Use AWS Global Accelerator to improve application performance

In the dynamic landscape of web applications and APIs, ensuring fast, reliable, and secure access for all your customers is crucial. With traditional implementations, though, users of global applications often face latency and reliability challenges because of delays and uneven performance due to the complexity of the global internet infrastructure. AWS Global Accelerator enables you to achieve faster performance and higher reliability for your users by intelligently routing your traffic across the AWS global network, optimizing the path to your application.

In this post, we share the advantages that you gain by using Global Accelerator, scenarios for adding accelerators, and performance testing strategies that you can apply when you integrate your application with the service. We also explore integrations with other AWS services and provide practical deployment examples that use AWS CloudFormation.

We start by reviewing the differences between anycast and DNS-based routing, and then explain how Global Accelerator streamlines global traffic routing and bolsters security for your applications.

Comparing DNS routing with Amazon Route 53 to anycast routing with Global Accelerator

Before we dive into the specifics of using Global Accelerator with your application, let’s first examine how DNS routing operates, since it’s the most common form of routing used today. In their application architectures, companies typically configure DNS routing with a service, such as Amazon Route 53, to direct user traffic to different endpoints. Client traffic is routed based on factors such as geographical proximity, health checks, and routing policies that you configure.

For example, consider a scenario where you host a website on multiple Amazon Elastic Compute Cloud (Amazon EC2) instances across different AWS Regions and use Route 53 geolocation routing for DNS resolution. In this scenario, Route 53 dynamically resolves domain names to the IP address of the nearest healthy EC2 instance, ensuring that your users are directed to the optimal endpoint for your website, based on their location.

While both Global Accelerator and Route 53 can direct traffic, they differ in their underlying mechanisms. Route 53 operates at the DNS level, resolving domain names to IP addresses based on configured routing policies. In contrast, Global Accelerator uses anycast IP addresses to route traffic to the nearest healthy endpoint, which onboards traffic to the AWS global network, reducing latency and enhancing reliability. Global Accelerator is a better approach than DNS-based routing for many scenarios, such as those that require real-time traffic optimization, for example, video streaming platforms or online gaming services.

Global Accelerator ensures that each user is routed to the specific edge location with the lowest latency to deliver seamless playback experiences with minimal buffering.

Global Accelerator’s static IP addresses

In addition to improving the user experience by using anycast routing, Global Accelerator also helps you to streamline your IP address management. Global Accelerator provides a set of static IP addresses for your accelerator, served from the robust AWS edge network. For IPv4, you receive two static IPv4 addresses, while for dual-stack configurations, you get a total of four addresses: two static IPv4 addresses and two static IPv6 addresses. Alternatively, you can opt to bring your own IP address range (BYOIP) to Global Accelerator, and then allocate IPv4 addresses from your own address pool to associate with your accelerator.

The IP addresses in Global Accelerator provide static entry points for your clients so you can provide a consistent, seamless experience for them. With static IP addresses, when you add Elastic Load Balancing (ELB), EC2 instance, or Elastic IP address resources to a standard accelerator, your customers can use the IP addresses to reach your resources.

Global Accelerator static IP addresses also make it easy to move endpoints between Availability Zones or AWS Regions without needing to update your DNS configuration or change client-facing applications. This flexibility enables you to scale your infrastructure while ensuring uninterrupted service to your customers. Whether you’re expanding to new Regions or upgrading an existing setup, having static IP addresses helps you transition effortlessly, maintaining reliability and minimizing downtime.

Adding Global Accelerator to your architecture

You have several options for integrating Global Accelerator into your current architecture. For example, you can do one of the following:

• Front-end web applications – Use Global Accelerator in front of a web application hosted on EC2 instances to enable fast and reliable access for global users.
• API endpoints – Enhance the performance of API endpoints by integrating Global Accelerator with load balancers.
• Microservices – Optimize traffic flow between microservices that you’ve deployed across multiple AWS Regions.

To illustrate how Global Accelerator integrates with application architectures, let’s say you have a website running on EC2 instances behind Application Load Balancers in two AWS Regions. The following diagram (Figure 1) shows a sample architecture for this deployment.

Figure 1: User’s DNS request is resolved by Amazon Route 53 and routed to Application Load Balancers using the public internet (click image to open larger version in new tab).

To add Global Accelerator to this architecture, do the following:

1. Create an accelerator.
2. Add a TCP listener for port 80.
3. Create two endpoint groups, one for each Region.
4. Add the Application Load Balancers as Regional endpoints by adding each one to an endpoint group for the accelerator.

The following diagram (Figure 2) shows the updated architecture.

Figure 2: User request is resolved by Global Accelerator edge location and routed to Application Load Balancers using the AWS global network.

Evaluating performance and testing

Before and after you integrate Global Accelerator into your architecture, we recommend that you thoroughly evaluate your application performance. For example, evaluate response times, latency, and overall user experience using tools such as Apache JMeter or Locust. To validate the effectiveness of Global Accelerator in improving global access, simulate different traffic patterns and geographical distributions.

For example, let’s assume that you evaluate your baseline performance by using a curl command such as the following:

curl -I http://YourALBDNSName

In the command, replace “YourALBDNSName” with the DNS name that you use for routing to your application. Then, after you integrate Global Accelerator with your architecture, you can test performance again. To do this, run a second curl command like the following:

curl -I http://YourAcceleratorDNSName

In the command, replace “YourAcceleratorDNSName” with the DNS name of your accelerator (you can learn more about DNS names for accelerators in the AWS Global Accelerator Developer Guide). Compare these results with your baseline performance test. Look for improvements in response times, reduced latency, and overall enhanced performance. By running these tests, you’ll have a before-and-after comparison that you can use to quantify improvements and validate the effectiveness of Global Accelerator in optimizing global access for your users.

Enhancing security with Global Accelerator integrations

You can integrate Global Accelerator seamlessly with other AWS services to enhance security for your application and mitigate potential threats.

For example, you can integrate Global Accelerator with AWS Shield Advanced to bolster security measures and counter potential distributed denial of service (DDoS) attacks. Adding Shield Advanced provides an additional layer of defense against infrastructure-level DDoS threats while preserving operational efficiency. This is especially important for applications that rely on Network Load Balancers, such as gaming, media streaming services, and IoT systems.

When you integrate with Shield Advanced, Global Accelerator optimizes traffic flow to Network Load Balancers while concurrently providing edge-based DDoS detection and mitigation through Shield Advanced. Adding Shield Advanced enables Network Load Balancers to efficiently handle legitimate requests with the full suite of benefits offered by Global Accelerator.

Accelerating deployment with AWS CloudFormation

With AWS CloudFormation, you can more easily automate, test, and deploy infrastructure for your application. In this section, we provide a CloudFormation template for deploying a common architecture that is integrated with Global Accelerator. The architecture includes an Application Load Balancer, a security group, and the components required for a streamlined deployment. The accelerator created by this CloudFormation stack routes incoming traffic to target instances based on the listener ports, rules, and other values that you specify.

Before you deploy the template, make sure that you have the required IAM permissions and other prerequisites already configured in your AWS account. Then, copy and paste the template into the AWS CloudFormation console, with adjustments for your own resources and application needs, to quickly deploy and configure Global Accelerator for a sample application. Make sure that you replace all placeholder values with values specific to your AWS environment, as called out in the comments.

AWSTemplateFormatVersion: '2010-09-09'

Resources:
  MyLoadBalancer:
    Type: 'AWS::ElasticLoadBalancingV2::LoadBalancer'
    Properties:
      Subnets:
       - subnet-abc  # Replace with actual subnet ID in your AWS account
       - subnet-xyz  # Replace with actual subnet ID in your AWS account
      SecurityGroups:
       - !GetAtt MySecurityGroup.GroupId
      LoadBalancerAttributes:
        - Key: idle_timeout.timeout_seconds
          Value: '60'

  MyListener:
    Type: 'AWS::ElasticLoadBalancingV2::Listener'
    Properties:
      DefaultActions:
        - Type: fixed-response
          FixedResponseConfig:
            StatusCode: 200
            ContentType: text/plain
            MessageBody: 'OK'
      LoadBalancerArn:
        Ref: MyLoadBalancer
      Port: 80
      Protocol: HTTP

  MySecurityGroup:
    Type: 'AWS::EC2::SecurityGroup'
    Properties:
      GroupDescription: Security group for MyLoadBalancer
      VpcId: vpc-abc # Add your VPC ID
      SecurityGroupIngress:
        - CidrIp: 0.0.0.0/0  # Replace with actual CIDR range for allowed inbound traffic
          IpProtocol: -1
      # Note: This security group is very permissive and allows all inbound traffic from any IP address.
      # Consider scoping down the security group rules to restrict access based on specific requirements.

  MyTargetGroup:
    Type: 'AWS::ElasticLoadBalancingV2::TargetGroup'
    Properties:
      VpcId: vpc-abc # Add your VPC ID
      Protocol: HTTP
      Port: 80
      HealthCheckEnabled: true
      HealthCheckIntervalSeconds: 30
      HealthCheckPath: '/health'
      HealthCheckPort: 80
      HealthCheckProtocol: HTTP
      TargetType: instance
      Targets:
        - Id: i-instanceID  # Replace with the ID of your target instance

  MyAccelerator:
    Type: 'AWS::GlobalAccelerator::Accelerator'
    Properties:
      Name: Myaccelerator  # Replace with a unique name for your accelerator
      IpAddressType: IPV4
      Enabled: true

  MyAcceleratorListener:
    Type: 'AWS::GlobalAccelerator::Listener'
    Properties:
      AcceleratorArn:
        Ref: MyAccelerator
      PortRanges:
        - FromPort: 80
          ToPort: 80
      Protocol: TCP

When you deploy this stack, CloudFormation launches an Application Load Balancer, target groups, security groups, listeners, and an accelerator in a specified AWS Region. To complete the solution, add the Application Load Balancer as an endpoint to the accelerator, by using the console or the AWS Command Line Interface (AWS CLI). For multi-Region support, launch this template in another Region or modify it to use CloudFormation StackSets.

Summary

In this post, we described how AWS Global Accelerator offers a comprehensive solution for optimizing global traffic routing, enhancing performance, and bolstering security for your applications. By using anycast routing and straightforward integrations with other AWS services, Global Accelerator ensures a reliable user experience for your applications, with reduced latency. Whether you’re managing front-end web applications, API endpoints, or microservices, Global Accelerator provides the agility and scalability you need to thrive in today’s digital landscape. Get started today using Global Accelerator to unlock the full potential of your global applications and elevate your customer experience.

About the authors