The Anycast IP addresses are injected into the Internet’s BGP tables to advertise each public interface into the AWS network. The same IP address is advertised for each edge location to allow traffic to enter the network at its closest entry point from the user by using BGP reachability metrics. This reduces the number of hops over the public Internet to increase speed and decrease network latency by entering and traversing the AWS internal network as soon as possible. These IP addresses are publicly accessible front ends to your AWS services such as EC2 instance, elastic and network load balancers, and Elastic IP addresses.
High availability is achieved with fault tolerance using networking zones. These zones isolate the failure domain with separate network infrastructure inside the AWS backbone network. If one of the Anycast IP addresses goes offline because of a zone issue, the other remains available to route traffic. Remember, two IP addresses are assigned when creating a Global Accelerator instance. The end user is connected to the nearest location, and a TCP three-way handshake is performed from the AWS network edge to the client. TCP traffic is terminated at the point of presence or endpoint. Then a second TCP connection is created from the edge to the AWS application endpoint. This increases the end-to-end performance between the user and the application.
If your requirements are to use your own IPv4 address blocks, you can allocate up to two /24 blocks to the Global Accelerator service. This is often referred to as bring-your-own IP (BYOIP) and has a maximum of 512 addresses. Your public addresses can be assigned to endpoints when you create your accelerator. Two blocks are usually used for redundancy, but there is an option to use one of your own address blocks and the second from the AWS pool.
Traffic engineering allows you to define flow allocations to specific regions. These “dials” set a percentage value that controls the volume of traffic sent to each region. This allows you to do blue/green deployments of new or updated code releases or to use them in failover scenarios. The default setting of 100 percent for each region’s endpoint groups allows the Global Accelerator service to determine the best endpoint for your connections, and you can modify the values based on your requirements.
The service runs application endpoint health checking with definable health-checking values such as HTTP/HTTPS GETs or by using a TCP three-way handshake. If a health check fails, the service will reroute traffic to a healthy endpoint.
Denial-of-service detection is included at no additional charge using the AWS Shield Standard service. Shield acts as a front end to the edge locations by monitoring the data flows and blocking incoming denial-of-service exploits. For an additional charge, AWS Shield Advanced can be purchased; it adds features such as 24/7 technical support from the AWS DDoS response support group. Shield Advanced offers many other features such as network visibility of the attack and AWS cost protection for any additional incurred charges.