Akamai has acquired Guardicore to extend its Zero Trust solutions and help stop ransomware. Read more

Blog

RSS

Managing Traffic From the Outset: How GTM Can Make Your Deployments Easier

Written by

Sam Preston

December 05, 2019

This article has been updated to include information on GTM’s Weighted Random Load Balancing with Data Center Stickiness property type.

What is GTM?

Global Traffic Management, or GTM, is a DNS-based load balancing service that offers application owners a level of flexibility and insight that is unmatched by traditional on-prem solutions. Highly scalable and fault-resilient, GTM offers customers a layer of abstraction between endpoints, so traffic can easily be shifted between targets. However, the platform is not limited to weighted load distribution: GTM can execute intelligent routing decisions based on end-user location, network conditions, and even origin server availability. These features are possible thanks to Akamai's unrivaled visibility into the internet, which fuels the platform's dynamic, data-based route optimization engine. 

Front-end GTM

DNS-level load balancing allows domain owners to regulate traffic splits before any HTTP layer requests are even sent. Traditionally classified as “front-end” GTM, a property can be configured to control the destination of the initial incoming client request (circle 1 / the first leg pictured below):

While GTM traditionally balances traffic between origin data centers in the second leg, front-end GTM can assist with a number of important use cases as well.

Deployments made easier

One primary example: if you are onboarding a hostname onto Akamai’s CDN for the first time, the go-live step will typically entail updating the applicable hostname’s DNS record to point to an Akamai edgehostname via a CNAME entry. This stark deployment method, however, requires transitioning all traffic over to the Akamai configuration at once, and rollback may prove cumbersome depending on the DNS provider’s interface and programmatic capabilities. If the DNS record points to a GTM property instead, domain owners have the option of easing traffic to the new Akamai CDN hostname in increments. Simply put, domain owners can “Akamaize” as much or as little traffic as they see fit during the initial deployment and increase the ratio over time. In addition, rollback is seamless with GTM, as shifting 100% of traffic back directly to the origin endpoint is as simple as a few clicks in the portal. If a more programmatic switch is preferred, GTM offers an API to manage traffic splits, and liveness tests can facilitate automatic failover if errors are detected. 

Front-end GTM can also help manage certificate deployments via a similar incremental approach. Let’s say your security team wants to transition a hostname to another Akamai certificate, or perhaps an important cipher/TLS version upgrade is required. If a phased approach is preferred to help mitigate risk, the application owner simply needs to generate a new Akamai edgehostname and associate it with the new certificate1. Once this is established, GTM can balance traffic between the old and new certificate in the desired manner.

Session stickiness

One limitation of DNS load balancing is that server stickiness is not guaranteed, as the simplistic nature of the DNS protocol complicates any attempt to identify end users and consistently assign them to a server/data-center (an outcome typically accomplished via cookies with HTTP-layer load balancing). As a result, requests may oscillate between multiple defined endpoints during a single session, an inconsistency that could cause disruptions for the user depending on the website or application.  

To improve session affinity for multi-target properties, GTM offers Weighted Random Load Balancing with Data Center Stickiness. With this property type, a given Akamai nameserver remains mapped to the same data center unless that target is marked down. Since a user’s resolver will typically query the same nameserver to retrieve an IP, this handout technique markedly increases the chances of keeping a user “stuck” to the same GTM-defined endpoint for the duration of the session2.

However, although this property type improves server-state affinity, it is impossible to truly guarantee stickiness with DNS load balancing. Thus, if infrequent oscillations will degrade a user’s experience, phasing in traffic via front-end GTM is not recommended. 

Conclusion

Without GTM, DNS-based deployments are often all-or-nothing events and rollback can prove tedious. GTM allows these changes to be deployed and retracted seamlessly, granting application owners a comforting level of flexibility and control.

Front-end GTM supports many other use cases as well (such as sending traffic to different endpoints based on geolocation, blocking users based on location, and so forth), but phasing in DNS-level changes is an often-overlooked benefit. If you have any questions about how front-end (or back-end) GTM can assist with your load balancing needs, please reach out to your Akamai technical representatives or check out the resources below.

Explore Akamai’s diverse DNS-oriented solutions

If you find this blog useful, continue your exploration with the following references.

Contact us for answers to your DNS questions.

1This use case is only valid if at least one of the certificates is set to “SNI-only” off; if both certificates are SNI enabled, front-end GTM will not be able to accurately  

2Another mechanism to help preserve server-side state is to set DNS TTLs that considerably exceed users’ average session length



Written by

Sam Preston

December 05, 2019