Double 11 Singles Day Network Products & Technology Overview

Everyone knows that 2017 double 11 has set a new record, with a total trading volume of 168.2 billion, a peak transaction of 325,000 pens per second, and a peak payment of 25.6 W pens per second. Behind the carnival is an extremely complex and huge technical system. Interested in Students can refer to the technology behind 168.2 billion, including a large number of Alibaba Cloud computing related products and technologies, while network related products occupy an important position, hybrid cloud architecture, proprietary network VPC, load balancing SLB, NAT gateway, High-speed channels are typical representatives of network products. So, what role do these network products and technologies play in the double 11 carnival? What is the impact on everyone's shopping? Alibaba Cloud Network Product Team reveals the secrets of the network products of Yunqi Community through the 11 series of articles.

Note: If you don't know much about network products, it is recommended to read a picture to understand Alibaba Cloud network products [1] network product overview

The following is an introduction to the main network products in the dual 11 - proprietary network VPC, load balancing SLB, NAT gateway, high-speed channel and hybrid cloud architecture.

VPC-secure network container

VPC (Virtual Private Cloud) is an isolated, secure network environment on the cloud. It is like a private network container on the cloud. This container is completely isolated from other users. After the network container, you can "place" the required cloud products and resources in this container, such as load balancing SLB, RDS and so on.

VPC is the basis for users to have network management capabilities on the cloud. For example, selecting an IP address range, subnetting, configuring a gateway, achieving more than private network interworking, and interworking with IDC under the cloud all need to rely on VPC. With VPC, users can take control of their network.

The public cloud platform is a platform shared by many users. The transactions, orders, and logistics of the dual 11 e-commerce core are all on the public cloud platform. In order to ensure the security of the dual 11 transactions, a proprietary network VPC is used for tenant isolation.

Proprietary network VPCs use tunneling technology for logical isolation, which is more secure than classic networks. This may be a bit abstract. For example, the tunneling technology used by VPC is like opening different tunnels on the same road. Each user has its own unique tunnel, which is completely isolated from other users' tunnels. The security isolation technology of the network is like having different lanes on the same road. The lanes are isolated by the isolation belt. Compared with the tunnel isolation, it is safe.

You may ask, is a VPC capacity enough? Can you save so many ECS? There is no need to worry about this. There are more than 20,000 ECSs for a single VPC on the public cloud platform. In a container environment, a single VPC also has a VPC that accommodates 5W containers, which can easily meet the resource requirements of the business.

Load balancing SLB-traffic flood peak scheduler

Load-balancing SLB products support the distribution of traffic to multiple ECSs to improve the service capabilities of application systems, and have long been the entry point for critical business systems. The traffic peaks of the two 1.1 billion users need to be processed by a large number of ECS servers, and the scheduling of these ECSs needs to rely on the load balancing SLB. The load balancing SLB receives the user's request, intelligently dispatches it to the ECS of the back end for processing, and will process it. The result is returned to the user.

It can be said that the double 11 traffic peak can not hold, the user communication experience is smooth, load balancing SLB is the key factor. For load balancing, the most critical is processing power and scheduling efficiency. The specific technical indicators are as follows:

Peak flow per second

New connection per second CPS

Maximum concurrent connections MaxConn

QPS per second

Number of backend ECS that can be scheduled

So, what is the performance of the dual 11 load balancing SLB? Below is the relevant data of one of the examples.

Indicator item data

Peak flow per second 10G

New connection per second CPS 10W

Maximum concurrent connections MaxConn 300W

The number of back-end ECS exceeds 1,000

It should be noted that this is just an instance of the data, and the load balancing SLB in the double 11 uses many examples. SLB clusters have different processing capabilities depending on the size. A common public cloud cluster can provide a maximum number of connections of more than 100 million, a new connection of more than 1000W per second, and a total cluster bandwidth of 640Gbps.

So, behind the data, what configuration does the dual 11 load balancing instance use? What optimizations have been made to the load balancing cluster? Recommended reading Demystifying the network behind the 2017 double 11 - face double 11 flood peak load balancing SLB

NAT gateway - the key to successful payment

The NAT gateway product supports SNAT and DNAT functions. The SNAT function provides access to the Internet for the public network ECS in the VPC. It also supports mapping the public network IP address to the VPC ECS through DNAT, so that the VPC ECS can provide services to the Internet.

The NAT 11 in the dual 11 mainly provides the SNAT service. Why is the NAT gateway the key to successful payment in the dual 11? As shown below, when the user selects their favorite baby, click "Submit Order"

That will jump to Alipay for payment. At this time, you need to use the NAT gateway to call Alipay's payment interface. This is the SNAT function of the NAT gateway. 

The peak value of the Double 11 Alipay transaction reaches 25.6W pens/second, and each payment requires a NAT gateway. This requires the NAT gateway to have ultra-large bandwidth and large concurrent connections. Of course, it also needs to have superior disaster tolerance. During the entire double 11 period, the maximum number of connections of one of the NAT gateways is as high as 300W.

High-speed channel - the world's largest hybrid cloud network channel

The hybrid cloud connects the public cloud and the data center under the cloud through a dedicated line, and the cloud is connected under the cloud. This is a hybrid cloud. Hybrid cloud can not only protect the investment of the original offline IDC, but also make full use of the flexibility of the cloud, especially for the promotion scene such as Double 11. It can be said that the development of the double 11 to the ninth year has long surpassed the consumption and retail fields, and it is an unprecedented socialization and synergy. It has become the largest experimental field for business, economic and technological changes. Therefore, the Double 11 is also the world's largest hybrid. The excellent practice of cloud architecture, in this cloud, commodity browsing, order payment, customer service, logistics query, etc., many system calls frequently between the public cloud and the cloud data center, has become a tight whole, These cloud-on-the-cloud system calls rely on hybrid cloud network channels, which are high-speed channels.

The high-speed channel has two important functions. One is the dedicated line, which connects the offline IDC and the VPC on the cloud, and the other is the VPC interconnection, which connects the different VPCs .

So, what is the hybrid cloud architecture under the support of the high-speed channel in the double 11? Recommended reading Demystifying the network behind 2017 Double 11 - the world's largest hybrid cloud architecture

The system behind the network products - Luo Shen

In addition to the network products themselves, the network is the infrastructure of any other system or product. For example, the database in the Double 11 has a processing peak of 42 million times/second, which depends on the underlying network technology. Another example is the live broadcast of the double 11 party, and the network performance of ECS is more dependent on the unnamed hero-virtual switch that exists on the host machine. It can be said that the network is the foundation of the thousands of systems behind the double 11, is the foundation of the foundation, the core of the core. So, what is the virtual network system behind the double 11? Here is a brief introduction to the virtual network system of Apsara - Luo Shen, the follow-up will introduce more Luo Shen system.

Luoshen is divided into control plane, data plane and operation plane. The control plane mainly uses the idea and technology of SDN to manage and control the network. For example, the opening of VPC ECS needs to be carried out through the control plane. The data plane mainly refers to data forwarding. For example, EC2 needs to access the Internet or other ECS. As with the ECS network performance mentioned above, it depends on the relevant modules of the data plane. Qitian (QITAN) is a network intelligent analysis platform that is responsible for intelligent analysis, real-time monitoring of the entire virtual network system, and intelligent robots to provide services.

It can be said that the network is everywhere, but the highest level of the network in the double 11 is that the shopping carnival does not perceive the existence of the network, and the smooth and silky shopping experience is the greatest significance of the network.