</>Học Dev
Bài học

Tuần 4 - Ngày 5: Route 53 Advanced

Tuần 4 – Ngày 5

Tuần 4 - Ngày 5: Route 53 Advanced

Mục tiêu học tập

  • Hiểu các routing policies nâng cao
  • Nắm vững health checks và failover
  • Biết cách implement DNS-based architectures

1. Route 53 Routing Policies

Overview

ROUTE53ROUTINGPOLICIES1.Simple-Singleresource,nohealthcheck2.Weighted-Distributetrafficbyweight3.Latency-Routetolowestlatencyregion4.Failover-Active-passivefailover5.Geolocation-Routebyuserlocation6.Geoproximity-Routebygeographicdistance7.IP-based-RoutebyclientIP8.Multivalue-Returnmultiplehealthyvalues

Weighted Routing

WeightedRoutingapp.example.comRecordA:Weight7010.0.1.1(Primary)RecordB:Weight2010.0.2.1(Secondary)RecordC:Weight1010.0.3.1(Canary)TrafficDistribution:-70%Primary-20%Secondary-10%CanaryUsecases:-Blue/Greendeployments-A/Btesting-Gradualmigration

Latency Routing

LatencyRoutingUserinSingaporeRoute53LatencyCheckLowestlatencyap-southeast-1us-east-1eu-west-1(50ms)(200ms)(250ms)Note:LatencyismeasuredAWSregiontouser,notabsolute

Geolocation Routing

GeolocationRoutingRecord1:Location=Asiaap-southeast-1serversRecord2:Location=Europeeu-west-1serversRecord3:Location=Defaultus-east-1servers(fallback)Usecases:-Contentlocalization-Regulatorycompliance(dataresidency)-Loadbalancingbyregion

Geoproximity Routing

GeoproximityRouting(TrafficFlowonly)ResourceswithBias:Region:us-east-1Bias:+25AttractsmoretrafficfromnearbyareasRegion:us-west-2Bias:-10PushestrafficawayBiasrange:-99to+99Usecase:Shifttrafficduringmaintenance

IP-based Routing

IP-basedRoutingCIDRCollections:Collection:"CorporateIPs"CIDRs:203.0.113.0/24,198.51.100.0/24RoutetointernalendpointsCollection:"PartnerIPs"CIDRs:192.0.2.0/24RoutetopartnerendpointsDefaultRoutetopublicendpointsUsecases:-ISP-specificrouting-Corporatenetworkoptimization

2. Health Checks

Types of Health Checks

1. Endpoint Health Checks:
   - HTTP/HTTPS/TCP
   - Check specific endpoint
   - Configure threshold

2. Calculated Health Checks:
   - Combine multiple health checks
   - AND, OR logic

3. CloudWatch Alarm Health Checks:
   - Based on CloudWatch alarm state
   - For private resources

Health Check Configuration

HealthCheckSettingsProtocol:HTTPSEndpoint:api.example.comPort:443Path:/healthRequestInterval:30seconds(or10forfast)FailureThreshold:3StringMatching:"healthy"(optional)LatencyGraphs:EnabledRegions:All(recommended)Orspecificregions

Calculated Health Checks

CalculatedHealthCheckParentHealthCheckLogic:Reporthealthywhenatleast2of3childhealthchecksarehealthyChild1Child2Child3(Web)(API)(DB)HealthyHealthyUnhealthyResult:Parent=HEALTHY(2of3)

3. Failover Routing

Active-Passive Failover

Active-PassiveFailoverapp.example.comPrimary(Active)-Failovertype:Primary-Healthcheck:hc-primary-Target:10.0.1.1(mainserver)Secondary(Passive)-Failovertype:Secondary-Healthcheck:optional-Target:10.0.2.1(backupserver)Flow:1.PrimaryhealthyTraffictoPrimary2.PrimaryfailsTraffictoSecondary3.PrimaryrecoversTrafficbacktoPrimary

Active-Active with Health Checks

Active-ActivewithWeighted+HealthRecord1:Weight50,HealthCheckenabledus-east-1(Healthy)Record2:Weight50,HealthCheckenabledus-west-2(Unhealthy)Result:100%traffictous-east-1(Unhealthyrecordsremovedfromresponses)

4. Route 53 Resolver

DNS Resolution for Hybrid

Route53ResolverAWSOn-Premises(Outbound):VPCOutboundcorp.internal.comEndpoint(Forwardtoon-premDNS)On-PremisesAWS(Inbound):VPCInboundaws.example.comEndpoint(On-premforwardshere)

Resolver Rules

ResolverRulesRule1:ForwardDomain:corp.internalType:ForwardTarget:192.168.1.10,192.168.1.11(On-premisesDNSservers)Rule2:SystemDomain:amazonaws.comType:SystemAction:UseRoute53ResolverCansharerulesviaRAMacrossaccounts

5. Private Hosted Zones

Cross-Account PHZ Sharing

PrivateHostedZoneSharingAccountA(DNSOwner)PrivateHostedZone:internal.company.comAssociatedVPCs:VPC-A+AuthorizeAccountB'sVPCAuthorizationAccountBVPC-B:AssociateswithPHZCanresolveinternal.company.comSteps:1.AccountAcreatesPHZandassociatesVPC-A2.AccountAauthorizesAccountB'sVPC3.AccountBassociatesVPC-BwithPHZ4.AccountAdeletesauthorization(optional)

6. DNS Best Practices

TTL Strategy

RecordTypeRecommendedTTLStaticrecords86400(1day)Loadbalanced60-300secondsFailover60secondsorlessDuringmigration30060original

Alias vs CNAME

ALIASvsCNAMEALIAS(AWS-specific):Canbeusedatzoneapex(example.com)NochargeforqueriesNativehealthcheckintegrationReturnsA/AAAArecordsCNAME:CannotbeusedatzoneapexChargedforqueriesAdditionalDNSlookuprequiredWorkswithnon-AWSresourcesRecommendation:UseALIASforAWSresources

7. Câu hỏi ôn tập

  1. 8 routing policies của Route 53 là gì?

    Xem đáp án

    (1) Simple — single resource, no health check, (2) Weighted — % traffic theo weight, A/B testing, (3) Latency-based — route đến Region có lowest latency, (4) Failover — active-passive với health check, (5) Geolocation — route theo country/continent của user, (6) Geoproximity — route theo geographic proximity với bias adjustment (Traffic Flow only), (7) Multivalue Answer — multiple healthy IPs, (8) IP-based — route theo client IP CIDR prefix (2023 feature).

  2. Geolocation khác Latency routing như thế nào?

    Xem đáp án

    Geolocation: route dựa trên địa lý vật lý (country, continent, subdivision) — user từ Vietnam luôn đến endpoint được assign cho Vietnam/Asia, bất kể latency. Dùng cho compliance (data residency), localization (show Vietnamese content), content restrictions. Latency-based: route đến Region có latency thấp nhất — user từ Vietnam có thể đến Singapore hay Tokyo tùy latency tốt hơn. Dùng cho performance optimization.

  3. Health check types là gì?

    Xem đáp án

    3 types: (1) Endpoint health checks — monitor HTTP/HTTPS/TCP endpoint trực tiếp (Route 53 health checkers từ nhiều Regions), (2) Calculated health checks — combine status của multiple health checks (AND/OR logic), (3) CloudWatch alarm health checks — trạng thái dựa trên CloudWatch alarm state. Health check frequency: 30s (standard) hoặc 10s (fast, thêm chi phí). Threshold: 3 của 5 health checkers fail → unhealthy.

  4. Route 53 Resolver dùng để làm gì?

    Xem đáp án

    Route 53 Resolver là DNS resolver trong VPC (mặc định tại 169.254.169.253). Resolver Endpoints cho hybrid connectivity: Inbound Endpoint — on-premises DNS forward queries đến AWS để resolve Route 53 private zones; Outbound Endpoint — EC2 trong VPC forward queries đến on-premises DNS servers. Resolver Rules define which domains forward to which DNS servers. Cần cho Split-horizon DNS (same domain, different IPs internal vs external).

  5. ALIAS record khác CNAME như thế nào?

    Xem đáp án

    CNAME: DNS standard, map hostname → hostname khác, không dùng được tại apex domain (example.com bare domain), tính phí query. ALIAS: Route 53 extension, map hostname → AWS resources (ALB DNS name, CloudFront, S3 website, API GW, Elastic Beanstalk), dùng được tại apex domain, không tính phí query riêng, support health check, AWS auto-update IP nếu resource IP thay đổi. Luôn ưu tiên ALIAS cho AWS resources.

8. Bài tập thực hành

  • Create weighted routing records
  • Setup health checks với failover
  • Configure Route 53 Resolver rules
  • Test failover scenarios

Tài liệu tham khảo chính thức

Ngày tiếp theo: Quiz tổng kết Tuần 4