Function Overview

Global Accelerator allows users around the world to access cloud applications faster through public IP addresses and highly reliable, low-latency, and secure networking services.

As shown in Figure 1, a multinational enterprise has branches all over the world. The Singapore branch has deployed an application on two servers in the CN South-Guangzhou region, and the Hong Kong branch has deployed an application on two servers in the CN-Hong Kong region.

With Global Accelerator, each branch can access their application faster from the nearest access point.

Figure 1 How Global Accelerator works

An acceleration area is where a global accelerator is used for faster application access. Global Accelerator deploys access points both inside and outside the Chinese mainland.

Table 1 lists the access points supported by Global Accelerator.

Each global accelerator has at least one listener for listening to requests and distributing the requests to endpoints using the load balancing algorithm.

An endpoint group includes one or more endpoints in a given region. The global accelerator routes traffic to the endpoints in an endpoint group based on the load balancing algorithm.

You need to associate an endpoint group with each listener, which will route traffic to the endpoints in the associated endpoint group.

An endpoint is a destination to which requests are routed. Currently, only EIPs can be used as endpoints, and up to 10 endpoints can be added to each endpoint group.

If there are multiple endpoints in an endpoint group, you can set a weight for each endpoint to specify the proportion of requests to distribute to each endpoint. The global accelerator adds up the weights of all endpoints in the endpoint group and routes requests to each endpoint based on the ratio of its weight to the total weights.

Global Accelerator provides health check to ensure service reliability and availability.

After you enable health check, the global accelerator periodically sends requests to endpoints to check their status. If any endpoints become unavailable, the global accelerator stops sending requests to these endpoints. After the endpoints recover from failure, the global accelerator starts routing requests to them again.

Currently, only TCP can be used for health check.

TCP Health Check

TCP health check is performed on the network layer through three-way handshakes.

Figure 1 shows the TCP health check process.

Figure 1 TCP health check

The TCP health check process is as follows:

1. The global accelerator sends a TCP SYN packet to the endpoint.
2. The endpoint returns an SYN-ACK packet.
   • If the global accelerator does not receive the SYN-ACK packet within the timeout duration, it declares that the endpoint is unhealthy and sends an RST packet to the endpoint to terminate the TCP connection.
   • If the global accelerator receives the SYN-ACK packet from the endpoint within the timeout duration, it declares that the endpoint is healthy and sends an ACK packet and an RST packet to the endpoint to terminate the TCP connection.

An IP address group is a collection of IP addresses. You can use IP address groups to manage IP addresses with the same security requirements or whose security requirements change frequently.

You can configure a whitelist or blacklist to allow or deny accesses from IP addresses in an IP address group to listeners.

You can add IPv4 or IPv6 CIDR blocks to an IP address group and associate the IP address group with a maximum of 10 listeners.

In accordance with the laws and administrative regulations of the Ministry of Industry and Information Technology (MIIT) of the People's Republic of China, only three major operators in the Chinese mainland are allowed for cross-border network communications, and a cross-border permit is required if you carry out business activities outside the Chinese mainland.

To comply with laws and regulations on cross-border network communications, you need to apply for a cross-border permit.

Cross-border communications are required in the following two scenarios:

• The acceleration areas are inside the Chinese mainland, but the endpoints are running outside the Chinese mainland.
• The acceleration areas are outside the Chinese mainland, but the endpoints are running inside the Chinese mainland.

Monitoring is key to ensuring the performance, reliability, and availability of Global Accelerator. You can use Cloud Eye to monitor the Global Accelerator status and resource usage on a single pane of glass. You can also configure Cloud Eye to alert you of any potential issues in Global Accelerator in real time.

With Cloud Trace Service (CTS), you can record operations associated with Global Accelerator for later query, audit, and backtracking.
After CTS is enabled, CTS starts recording operations on cloud resources. The CTS management console stores the last seven days of operation records.

If you need to assign different permissions to employees in your enterprise to access your Global Accelerator resources, IAM is a good choice for fine-grained permissions management. IAM provides identity authentication, permissions management, and access control, helping you secure access to your cloud resources.

With IAM, you can use your Huawei Cloud account to create IAM users, and assign permissions to the users to control their access to specific resources. For example, some software developers in your enterprise need to use Global Accelerator resources but should not delete them or perform any other high-risk operations. In this scenario, you can create IAM users for the software developers and grant them only the required permissions.

Global Accelerator provides extended REST APIs.

These APIs allow you to perform operations on all the resources of Global Accelerator, including global accelerators, listeners, endpoint groups, endpoints, health checks, and regions.

With the GA SDKs, you can easily invoke Global Accelerator APIs, SDKs support Java, Python, Go, NodeJs, and PHP languages. You can use APIs or any other well-known SDKs.