Network optimization

As cloud applications grow in diversity and complexity, network optimization becomes essential. Consider the following areas:

Global deployment optimization

Global business operations require global infrastructure. Alibaba Cloud offers Cloud Enterprise Network (CEN) and Global Accelerator (GA) for global deployments.

CEN is a highly available network that runs on Alibaba Cloud's private global network. CEN uses a TransitRouter to build private communication channels between cross-region virtual private clouds (VPCs) and between VPCs and on-premises data centers. You can define flexible policies for interconnection, isolation, and traffic steering within a region to build a reliable, large-scale enterprise cloud network. Enterprise Edition transit router instances can forward traffic at up to 100 Gbps and support up to 1,000 VPCs.

Global Accelerator provides a highly available, high-performance network acceleration service for global end users. Users access the network from the nearest location, which reduces the impact of latency, jitter, and packet loss on service quality. Alibaba Cloud has points of presence (POPs) worldwide to optimize network quality for globally deployed applications. A Global Accelerator instance supports up to 4 Gbps of bandwidth and 1 million concurrent connections. Common scenarios include game acceleration, cross-border enterprise application acceleration, and internet application acceleration.

Network path optimization

In public network scenarios, traffic from outside China to the Chinese mainland often experiences congestion and packet loss due to poor cross-border network quality. High latency also occurs because no direct public network lines are available. Alibaba Cloud offers BGP (Multi-ISP) Pro elastic IP addresses (EIPs) to improve the quality of access for international services. Compared to BGP (Multi-ISP) lines, BGP (Multi-ISP) Pro lines offer lower latency for end users in the Chinese mainland. This is achieved through direct connections to the Chinese mainland over premium carrier networks. These premium EIPs provide extensive coverage in the Asia-Pacific region but do not apply to data centers in the Chinese mainland.

For nearest access scenarios, you can use Alibaba Cloud CDN to cache origin resources at POPs worldwide. When end users request resources, they can retrieve them from the nearest CDN POP instead of the origin server. This improves resource access speed and reduces the load on the origin server.

For back-to-origin scenarios over leased lines, Alibaba Cloud offers GA accelerated IP addresses and Anycast EIPs. These products route users to the nearest Alibaba Cloud POP over the public network and then use Alibaba Cloud's private network for the back-to-origin connection, mitigating latency and packet loss on cross-border internet routes.

Hybrid cloud networking optimization

To connect on-premises data centers, headquarters, branches, or mobile terminals to a VPC for private network access, you can use solutions such as Express Connect, VPN, or Smart Access Gateway. Express Connect provides high-speed, stable, and secure private communication, making it ideal for high-performance scenarios. Choose the solution that best fits your specific needs. For example, a single Express Connect circuit provides a bandwidth of up to 100 Gbps. In contrast, a VPN connection is encrypted and transmitted over the public network. Its bandwidth is limited by the public network, and a single Alibaba Cloud IPsec-VPN connection supports a maximum bandwidth of 1,000 Mbps.

ECS network performance optimization

The performance of a single ECS instance is critical for network-intensive applications, such as NFV/SD-WAN, network element forwarding, and live video comment streaming. To achieve high performance, Alibaba Cloud's 7th-generation network-enhanced ECS instances use the 4th-generation SHENLONG architecture, which features an integrated software and hardware design for virtual switches. This architecture delivers stable, predictable, and ultra-high performance, allowing a single instance to support up to 30 million packets per second (PPS) for packet forwarding and up to 100 Gbit/s of network bandwidth. The network performance of a single ECS instance determines the maximum internal network and internet access speeds for your cloud applications.

Load balancer performance optimization

In network-intensive scenarios, a Server Load Balancer often acts as the entry point for cluster traffic. It distributes traffic to different backend servers to increase application throughput and eliminates single points of failure to improve application availability. Alibaba Cloud Server Load Balancer (SLB) includes Application Load Balancer (ALB), Network Load Balancer (NLB), and Classic Load Balancer (CLB). Each serves a different purpose. ALB is designed for Layer 7 and provides high-performance service processing and advanced content-based routing features. It is also the official Alibaba Cloud cloud-native Ingress gateway. NLB is a Layer 4 load balancer that supports ultra-high performance and auto scaling. A single instance can handle up to 100 million concurrent connections. CLB is a versatile option that supports the TCP, UDP, HTTP, and HTTPS protocols. It provides strong Layer 4 processing capabilities and basic Layer 7 processing capabilities.

Use Application Load Balancer (ALB) to process Layer 7 traffic. A single ALB instance supports up to 1 million queries per second (QPS) and features auto scaling, which allows its processing capacity to scale automatically with traffic peaks. For Layer 4 connections, use Network Load Balancer (NLB). NLB is built on a Network Functions Virtualization (NFV) platform and does not depend on physical servers. This architecture enables elasticity and rapid scaling. A single NLB instance supports up to 100 million concurrent connections and also features auto scaling, which allows its processing capacity to scale automatically with traffic peaks.

SSL/TLS encryption and decryption are CPU-intensive. Use ALB or NLB to offload this work from your servers to the load balancer. When you configure SSL/TLS offloading, the load balancer decrypts traffic from clients and sends the unencrypted traffic to the backend servers. This frees up CPU resources on the backend servers, improves client response times, and makes certificate management more efficient. Additionally, you can use an NLB that supports the TCPSSL protocol to further optimize application performance in scenarios that require ultra-high performance and large-scale TLS offloading.

When you use ALB, enable the HTTP/2.0 protocol. This improves application response speed by reusing TCP connections and saves network traffic by reducing redundant header fields.

A load balancer can distribute traffic to different types of backend services, such as ECS instances, ENIs, ECIs, Function Compute, and internal IP addresses. You can use ALB forwarding rules based on request parameters, such as HTTP headers, HTTP request methods, and URL paths, to control application traffic with greater flexibility.

Consider the latency requirements of your application. NLB is ideal for latency-sensitive applications because it provides extremely low latency. However, cross-zone high availability (HA) deployments involve a trade-off: distributing traffic across zones improves reliability but increases latency.

Both ALB and NLB provide monitoring data and logs to check the real-time operational status of your load balancer. For example, analyze ALB access logs to identify requests with long response times or backend services causing performance issues.