the geographic location of the data source. When using IDEA/ODPSCMD/SDK for management and control job submission, data download and other requests, the network jitter is relatively large and may be affected. Problems such as being rst, resetting the connection, etc. occur.

The specific scenarios include two categories:

• The office is in the mainland, but the corresponding MaxCompute terminal node is overseas. For example, if you need to visit the terminal node in Mumbai from Hangzhou, if you directly use the office's public network to call the corresponding api for business creation, the direct use of the public network link is very unstable.
• The office is overseas, but the corresponding MaxCompute terminal node is in the mainland. For example, the terminal node that needs to visit Shanghai from Mumbai, there are similar calls.

Example: Under normal network conditions, when accessing the terminal node of India (Mumbai) from Hangzhou, the network connection times out.

solution

Solution architecture

Technical Principle

This solution relies on global acceleration services.

Global Accelerator GA (Global Accelerator) is a global network acceleration service. Global Acceleration will assign an acceleration IP to each access acceleration area, and client traffic will enter the Alibaba Cloud acceleration network from the nearest access point through the acceleration IP. . After entering the Alibaba Cloud acceleration network, Global Acceleration can intelligently select routes and automatically complete network scheduling, and then send the client's network access request to the best terminal node, avoiding the congestion of the public network, and achieving the effect of reducing latency. For details, please refer to Global Acceleration Official Document .

Implementation process

Prerequisites

• The MaxCompute project has been created.

For more operations to create MaxCompute projects, see Create MaxCompute Project .

Configure global acceleration service

Users can configure according to the official document . The configuration steps of this program are as follows:

Step 1: Create a global acceleration instance

1. Log in to Global Acceleration Management Console .
2. In list of instances page, click create accelerate instance .
3. On the purchase page, configure the global acceleration instance according to the following information, and then click to purchase immediately.
4. 1. Choose to purchase the specifications of Global Acceleration Instances. This program chooses small type II .
   2. Choose the length of time to purchase the Global Acceleration instance. This program chooses 1 month .

For specific specifications and costs, please refer to Global Accelerated Product Pricing .

After the purchase is successful, return to the management console. After the instance is created, the system will automatically assign a CNAME to resolve the domain name of the back-end service to be accelerated. Please record this CNAME for subsequent domain name resolution.

Step 2: Purchase and bind the basic bandwidth package

The basic bandwidth package provides global public network access bandwidth and Alibaba Cloud intranet transmission bandwidth. To achieve global acceleration, you need to purchase a basic bandwidth package and bind the basic bandwidth package to the global acceleration instance.

1. In list of instances page, click buy basic bandwidth, packet .
2. On the purchase page, configure the basic bandwidth package, and then click immediately purchase complete the payment.

For specific specifications and costs, please refer to Global Accelerated Product Pricing .

⚠️Note: To improve the quality of network access from overseas regions to mainland China, you must first submit the cross-border product use application , otherwise you cannot configure the acceleration of access to foreign regions.

This program chooses enhance the acceleration bandwidth, 20Mb .

1. Return list of instances page, click the accelerating global instance ID has been created, click -bandwidth package management tab, in basis of bandwidth package area, find the target bandwidth, packet basis, click operation under the column Bind .

After binding is successful, the state became the basis of the bandwidth package available .

Step 3: Add acceleration area

After purchasing the basic bandwidth package, you can add acceleration areas, specify the location of users accessing back-end services, and allocate accelerated bandwidth.

Complete the following operations to add an acceleration area.

1. On the instance list , find the created Global Acceleration instance and click the instance ID.
2. Click the acceleration area tab, add the access area .
3. In the add acceleration area dialog box, configure according to the following information.

• • Region : Select the region of the user who accesses the acceleration service. This program chooses China (Hangzhou) .
  • Bandwidth : Select the geographic bandwidth of the accelerated service. This program inputs 2 0 Mbps.
  • IP address protocol : Select the IP address protocol for users to access the global acceleration service. This program chooses IPv4 .

1. Click confirm . After the addition is successful, Global Accelerator will allocate an acceleration IP in the access area to accelerate user access.

Step 4: Configure monitoring

The monitor is responsible for checking connection requests. The system will forward the inbound connection from the client according to the port and protocol you specify.

1. On the instance details page, click the monitor tab, and then click add a monitor .
2. On the configuration monitor and protocol configuration wizard page, configure the monitor according to the following information.
3. 1. monitor name : Enter the monitor name.
   2. protocol : select the type of monitoring protocol, customers can choose according to business scenarios. This program chooses TCP .
   3. port : This program enters 80 .
   4. Client affinity : This program chooses turn off .

For more information, refer to Monitoring Overview .

1. Click next configure the end node group.
2. access control: can be configured with different policies based on the whitelist/blacklist form, accurately control client requests, and manage request forwarding.

Description At present, the access control whitelist is kept open. If you need to use it, please submit a work order.

Step 5: Set up the end node group

Each monitor is associated with a terminal node group, and the terminal node group is associated with the monitor by specifying the region where traffic is to be distributed. After the association, Global Accelerator will distribute the traffic to the best terminal node in the terminal node group associated with the monitoring.

Complete the following operations to set up an endpoint group.

1. node group name in the field.
2. region to which the terminal node group belongs, that is, the region of the target server to be accessed. This program chooses India .
3. Choose back-end service deployment in Alibaba Cloud or non-Alibaba Cloud. This program chooses non-A Liyun .
4. Choose to enable or disable to keep the source IP of the client. In this solution, choose to enable and keep the source IP of the client.
5. Configure the end node.
6. 1. backend service type : select custom domain name .
   2. Backend service : Enter the endpoint of the MaxCompute extranet to be accelerated. This plan enters service.ap-south-1.maxcompute.aliyun.com
   3. : Enter the weight of the terminal node, the weight range: 0~255. Global Acceleration routes traffic to end nodes in proportion to the weights you configure.
      Note If the weight of a terminal node is set to 0, Global Acceleration will terminate the distribution of traffic to the terminal node. Please proceed with caution.
7. Click next view the monitoring and terminal node group configuration. After confirming that they are correct, click next .

Bind host locally

After adding the global acceleration configuration, under the instance information-acceleration area tag, find the acceleration IP.

After that, you must bind the host locally to resolve the corresponding domain name to the CNAME assigned by the global acceleration, so that the business traffic can be switched to the global acceleration.

Host add example:

1XX.XX.X.XX6（加速IP）  service.ap-south-1.maxcompute.aliyun.com（后端服务域名）

Delay test

1. Open a command line window on the computer in the access area (Hangzhou, China).
2. Execute the following command to check the packet delay. curl -o /dev/null -s -w "time_connect: %{time_connect}\ntime_starttransfer: %{time_starttransfer}\ntime_total: %{time_total}\n" "http[s]://[:<port>] "Among them:

• • time\_connect: connection time, the time from the start to the completion of the TCP connection.
  • time\_starttransfer: start transfer time. After the client sends a request, the time it takes for the back-end server to respond to the first byte.
  • time\_total: Total connection time. After the client sends a request, the time it takes for the back-end server to respond to the session.

1. After testing, the use of Global Acceleration significantly reduces the delay for users in Hangzhou, China to access the India (Mumbai) endpoint.

Use MaxCompute

After the configuration is complete, you can enter the MaxCompute client or Web-Console to connect to the MaxCompute data source by source. At this time, MaxCompute has successfully achieved efficient and stable cross-border access.

Security related issues

In order to effectively prevent DDoS attacks, this solution can be used in combination with DDOS high-defense products to effectively prevent DDOS attacks. For more information, please refer to: -regional Web Security Acceleration The DDOS configuration part of the content.

Copyright statement: content of this article is contributed spontaneously by Alibaba Cloud real-name registered users. The copyright belongs to the original author. The Alibaba Cloud Developer Community does not own its copyright and does not assume corresponding legal responsibilities. For specific rules, please refer to the "Alibaba Cloud Developer Community User Service Agreement" and the "Alibaba Cloud Developer Community Intellectual Property Protection Guidelines". If you find suspected plagiarism in this community, fill in the infringement complaint form to report it. Once verified, the community will immediately delete the suspected infringing content.