Deploy Acceleration Services with Global Accelerator (GA)
Create a GA instance from scratch and complete end-to-end configuration (Instance -> Acceleration Region -> Listener -> Endpoint Group -> Forwarding Rules) to enable global network acceleration for your services.
1. Scenario Overview
1.1 Applicable Scenarios
- - Cross-border Web/API acceleration: Overseas users accessing domestic web services, or domestic users accessing overseas services
- Global gaming acceleration: Reduce cross-region latency and improve player experience
- Audio/video transmission acceleration: Optimize cross-region real-time audio/video communication
- Enterprise application acceleration: Accelerate cross-border enterprise internal system access
1.2 Architecture
CODEBLOCK0
CODEBLOCK1
Products involved: GA + Certificate Management Service (for HTTPS scenarios)
1.3 Customer Value
- - Leverage the Alibaba Cloud global transmission network to significantly reduce cross-region access latency
- Complete end-to-end configuration in a single session to quickly enable Global Accelerator
2. Installation
Pre-check: Aliyun CLI >= 3.3.1 required
Run aliyun version to verify >= 3.3.1. If not installed or version too low, see references/cli-installation-guide.md for installation instructions.
Then [MUST] run the following to enable automatic plugin installation:
�CODEBLOCK2
3. Authentication
Pre-check: Alibaba Cloud Credentials Required
Security Rules:
- - NEVER read, echo, or print AK/SK values (e.g.,
echo $ALIBABA_CLOUD_ACCESS_KEY_ID is FORBIDDEN) - NEVER ask the user to input AK/SK directly in the conversation or command line
- NEVER use
aliyun configure set with literal credential values - ONLY use
aliyun configure list to check credential status
> aliyun configure list --user-agent AlibabaCloud-Agent-Skills
>
Check the output for a valid profile (AK, STS, or OAuth identity).
If no valid profile exists, STOP here.
- 1. Obtain credentials from Alibaba Cloud Console
- Configure credentials outside of this session (via
aliyun configure in terminal or environment variables in shell profile) - Return and re-run after
aliyun configure list shows a valid profile
4. RAM Policy
This skill requires the following RAM permissions. See references/ram-policies.md for the complete list.
5. GA Service Activation Check
Pre-check: GA service must be activated
Before performing any GA operation, you must confirm that the Global Accelerator service has been activated.
> aliyun ga DescribeAcceleratorServiceStatus --region cn-hangzhou --user-agent AlibabaCloud-Agent-Skills
>
Check the Status field in the response:
- -
Normal: The service is activated. Proceed with subsequent steps. - Other statuses: The service is not activated. Activate it first:
> aliyun ga OpenAcceleratorService --region cn-hangzhou --user-agent AlibabaCloud-Agent-Skills
>
After activation, re-run DescribeAcceleratorServiceStatus to confirm the status is Normal, then proceed.
If the service is not activated and activation fails, STOP here.
6. Parameter Confirmation
Important: Parameter Confirmation -- Before executing any command or API call,
all user-configurable parameters must be confirmed with the user.
Do not assume or use default values without the user's explicit consent.
| Parameter | Required | Description | Default |
|---|
| AcceleratorName | Optional | GA instance name | - |
| AccelerateRegionId |
Required | Acceleration region ID (region where users access) | - |
| IspType | Optional | ISP line type for the acceleration region | China (Hong Kong):
BGP_PRO, Others:
BGP |
| Bandwidth | Required | Acceleration region bandwidth (Mbps) | - |
| ListenerProtocol | Optional | Listener protocol:
TCP/
UDP/
HTTP/
HTTPS |
HTTPS |
| ListenerPort | Optional | Listener port |
443 |
| CertificateId | Conditional | SSL certificate ID (HTTPS listeners only) | - |
| EndpointGroupRegion | Required | Endpoint group region (region of the origin server) | - |
| EndpointType | Required | Endpoint type | - |
| Endpoint | Required | Endpoint address (IP/domain/instance ID) | - |
| EndpointPort | Optional | Endpoint port | Same as listener port |
| CrossBorder | Required | Whether cross-border acceleration is involved | - |
| CrossBorderMode | Required | Cross-border mode:
private or
bgpPro |
private (recommended for production) |
Supported endpoint types: Domain (Custom Domain) / Ip (Custom IP) / ECS / SLB (CLB) / ALB / NLB / OSS
7. Core Workflow
7.1 Prerequisites and General Rules
Blocking requirement: Before entering the workflow, you MUST use the Read tool to fully read the following files. No steps may be executed until reading is complete.
Scope constraints (strictly enforced):
- - Instance type and billing restriction: This skill can ONLY create pay-as-you-go (postpay) + CDT Standard GA instances. Creating prepaid (subscription) Standard instances or Basic GA instances of any billing mode is FORBIDDEN. Calling
CreateBasicAccelerator is FORBIDDEN. If the user requests a prepaid instance or a Basic instance, inform them that this skill does not support it and suggest creating it manually via the Alibaba Cloud Console. - New instances by default: This skill defaults to creating and configuring new GA instances. Modifying, updating, or deleting existing GA instances or their sub-resources (acceleration regions, listeners, endpoint groups, forwarding rules, etc.) is only permitted when the user explicitly specifies the target GA instance ID to operate on. Without an explicit user instruction identifying a specific existing instance, all operations MUST target newly created instances only.
- GA product boundary: Write operations (create/update/delete) are limited to the GA product only. For all other Alibaba Cloud products and services (e.g., CAS, CMS, ECS, SLB, ALB, NLB, OSS), only read-only (Describe/List/Get/Query) operations are permitted. Any non-read-only operation on other products is FORBIDDEN.
General rules (apply throughout the entire workflow):
- - User-Agent requirement [MANDATORY]: ALL
aliyun CLI commands (including ga, sts, cas, cms, and any other Alibaba Cloud service calls) MUST include --user-agent AlibabaCloud-Agent-Skills. This flag must be appended to every CLI invocation without exception. Commands missing this flag are non-compliant. - Parameter confirmation: All user-configurable parameters must be confirmed with the user before execution. Do not assume or use default values.
- Status check: After each creation step, query the instance status and wait until it becomes
active before proceeding to the next step. - API metadata validation: Before generating CLI commands, use WebFetch to retrieve API metadata and verify parameter accuracy.
URL: �INLINECODE38
7.2 Interaction Flow
CODEBLOCK6
7.3 API Execution Order
Call the following APIs in order to create resources. After each step, wait for the instance status to become active:
CODEBLOCK7
7.4 Cross-border Configuration Key Points
Cross-border mode MUST be set before creating IpSets/Listeners. Do not skip or defer this step.
Mode selection:
| Mode | Description | Applicable Scenario |
|---|
| INLINECODE40� (Private cross-border) | Higher quality, lower cost | Recommended for production |
| INLINECODE41� (BGP Premium cross-border) |
Temporary alternative | Use only when
private fails due to compliance review |
Execution steps:
- 1. Enable cross-border acceleration: �INLINECODE43
- Immediately set the cross-border mode: �INLINECODE44
- Confirm approval status: �INLINECODE45
Fallback handling:
If switching to private fails (e.g., cross-border compliance review has not been approved), inform the user:
*"Switching cross-border mode to private is pending compliance approval. Currently using bgpPro (BGP Premium).
Please complete the cross-border compliance review, then re-run UpdateAcceleratorCrossBorderMode --CrossBorderMode private."*
Post-deployment check:
After all resources are created, call DescribeAccelerator to check the current cross-border mode. If the mode is not private, attempt to switch:
CODEBLOCK8
If it still fails, inform the user:
"The current cross-border mode is bgpPro (BGP Premium). It is recommended to switch to private (Private cross-border) mode after the cross-border compliance review is approved for better performance and stability."
8. Verification
Quick Verification
CODEBLOCK9
Acceleration Performance Testing
Must read: When performing acceleration performance testing or latency comparison, use the Read tool to read references/acceleration-test-guide.md and select the appropriate test method based on the listener protocol:
- - HTTP: curl output
time_connect / time_starttransfer / �INLINECODE56 - HTTPS: curl output
time_connect / time_appconnect / time_starttransfer / �INLINECODE60 - TCP (non-HTTP): curl with
telnet:// protocol - UDP:
scripts/udping.py -c 10 <ip> <port> -- requires a UDP Echo Server running on the origin server
You must compare non-accelerated (direct to origin server) and accelerated (through GA) results.
9. Cleanup
CODEBLOCK10�
10. API and Command Reference
See references/related-apis.md for the complete API list and CLI parameter formats.
Note: GA APIs use RPC-style PascalCase naming. Nested array parameters require dot notation + --method POST --force.
11. Important Notes
All important operational notes, constraints, defaults, and common pitfalls are maintained in references/important-notes.md.
You must fully read important-notes.md before starting the deployment workflow. It contains critical information on billing, cross-border configuration, status management, and parameter formats that directly affect deployment success.
12. Best Practices
- 1. Gather before configuring -- Fully understand the business requirements before planning configuration
- Confirm all parameters -- All user-configurable parameters must be confirmed before execution
- Check status after each step -- After each creation operation, wait for the instance status to become �INLINECODE64
- Prefer private cross-border mode -- Use
private mode whenever possible for cross-border scenarios - Isolate endpoint groups -- Use separate endpoint groups + forwarding rules for different domains/services
- Verify after deployment -- Perform end-to-end configuration verification and connectivity testing after deployment
13. Reference Documents
API and CLI command reference |
|
references/ram-policies.md | RAM permission policies |
|
references/acceleration-test-guide.md | Acceleration performance testing guide |
|
GA Official Documentation | Global Accelerator official documentation |
|
GA OpenAPI Explorer | Online API debugging |
使用全球加速(GA)部署加速服务
从头创建一个GA实例并完成端到端配置(实例 -> 加速区域 -> 监听器 -> 终端节点组 -> 转发规则),为您的服务启用全球网络加速。
1. 场景概述
1.1 适用场景
- - 跨境Web/API加速:海外用户访问国内Web服务,或国内用户访问海外服务
- 全球游戏加速:降低跨区域延迟,提升玩家体验
- 音视频传输加速:优化跨区域实时音视频通信
- 企业应用加速:加速跨境企业内部系统访问
1.2 架构
客户端 -> 加速IP/CNAME -> 全球加速 (GA) -> (跨境/跨区域传输) -> 转发规则 -> 终端节点组 -> 源站
+---------------------------------------------+
| 客户端(加速区域) |
+----------------------+----------------------+
|
+------+------+
| 加速IP |
| (由GA分配) |
+------+------+
|
+-------------------------------------------+-------------------------------------------+
| 全球加速 (GA) | |
| +----------------------------------------+----------------------------------------+ |
| | 监听器 | | |
| | 协议:HTTPS/HTTP/TCP/UDP | | |
| | 端口:443/80/自定义 | | |
| +----------------------------------------+----------------------------------------+ |
| | |
| +----------------------------------------+----------------------------------------+ |
| | 转发规则 | | |
| | HTTP/HTTPS:按域名/路径路由 | TCP:按域名路由 | |
| +-------+----------------+---------------+-------------------+--------------------+ |
| | | | |
| +-------+------+ +------+-------+ +-------------------------+--+ |
| | 终端节点组 | | 终端节点组 | | 默认终端节点组 | |
| | A | | B | | (未匹配规则) | |
| | api.example | | web.example | | | |
| | +----------+ | | +----------+ | | +----------+ | |
| | | ECS/ALB | | | | 域名 | | | | NLB/IP | | |
| | +----------+ | | +----------+ | | +----------+ | |
| +--------------+ +--------------+ +----------------------------+ |
+-----------------------------------------------------------------------------------+
涉及产品:GA + 证书管理服务(适用于HTTPS场景)
1.3 客户价值
- - 利用阿里云全球传输网络,显著降低跨区域访问延迟
- 单次会话完成端到端配置,快速启用全球加速
2. 安装
前置检查:需要阿里云CLI >= 3.3.1
运行 aliyun version 验证版本是否 >= 3.3.1。如果未安装或版本过低,请参阅 references/cli-installation-guide.md 获取安装说明。
然后 [必须] 运行以下命令以启用自动插件安装:
bash
aliyun configure set --auto-plugin-install true
3. 认证
前置检查:需要阿里云凭证
安全规则:
- - 严禁读取、回显或打印AK/SK值(例如,echo $ALIBABACLOUDACCESSKEYID 是禁止的)
- 严禁要求用户在对话或命令行中直接输入AK/SK
- 严禁使用带有明文凭证值的 aliyun configure set 命令
- 仅允许使用 aliyun configure list 检查凭证状态
bash
aliyun configure list --user-agent AlibabaCloud-Agent-Skills
检查输出中是否存在有效的配置文件(AK、STS或OAuth身份)。
如果没有有效的配置文件,请在此处停止。
- 1. 从 阿里云控制台 获取凭证
- 在此会话之外配置凭证(通过终端中的 aliyun configure 或Shell配置文件中的环境变量)
- 在 aliyun configure list 显示有效配置文件后返回并重新运行
4. RAM策略
此技能需要以下RAM权限。完整列表请参见 references/ram-policies.md。
5. GA服务开通检查
前置检查:必须开通GA服务
在执行任何GA操作之前,必须确认全球加速服务已开通。
bash
aliyun ga DescribeAcceleratorServiceStatus --region cn-hangzhou --user-agent AlibabaCloud-Agent-Skills
检查响应中的 Status 字段:
- - Normal:服务已开通。继续后续步骤。
- 其他状态:服务未开通。请先开通:
bash
aliyun ga OpenAcceleratorService --region cn-hangzhou --user-agent AlibabaCloud-Agent-Skills
开通后,重新运行 DescribeAcceleratorServiceStatus 确认状态为 Normal,然后继续。
如果服务未开通且开通失败,请在此处停止。
6. 参数确认
重要:参数确认 -- 在执行任何命令或API调用之前,
所有用户可配置的参数都必须与用户确认。
未经用户明确同意,不得假设或使用默认值。
| 参数 | 是否必需 | 描述 | 默认值 |
|---|
| AcceleratorName | 可选 | GA实例名称 | - |
| AccelerateRegionId |
必需 | 加速区域ID(用户访问所在的区域) | - |
| IspType | 可选 | 加速区域的ISP线路类型 | 中国(香港):BGP_PRO,其他:BGP |
| Bandwidth | 必需 | 加速区域带宽(Mbps) | - |
| ListenerProtocol | 可选 | 监听器协议:TCP/UDP/HTTP/HTTPS | HTTPS |
| ListenerPort | 可选 | 监听器端口 | 443 |
| CertificateId | 条件必需 | SSL证书ID(仅HTTPS监听器需要) | - |
| EndpointGroupRegion | 必需 | 终端节点组区域(源站所在的区域) | - |
| EndpointType | 必需 | 终端节点类型 | - |
| Endpoint | 必需 | 终端节点地址(IP/域名/实例ID) | - |
| EndpointPort | 可选 | 终端节点端口 | 与监听器端口相同 |
| CrossBorder | 必需 | 是否涉及跨境加速 | - |
| CrossBorderMode | 必需 | 跨境模式:private 或 bgpPro | private(生产环境推荐) |
支持的终端节点类型:Domain(自定义域名)/ Ip(自定义IP)/ ECS / SLB(CLB)/ ALB / NLB / OSS
7. 核心工作流
7.1 前提条件和通用规则
阻塞要求:进入工作流之前,必须使用Read工具完整阅读以下文件。在阅读完成之前,不得执行任何步骤。
范围约束(严格执行):
- - 实例类型和计费限制:此技能只能创建按量付费(后付费)+ CDT标准GA实例。禁止创建预付费(订阅)标准实例或任何计费模式的基础GA实例。禁止调用 CreateBasicAccelerator。如果用户要求预付费实例或基础实例,请告知此技能不支持,并建议通过 阿里云控制台 手动创建。
- 默认新建实例:此技能默认创建和配置新的GA实例。仅当用户明确指定要操作的目标GA实例ID时,才允许修改、更新或删除现有的GA实例或其子资源(加速区域、监听器、终端节点组、转发规则等)。如果没有用户明确指示识别特定现有实例,所有操作必须仅针对新创建的实例。
- GA产品
