# What is AWS Global Accelerator?
<a name="what-is-global-accelerator"></a>

AWS Global Accelerator is a service in which you create *accelerators* to improve the performance of your applications for local and global users. Depending on the type of accelerator you choose, you can gain additional benefits: 
+ With a standard accelerator, you can improve availability of your internet applications that are used by a global audience. With a standard accelerator, Global Accelerator directs traffic over the AWS global network to endpoints in the nearest Region to the client. 
+ With a custom routing accelerator, you can map one or more users to a specific destination among many destinations.

Global Accelerator is a global service that supports endpoints in multiple AWS Regions. To determine if Global Accelerator or other services are currently supported in a specific AWS Region, see the [AWS Regional Services List](https://aws.amazon.com/about-aws/global-infrastructure/regional-product-services/).

By default, Global Accelerator provides you with static IP addresses that you associate with your accelerator. The static IP addresses are anycast from the AWS edge network. For IPv4, Global Accelerator provides two static IPv4 addresses. For dual-stack, Global Accelerator provides a total of four addresses: two static IPv4 addresses and two static IPv6 addresses. For IPv4, instead of using the addresses that Global Accelerator provides, you can configure these entry points to be IPv4 addresses from your own IP address ranges that you bring to Global Accelerator (BYOIP). 

**Important**  
The static IP addresses remain assigned to your accelerator for as long as it exists, even if you disable the accelerator and it no longer accepts or routes traffic. However, when you *delete* an accelerator, you lose the static IP addresses that are assigned to it, so you can no longer route traffic by using them. You can use IAM policies, like tag-based permissions with Global Accelerator, to limit the users who have permissions to delete an accelerator. For more information, see [ABAC with Global Accelerator](security_iam_service-with-iam.md#security_iam_service-with-iam-tags).

For standard accelerators, Global Accelerator uses the AWS global network to route traffic to the optimal regional endpoint based on health, client location, and policies that you configure, which increases the availability of your applications. Endpoints for standard accelerators can be Network Load Balancers, Application Load Balancers, Amazon EC2 instances, or Elastic IP addresses that are located in one AWS Region or multiple Regions.

The service reacts instantly to changes in health or configuration to ensure that internet traffic from clients is always directed to healthy endpoints. Global Accelerator also respects traffic redirection or blocking by several other AWS services: 
+ Global Accelerator respects ARC traffic redirection for supported endpoints, to reroute traffic from a potentially impaired Availability Zone with a zonal shift or zonal autoshift. For more information, see [ Multi-AZ recovery in Amazon Application Recovery Controller (ARC)](https://docs.aws.amazon.com/r53recovery/latest/dg/multi-az.html).
+ Global Accelerator respects VPC Block Public Access, including both modes (bidirectional and ingress-only). When the feature is enabled for an AWS account, Global Accelerator does not serve traffic in the Region for the VPC, except for excluded VPCs and subnets, if any. Note, however, that egress-only exclusions are still blocked for excluded VPCs and subnets. VPC and subnet exclusions must allow ingress traffic. For more information, see [ Block public access to VPCs and subnets](https://docs.aws.amazon.com/vpc/latest/userguide/security-vpc-bpa.html).

Custom routing accelerators only support Amazon VPC (VPC) subnet endpoint types and route traffic to private IP addresses in that subnet.

**Topics**
+ [Components](introduction-components.md)
+ [AWS Regions](preserve-client-ip-address.regions.md)
+ [How it works](introduction-how-it-works.md)
+ [IP address ranges](introduction-ip-ranges.md)
+ [Use cases](introduction-benefits-of-migrating.md)
+ [Speed Comparison Tool](introduction-speed-comparison-tool.md)
+ [How to get started](introduction-get-started.md)
+ [Tagging](tagging-in-global-accelerator.md)
+ [Pricing](introduction-pricing.md)

# AWS Global Accelerator components
<a name="introduction-components"></a>

AWS Global Accelerator includes the following components:

**Static IP addresses**  
By default, Global Accelerator provides you with static IP addresses that you associate with your accelerator. The static IP addresses are anycast from the AWS edge network. For IPv4, Global Accelerator provides two static IPv4 addresses. For dual-stack, Global Accelerator provides a total of four addresses: two static IPv4 addresses and two static IPv6 addresses. If you bring your own IP address range to AWS (BYOIP) to use with Global Accelerator (IPv4 only), you can instead assign IPv4 addresses from your own pool to use with your accelerator. For more information, see [Bring your own IP addresses (BYOIP) in Global Accelerator](using-byoip.md).  
The IP addresses serve as single fixed entry points for your clients. If you already have Elastic Load Balancing load balancers, Amazon EC2 instances, or Elastic IP address resources set up for your applications, you can easily add those to a standard accelerator in Global Accelerator. This allows Global Accelerator to use static IP addresses to access the resources. If you'd like to access an API Gateway by using Global Accelerator static IP addresses, see the following blog post for more information: [ Accessing an Amazon API Gateway via static IP addresses provided by AWS Global Accelerator](https://aws.amazon.com/blogs/networking-and-content-delivery/accessing-an-aws-api-gateway-via-static-ip-addresses-provided-by-aws-global-accelerator/).  
The static IP addresses remain assigned to your accelerator for as long as it exists, even if you disable the accelerator and it no longer accepts or routes traffic. However, when you *delete* an accelerator, you lose the static IP addresses that are assigned to it, so you can no longer route traffic by using them. You can use IAM policies, such as tag-based permissions, with Global Accelerator to limit the users who have permissions to delete an accelerator. For more information, see [ABAC with Global Accelerator](security_iam_service-with-iam.md#security_iam_service-with-iam-tags).

**Accelerator**  
An accelerator directs traffic to endpoints over the AWS global network to improve the performance of your internet applications. Each accelerator includes one or more listeners.  
There are two types of accelerators:  
+ A *standard* accelerator directs traffic to the optimal AWS endpoint based on several factors, including the user’s location, the health of the endpoint, and the endpoint weights that you configure. This improves the availability and performance of your applications. Endpoints can be Network Load Balancers, Application Load Balancers, Amazon EC2 instances, or Elastic IP addresses.
+ A *custom routing* accelerator lets you deterministically route multiple users to a specific EC2 destination behind your accelerator, as is required for some use cases. You do this by directing users to a unique IP address and port on your accelerator, which Global Accelerator has mapped to the destination. Note that custom routing accelerators do not support dual-stack for IP addresses.
For more information, see [Types of accelerators](introduction-how-it-works.md#introduction-accelerator-types).

**DNS name**  
Global Accelerator assigns each accelerator a default Domain Name System (DNS) name, similar to `a1234567890abcdef.awsglobalaccelerator.com`, that points to the static IP addresses that Global Accelerator assigns to you or that you choose from your own IP address range. If you have a dual-stack accelerator, Global Accelerator also assigns you a dual-stack DNS name, similar to `a1234567890abcdef.dualstack.awsglobalaccelerator.com` that points to the four static IP addresses for your dual-stack accelerator.  
Depending on the use case, you can use your accelerator's static IP addresses or DNS name to route traffic to your accelerator, or set up DNS records to route traffic using your own custom domain name. For more information, see [Support for DNS addressing in AWS Global Accelerator](dns-addressing-custom-domains.dns-addressing.md).

**Network zone**  
Similar to an AWS Availability Zone, a network zone is an isolated unit with its own set of physical infrastructure. When you create an accelerator, Global Accelerator provides you with a set of static IP addresses: two static IPv4 addresses for an accelerator with an IPv4 IP address type or four static IP addresses for a dual-stack accelerator (two IPv4 addresses and two IPv6 addresses). Global Accelerator serves one static IP address per network zone from a unique IP subnet for each IP address family. If one address from a network zone becomes unavailable, due to IP address blocking by certain client networks or network disruptions, client applications can retry on the healthy static IP address from the other isolated network zone.

**Listener**  
A listener processes inbound connections from clients to Global Accelerator, based on the port (or port range) and protocol (or protocols) that you configure. A listener can be configured for TCP, UDP, or both TCP and UDP protocols. Each listener has one or more endpoint groups associated with it, and traffic is forwarded to endpoints in one of the groups. You associate endpoint groups with listeners by specifying the Regions that you want to distribute traffic to. With a standard accelerator, traffic is distributed to optimal endpoints within the endpoint groups associated with a listener.

**Endpoint group**  
Each endpoint group is associated with a specific AWS Region. Endpoint groups include one or more endpoints in the Region. With a standard accelerator, you can increase or reduce the percentage of traffic that would be otherwise directed to an endpoint group by adjusting a setting called a *traffic dial*. The traffic dial lets you easily do performance testing or blue/green deployment testing, for example, for new releases across different AWS Regions. 

**Endpoint**  
An endpoint is the resource that Global Accelerator directs traffic to.  
Endpoints for standard accelerators can be Network Load Balancers, Application Load Balancers, EC2 instances, or Elastic IP addresses. An Application Load Balancer endpoint can be an internet-facing or internal. Traffic for standard accelerators is routed to endpoints based on the health of the endpoint along with configuration options that you choose, such as endpoint weights. For each endpoint, you can configure weights, which are numbers that you can use to specify the proportion of traffic to route to each one. This can be useful, for example, to do performance testing within a Region.  
Endpoints for custom routing accelerators are Amazon VPC (VPC) subnets with one or many Amazon EC2 instances that are the destinations for traffic.

# AWS Region availability for AWS Global Accelerator
<a name="preserve-client-ip-address.regions"></a>

For detailed information about Regional support and service endpoints for AWS Global Accelerator, see [AWS Global Accelerator endpoints and quotas](https://docs.aws.amazon.com/general/latest/gr/global_accelerator.html) in the *Amazon Web Services General Reference*.

**Note**  
AWS Global Accelerator is a global service. However, you must specify the US West (Oregon) Region (that is, specify the parameter `--region us-west-2`) in Regional Global Accelerator AWS CLI commands. That is, when you create resources, such as accelerators.

Global Accelerator is currently available in the following AWS Regions. Availability Zone (AZ) exceptions are noted. Adding endpoints in AWS Local Zones is not supported.

[\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/global-accelerator/latest/dg/preserve-client-ip-address.regions.html)

# How AWS Global Accelerator works
<a name="introduction-how-it-works"></a>

The static IP addresses provided by AWS Global Accelerator serve as single fixed entry points for your clients. When you set up your accelerator with Global Accelerator, you associate the static IP addresses to regional endpoints in one or more AWS Regions. For standard accelerators, the endpoints are Network Load Balancers, Application Load Balancers, Amazon EC2 instances, or Elastic IP addresses. For custom routing accelerators, endpoints are Amazon VPC (VPC) subnets with one or more EC2 instances. The static IP addresses accept incoming traffic onto the AWS global network from the edge location that is closest to your users.

**Note**  
If you bring your own IP address range to AWS (BYOIP) to use with Global Accelerator, you can instead assign static IP addresses from your own pool to use with your accelerator. For more information, see [Bring your own IP addresses (BYOIP) in Global Accelerator](using-byoip.md).

From the edge location, traffic for your application is routed based on the type of accelerator that you configure. 
+ For standard accelerators, traffic is routed to the optimal AWS endpoint based on several factors, including the user’s location, the health of the endpoint, and the endpoint weights that you configure. 
+ For custom routing accelerators, each client is routed to a specific Amazon EC2 instance and port in a VPC subnet, based on the external static IP address and listener port that you provide.

Be aware of the following when you use Global Accelerator:
+ **Overriding endpoint weights:** In specific, limited scenarios, Global Accelerator overrides the endpoint weights that you set, to help ensure availability. When Global Accelerator is load balancing traffic across endpoints in an endpoint group, it must, in certain circumstances, choose between preserving availability for client traffic and abiding by endpoint weights. For example, with accelerators where the client IP address is preserved, Global Accelerator might need to override an endpoint weight setting to help avoid connection collisions.
+ **Security groups and rules:** When you add an accelerator, security groups and AWS WAF rules that you have already configured continue to work as they did before you added the accelerator.
+ **IP fragmentation:** IP packets that are too large to fit into a standard Ethernet frame (1500\$1 bytes) when transmitted across the internet or other large networks are fragmented by intermediate routers and sent individually. The TCP protocol does not require IP fragmentation because clients and endpoints automatically negotiate a smaller Maximum Segment Size (MSS). However, the UDP protocol requires IP fragmentation. When packets are fragmented, Global Accelerator forwards UDP fragments to the configured endpoint, which reassembles the original IP packet. Global Accelerator drops TCP fragments at the edge, because they are not supported by the AWS network.

**Topics**
+ [Overview of how it works](#how-it-works-summary)
+ [Types of accelerators](#introduction-accelerator-types)
+ [Idle timeout](#about-idle-timeout)
+ [Global static IP addresses](#about-static-ip-addresses)
+ [Health checks](#about-endpoint-groups-automatic-health-checks)
+ [Traffic dials and endpoint weights](#introduction-traffic-dials-weights)
+ [ICMP response messages](#introduction-about-icmp-messages)

## Overview of how AWS Global Accelerator works
<a name="how-it-works-summary"></a>

Traffic travels over the well-monitored, congestion-free, redundant AWS global network to the endpoint. By maximizing the time that traffic is on the AWS network, Global Accelerator ensures that traffic is always routed over the optimum network path. Global Accelerator terminates TCP connections from clients at AWS edge locations and, almost concurrently, establishes a new TCP connection with your endpoints. This gives clients faster response times (lower latency) and increased throughput.

Global Accelerator always preserves client IP addresses for endpoints on custom routing accelerators. With standard accelerators, you have the option to preserve and access the client IP address for some endpoint types. For detailed information about the endpoint types and configurations that Global Accelerator supports, including client IP address preservation support, see [Requirements for resources you add as accelerator endpoints](about-endpoints-caveats.md).

With standard accelerators, Global Accelerator continuously monitors the health of all endpoints, and instantly begins directing traffic for all new connections to another available endpoint when it determines that an active endpoint is unhealthy. This allows you to create a high-availability architecture for your applications on AWS. Health checks aren't used with custom routing accelerators and there is no failover, because you specify the destination to route traffic to.

If you want fine-grained control over your global traffic, you can configure *weights* for your endpoints in a standard accelerator. In addition, you can use the *traffic dial* in Global Accelerator to increase (dial up) or decrease (dial down) the percentage of traffic to a specific endpoint group, for example, for performance testing or stack upgrades. 

## Types of accelerators
<a name="introduction-accelerator-types"></a>

There are two types of accelerators that you can use with AWS Global Accelerator: *standard accelerators* and *custom routing accelerators*. Both types of accelerators route traffic over the AWS global network to improve performance and stability, but they're each designed for different application needs. 

**Standard accelerator**  
By using a standard accelerator, you can improve the availability and performance of your applications running on Application Load Balancers, Network Load Balancers, or Amazon EC2 instances. With a standard accelerator, Global Accelerator routes client traffic across regional endpoints based on geo-proximity and endpoint health. It also allows customers to shift client traffic across endpoints based on controls such as traffic dials and endpoint weights. This works for a wide variety of use cases, including blue/green deployment, A/B testing, and multi-Region deployment. To see more use cases, see [Understanding AWS Global Accelerator use cases](introduction-benefits-of-migrating.md).  
To learn more, see [Working with standard accelerators in AWS Global Accelerator](work-with-standard-accelerators.md).

**Custom routing accelerator**  
Custom routing accelerators work well for scenarios where you want to use custom application logic to direct one or more users to a specific destination and port among many, while still gaining the performance benefits of Global Accelerator. One example is VoIP applications that assign multiple callers to a specific media server to start voice, video, and messaging sessions. Another example is online real-time gaming applications where you want to assign multiple players to a single session on a game server based on factors such as geographic location, player skill, and game mode.  
Custom routing accelerators support only the IPv4 IP address type.
To learn more, see [Working with custom routing accelerators in AWS Global Accelerator](work-with-custom-routing-accelerators.md).

Based on your specific needs, you create one of these types of accelerators to accelerate your customer traffic. 

## Understanding idle timeout in AWS Global Accelerator
<a name="about-idle-timeout"></a>

AWS Global Accelerator sets an idle timeout period that applies to its connections. If no data has been sent or received by the time that the idle timeout period elapses, Global Accelerator closes the connection. The idle timeout periods are not customizable.

To prevent connection timeout, Global Accelerator requires that you send a packet with a minimum of one byte of data, in the ingress or egress direction, within the TCP connection timeout window. You cannot use TCP keep-alive packets to maintain an open connection.

The Global Accelerator idle timeout for a network connection depends on the type of connection:
+ The timeout is 340 seconds for TCP connections.
+ The timeout is 30 seconds for UDP connections.

Global Accelerator continues to direct traffic for established connections to an endpoint until the idle timeout is met, even if the endpoint is marked as unhealthy or if it is removed from the accelerator. Global Accelerator selects a new endpoint, if needed, only when a new connection starts or after an idle timeout.

## Using static IP addresses in AWS Global Accelerator
<a name="about-static-ip-addresses"></a>

By default, Global Accelerator provides you with static IP addresses that are associated with your accelerator. You use the static IP addresses that Global Accelerator assigns to your accelerator—or that you specify from your own IP address pool, for standard accelerators—to route internet traffic to the AWS global network close to where your users are, regardless of their location. For standard accelerators, you associate the addresses with Network Load Balancers, Application Load Balancers, Amazon EC2 instances, or Elastic IP addresses that run in a single AWS Region or multiple Regions. For custom routing accelerators, you direct traffic to EC2 destinations in VPC subnets in one or more Regions. Routing traffic through the AWS global network improves availability and performance because traffic doesn't have to take multiple hops over the public internet. Using static IP addresses also lets you distribute incoming application traffic across multiple endpoint resources in multiple AWS Regions. 

In addition, using static IP addresses makes it easier to add your application to more Regions or to migrate applications between Regions. Using fixed IP addresses means that users have a consistent way to connect to your application as you make changes. 

If you like, you can associate your own custom domain name with the static IP addresses for your accelerator. For more information, see [Route custom domain traffic to your accelerator](dns-addressing-custom-domains.mapping-your-custom-domain.md).

The static IP addresses are anycast from the AWS edge network. 

For IPv4, Global Accelerator provides two static IPv4 addresses. For dual-stack, Global Accelerator provides a total of four addresses: two static IPv4 addresses and two static IPv6 addresses. If you bring your own IP address range to AWS (BYOIP) to use with Global Accelerator (IPv4 only), you can instead assign IPv4 addresses from your own pool to use with your accelerator. For more information, see [Bring your own IP addresses (BYOIP) in Global Accelerator](using-byoip.md).

For accelerators with dual-stack, Global Accelerator allocates the IPv6 addresses from the same two /64 CIDR prefixes. This can help simplify steps for allow-listing and setting ACL controls.

You can add IPv4-only endpoints to standard accelerators that are configured for IPv4 IP address types, but accelerators that you configure as dual-stack require that you add only endpoints that also support dual-stack. For information about endpoints that are supported for dual-stack accelerators, see [Requirements for resources you add as accelerator endpoints](about-endpoints-caveats.md).

Global Accelerator provides the static IP addresses for you from the Amazon pool of IP addresses, unless you bring your own IP address range to AWS, and then specify the static IP addresses from that pool. (For more information, see [Bring your own IP addresses (BYOIP) in Global Accelerator](using-byoip.md).) To create an accelerator on the console, the first step is to prompt Global Accelerator to provision the static IP addresses by entering a name for your accelerator or choose your own static IP addresses. To see the steps for creating an accelerator, see [Getting started with AWS Global Accelerator](getting-started.md).

The static IP addresses remain assigned to your accelerator for as long as it exists, even if you disable the accelerator and it no longer accepts or routes traffic. However, when you *delete* an accelerator, you lose the static IP addresses that are assigned to it, so you can no longer route traffic by using them. You can use IAM policies like tag-based permissions with Global Accelerator to limit the users who have permissions to delete an accelerator. For more information, see [ABAC with Global Accelerator](security_iam_service-with-iam.md#security_iam_service-with-iam-tags).

## How Global Accelerator uses health checks
<a name="about-endpoint-groups-automatic-health-checks"></a>

For standard accelerators, AWS Global Accelerator automatically checks the health of the endpoints that are associated with your static IP addresses, and then directs user traffic only to healthy endpoints.

Global Accelerator includes default health checks that are run automatically, but you can configure the timing for the checks and other options. If you've configured custom health check settings, Global Accelerator uses those settings in specific ways, depending on your configuration. You configure those settings in Global Accelerator for Amazon EC2 instance or Elastic IP address endpoints or by configuring settings on the Elastic Load Balancing console for Network Load Balancers or Application Load Balancers. For more information, see [Ensure health check access for your accelerator](about-endpoint-groups-health-check-options.md).

When you add an endpoint to a standard accelerator, it must pass a health check to be considered healthy before traffic is directed to it. If Global Accelerator doesn’t have any healthy endpoints to route traffic to in a standard accelerator, it routes requests to all endpoints. 

## How you can manage traffic flow with traffic dials and endpoint weights
<a name="introduction-traffic-dials-weights"></a>

There are two ways that you can customize how AWS Global Accelerator sends traffic to your endpoints with a standard accelerator:
+ Change the traffic dial to limit the traffic for one or more endpoint groups
+ Specify weights to change the proportion of traffic to the endpoints in a group

**How traffic dials work**  
For each endpoint group in a standard accelerator, you can set a traffic dial to control the percentage of traffic that is sent to the endpoint group. The percentage is applied only to traffic that is already directed to the endpoint group, not to all listener traffic.   
The traffic dial limits the portion of traffic that an endpoint group accepts, expressed as a percentage of traffic directed to that endpoint group. For example, if you set the traffic dial for an endpoint group in `us-east-1` to 50 (that is, 50%) and the accelerator directs 100 user requests to that endpoint group, only 50 requests are accepted by the group. The accelerator directs the remaining 50 requests to endpoint groups in other Regions.  
For more information, see [Use traffic dials to adjust traffic flow to Regions](about-endpoint-groups-traffic-dial.md). 

**How weights work**  
For each endpoint in a standard accelerator, you can specify weights, which are numbers that change the proportion of traffic that the accelerator routes to each endpoint. This can be useful, for example, to do performance testing within a Region.  
A weight is a value that determines the proportion of traffic that the accelerator directs to an endpoint. By default, the weight for an endpoint is 128—that is, half of the maximum value for a weight, 255.  
The accelerator calculates the sum of the weights for the endpoints in an endpoint group, and then directs traffic to the endpoints based on the ratio of each endpoint's weight to the total. For an example of how weights work, see [How endpoint weights work to manage traffic volume](about-endpoints-endpoint-weights.md).

Traffic dials and weights affect how the standard accelerator serves traffic in different ways: 
+ You configure traffic dials for *endpoint groups*. The traffic dial lets you cut off a percentage of traffic—or all traffic—to the group, by "dialing down" traffic that the accelerator has already directed to it based on other factors, such as proximity.
+ You use weights, on the other hand, to set values for *individual endpoints* within an endpoint group. Weights provide a way to divide up traffic within the endpoint group. For example, you can use weights to do performance testing for specific endpoints in a Region.

For more information about how traffic dials and weights affect failover, see [How failover works for unhealthy endpoints](about-endpoints-endpoint-weights.unhealthy-endpoints.md).

## ICMP response messages and AWS Global Accelerator
<a name="introduction-about-icmp-messages"></a>

ICMP response messages, such as `ICMP Packet Too Big` or `Fragmentation Needed`, help to ensure availability on the internet. AWS Global Accelerator responds to ICMP echo messages (pings) at the edge for all global IP addresses. These pings are not forwarded to customers' endpoints. To accurately test performance with Global Accelerator, use a deeper protocol for your tests.

Here's a brief summary of how ICMP helps to ensure internet availability. The maximum transmission unit (MTU) of a network connection is the size, in bytes, of the largest permissible packet that can be passed over the connection. The larger the MTU of a connection, the more data that can be passed in a single packet. Path MTU Discovery (PMTUD) is used to determine the *path MTU* between two devices. The path MTU is the maximum packet size that's supported on the path between the originating host and the receiving host. When there is a difference in the MTU size in the network between two hosts, packets that are bigger than the MTU get dropped, and the receiving host that dropped the packet notifies the sender with an ICMP message. For more information, see [Path MTU Discovery](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/network_mtu.html#path_mtu_discovery).

You cannot block ICMP traffic at your accelerator in Global Accelerator. Blocking all ICMP traffic would also drop ICMP messages such as `ICMPv6 Packet Too Big (PTB)` (Type 2) and `Destination Unreachable: Fragmentation Needed and Don't Fragment was Set` (Type 3, Code 4). These messages are necessary for traffic to successfully make it back to the originating host. In turn, these dropped messages would cause TCP and protocols that are built on top of Global Accelerator to drop traffic from clients that are on networks with smaller-than-typical MTU, preventing PMTUD.

Note that for PMTUD to work, the security groups of your endpoints must also allow ICMP traffic. If you have availability issues that are specific to certain end-user networks, confirm that your endpoint security groups allow ICMP traffic.

# Location and IP address ranges of Global Accelerator Edge servers
<a name="introduction-ip-ranges"></a>

For a list of Global Accelerator edge server locations, see *Global Edge Network* on the [AWS Global Accelerator features](https://aws.amazon.com/global-accelerator/features/) page.

AWS publishes its current IP address ranges in JSON format. To view the current ranges, download [ ip-ranges.json](https://ip-ranges.amazonaws.com/ip-ranges.json). For more information, see [AWS IP address ranges](https://docs.aws.amazon.com/general/latest/gr/Welcome.html#aws-ip-ranges) in the *Amazon Web Services General Reference*.

Before you work with the `ip-ranges.json` file, first review the following information:
+ To find the IP address ranges that are associated with AWS Global Accelerator Edge servers, search `ip-ranges.json` for the following string:

  `"service": "GLOBALACCELERATOR"`
+ Global Accelerator entries that include `"region": "GLOBAL"` refer to the static IP addresses that are allocated to accelerators. If you want to filter for traffic through your accelerator that comes from points of presence (POPs) in one area, filter for entries that include a specific geographical area, such as `us-*` or `eu-*`. So, for example, if you filter for `us-*`, you will see only traffic coming through POPs in the United States (U.S.).
+ Global Accelerator supports two ways of routing traffic: using client IP address preservation or using network address translation (NAT). The way that traffic is routed determines the client IP address that AWS WAF can apply rules to. When you use client IP address preservation, AWS WAF rules target the client IP address—that is, the IP address of the clients who access your service. When you use NAT, AWS WAF rules are applied to the global IP addresses that Global Accelerator uses to route traffic.

# Understanding AWS Global Accelerator use cases
<a name="introduction-benefits-of-migrating"></a>

Using AWS Global Accelerator can help you accomplish a variety of goals. This section lists some of them, to give you an idea how you can use Global Accelerator to meet your needs.

**Scale for increased application utilization**  
When application usage grows, the number of IP addresses and endpoints that you need to manage also increases. Global Accelerator enables you to scale your network up or down. It lets you associate regional resources, such as load balancers and Amazon EC2 instances, to two static IPv4 addresses or, for dual-stack, to two static IPv4 addresses and two IPv6 addresses. You include these addresses on allow lists just once in your client applications, firewalls, and DNS records. With Global Accelerator, you can add or remove endpoints in AWS Regions, run blue/green deployment, and do A/B testing without having to update the IP addresses in your client applications. This is especially useful for IoT, retail, media, automotive, and healthcare use cases where you can't easily update client applications frequently.

**Acceleration for latency-sensitive applications**  
Many applications, especially in areas such as gaming, media, mobile apps, ad-tech, and financials, require very low latency for a great user experience. To improve the user experience, Global Accelerator directs user traffic to the application endpoint that is nearest to the client, which reduces internet latency and jitter. Global Accelerator routes traffic to the closest edge location by using Anycast, and then routes it to the closest regional endpoint over the AWS global network. Global Accelerator quickly reacts to changes in network performance to improve your users’ application performance. 

**Disaster recovery and multi-Region resiliency**  
You must be able to rely on your network to be available. You might be running your application across multiple AWS Regions to support disaster recovery, higher availability, lower latency, or compliance. If Global Accelerator detects that your application endpoint is failing in the primary AWS Region, it instantly triggers traffic re-routing to your application endpoint in the next available, closest AWS Region.  
For more information about how Global Accelerator supports resiliency inherently and in applications that use the service, read the following blog post: [ Maximising application resiliency with AWS Global Accelerator](https://aws.amazon.com/blogs/networking-and-content-delivery/maximising-application-resiliency-with-aws-global-accelerator/).

**Protect your applications**  
Exposing your AWS origins, such as Application Load Balancers or Amazon EC2 instances, to public internet traffic creates an opportunity for malicious attacks. Global Accelerator decreases the risk of attack by masking your origin behind two static entry points. These entry points are protected by default from Distributed Denial of Service (DDoS) attacks with AWS Shield. Global Accelerator creates a peering connection with your Amazon Virtual Private Cloud using private IP addresses, keeping connections to your internal Application Load Balancers or private EC2 instances off the public internet.

**Improve performance for VoIP or online gaming applications**  
Using a custom routing accelerator, you can leverage the performance benefits of Global Accelerator for your VoIP or gaming applications. For example, you can use Global Accelerator for online gaming applications that assign multiple players to a single gaming session. Use Global Accelerator to reduce latency and jitter globally for applications that require custom logic to map users to specific endpoints, such as multiplayer games or VoIP calls. You can use a single accelerator to connect clients to thousands of Amazon EC2 instances running in a single or multiple AWS Regions, while retaining full control over which client is directed to which EC2 instance and port.

# AWS Global Accelerator Speed Comparison Tool
<a name="introduction-speed-comparison-tool"></a>

You can use the AWS Global Accelerator Speed Comparison Tool to see Global Accelerator download speeds compared to direct internet downloads, across AWS Regions. This tool enables you to use your browser to see the performance difference when you transfer data using Global Accelerator. You choose a file size to download, and the tool downloads files over HTTPS/TCP from Application Load Balancers in different Regions to your browser. For each Region, you see a direct comparison of the download speeds.

To access the Speed Comparison Tool, copy the following URL into your browser:

```
https://speedtest.globalaccelerator.aws
```

**Important**  
Results may differ when you run the test multiple times. Download times can vary based on factors that are external to Global Accelerator, such as the quality, capacity, and distance of the connection in the last-mile network that you're using.

# How to get started with AWS Global Accelerator
<a name="introduction-get-started"></a>

You can get started with setting up AWS Global Accelerator by using the API or by using the AWS Global Accelerator console. Because Global Accelerator is a global service, it’s not tied to a specific AWS Region. Note that Global Accelerator is a global service that supports endpoints in multiple AWS Regions but you must specify the US West (Oregon) Region to create or update accelerators.

To get started using Global Accelerator, you follow these general steps: 

1. **Choose the type of accelerator that you want to create: **A standard accelerator or a custom routing accelerator.

1. **Configure the initial setup for Global Accelerator:** Provide a name for your accelerator, then choose the type of accelerator and the address type.

1. **Configure one or more listeners for your accelerator:** Listeners process inbound connections from clients, based on the protocol and port (or port range) that you specify.

1. **Configure regional endpoint groups for your accelerator:** You can select one or more regional endpoint groups to add to your listener. The listener routes requests to the endpoints that you've added to an endpoint group. 

   For a standard accelerator, Global Accelerator monitors the health of endpoints within the group by using the health check settings that are defined for each of your endpoints. For each endpoint group in a standard accelerator, you can configure a *traffic dial* percentage to control the percentage of traffic that an endpoint group will accept. The percentage is applied only to traffic that is already directed to the endpoint group, not all listener traffic. By default, the traffic dial is set to 100% for all regional endpoint groups.

   For a custom routing accelerators, traffic is deterministically routed to a specific destination in a VPC subnet, based on the listener port that the traffic is received on.

1. **Add endpoints to endpoint groups:** The endpoints that you add depend on the type of accelerator.
   + For a standard accelerator, you can add one or more regional resources, such as load balancers or EC2 instances endpoints, to each endpoint group. Next, you can decide how much traffic you want to route to each endpoint by setting endpoint weights. 
   + For a custom routing accelerator, you add one or more Amazon VPC (VPC) subnets with up to thousands of Amazon EC2 instance destinations.

For detailed steps about how to create a standard accelerator or a custom routing accelerator using the AWS Global Accelerator console, see [Getting started with AWS Global Accelerator](getting-started.md). To work with API operations, see [Common API actions for AWS Global Accelerator](global-accelerator-actions.md) and the [AWS Global Accelerator API Reference](https://docs.aws.amazon.com/global-accelerator/latest/api/Welcome.html).

# Tagging in AWS Global Accelerator
<a name="tagging-in-global-accelerator"></a>

Tags are words or phrases (metadata) that you use to identify and organize your AWS resources. You can add multiple tags to each resource, and each tag includes a key and a value that you define. For example, the key might be `environment` and the value might be `production`. You can search and filter your resources based on the tags you add. In AWS Global Accelerator, you can tag accelerators.

The following are two examples of how it can be useful to work with tags in Global Accelerator:
+ Use tags to track billing information in different categories. To do this, apply tags to accelerators or other AWS resources (such as Network Load Balancers, Application Load Balancers, or Amazon EC2 instances) and activate the tags. Then AWS generates a cost allocation report as a comma-separated value (CSV file) with your usage and costs aggregated by your active tags. You can apply tags that represent business categories (such as cost centers, application names, or owners) to organize your costs across multiple services. For more information, see [Using Cost Allocation Tags](https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/cost-alloc-tags.html) in the *AWS Billing User Guide*.
+ Use tags to enforce tag-based permissions for accelerators. To do this, create IAM policies that specify tags and tag values to allow or disallow actions. For more information, see [ABAC with Global Accelerator](security_iam_service-with-iam.md#security_iam_service-with-iam-tags).

For usage conventions and links to other resources about tagging, see [Tagging your AWS resources](https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html) in the *AWS General Reference*. For tips on using tags, see [ Tagging Best Practices: AWS Resource Tagging Strategy](https://d1.awsstatic.com/whitepapers/aws-tagging-best-practices.pdf) in the *AWS Whitepapers* blog.

For the maximum number of tags that you can add to a resource in Global Accelerator, see [Quotas for AWS Global Accelerator](limits-global-accelerator.md).

You can add and update tags by using the AWS console, AWS CLI, or Global Accelerator API. This chapter includes steps for working with tagging in the console. For more information about working with tags by using the AWS CLI and the Global Accelerator API, including CLI examples, see the following operations in the *AWS Global Accelerator API Reference*:
+ [CreateAccelerator](https://docs.aws.amazon.com/global-accelerator/latest/api/CreateAccelerator.html) 
+ [CreateCrossAccountAttachment](https://docs.aws.amazon.com/global-accelerator/latest/api/CreateCrossAccountAttachment.html) 
+ [TagResource](https://docs.aws.amazon.com/global-accelerator/latest/api/TagResource.html) 
+ [UntagResource](https://docs.aws.amazon.com/global-accelerator/latest/api/UntagResource.html) 
+ [ListTagsForResource](https://docs.aws.amazon.com/global-accelerator/latest/api/ListTagsForResource.html) 

## Tagging support in Global Accelerator
<a name="tagging-supported"></a>

AWS Global Accelerator supports tagging for accelerators and cross-account attachments.

Global Accelerator supports the tag-based access control feature of AWS Identity and Access Management (IAM). For more information, see [ABAC with Global Accelerator](security_iam_service-with-iam.md#security_iam_service-with-iam-tags).

## Adding, editing, and deleting tags in Global Accelerator
<a name="tagging-add-edit-delete"></a>

The following procedure explains how to add, edit, and delete tags for accelerators in the Global Accelerator console.

You can add or remove tags using the console, the AWS CLI, or Global Accelerator API operations. For more information, including CLI examples, see [TagResource](https://docs.aws.amazon.com/global-accelerator/latest/api/API_TagResource.html) in the *AWS Global Accelerator API Reference*.<a name="tagging-add-edit-delete-procedure"></a>

**To add tags, edit, or delete tags in Global Accelerator**

1. Open the Global Accelerator console at [ https://console.aws.amazon.com/globalaccelerator/home](https://console.aws.amazon.com/globalaccelerator/home). 

1. Choose the accelerator that you want to add or update tags for.

1. In the **Tags** section, you can do the following:  
**Add a tag**  
Choose **Add tag**, then enter a key and, optionally, a value for the tag.  
**Edit a tag**  
Update the text for a key, value, or both. You can also clear the value for a tag, but the key is required.  
**Delete a tag**  
Choose **Remove** on the right side of the value field.

1. Choose **Save changes**.

# Pricing for AWS Global Accelerator
<a name="introduction-pricing"></a>

With AWS Global Accelerator, you are charged a *fixed hourly fee* for each accelerator that is provisioned in your account (whether it's enabled or disabled), and an *incremental charge*, in addition to standard data transfer rates, for every hour of traffic in the dominant direction that flows through the accelerator. The incremental rate depends on the AWS Region that serves the request (the source) and the AWS edge location where the responses are directed (the destination). Customers typically create one accelerator for each application, but customers with complex applications might require more accelerators. 

In addition, you will incur standard public IPv4 address charges for IPv4 addresses used with your accelerators.

For details about pricing, information about pricing by source and destination Regions, and a pricing example, see [AWS Global Accelerator pricing](https://aws.amazon.com/global-accelerator/pricing).