Use highly available network connectivity for your workload public endpoints

PostedMarch 21, 2025

UpdatedMarch 22, 2025

ByKevin McCaffrey

Building highly available network connectivity to public endpoints of your workloads is crucial for reducing downtime and enhancing the overall availability and Service Level Agreement (SLA) performance. Thoughtful planning significantly contributes to the reliability of the system against network outages or disruptions.

Best Practices

Implement Multi-Region Architectures

Design workloads that span multiple AWS regions to enhance availability and resiliency. This mitigates risks associated with regional outages and ensures your services remain accessible even during significant disruptions.
Utilize AWS Route 53 for intelligent traffic routing and failover mechanisms. This allows for seamless redirection of users to the nearest available region.

Utilize Load Balancers

Implement Elastic Load Balancing (ELB) to distribute incoming application traffic across multiple targets (EC2 instances, containers, etc.). This helps achieve high availability by ensuring traffic is only sent to healthy instances.
Consider using Application Load Balancers for layer 7 traffic routing and Network Load Balancers for high performance at layer 4.

Adopt a Content Delivery Network (CDN)

Leverage Amazon CloudFront to cache content at edge locations worldwide, reducing latency and providing users with lower access times to your workloads.
CDNs can also improve fault tolerance by serving cached content even during backend outages.

Implement Highly Available DNS Services

Use Amazon Route 53 for highly available and scalable Domain Name System (DNS) services. It can automatically route traffic based on health checks and geographic locations, ensuring users are directed to the most efficient endpoints.
Set up health checks to monitor the availability of endpoints and configure failover routing to alternate endpoints in case of failure.

Incorporate API Gateways

Utilize Amazon API Gateway to create and manage APIs with built-in throttling, monitoring, and security features. This can add reliability and access control to your services while handling traffic spikes gracefully.
API Gateway also provides a layer of abstraction, allowing for greater flexibility with backend services and easier management of versioning.

Questions to ask your team

Have you implemented a redundant architecture for public endpoint connectivity?
What mechanisms are in place to handle DNS failover for your workloads?
How do you monitor the availability and performance of your load balancers?
Have you tested your API gateways and CDNs for outages to ensure continuity of service?
Are there any Single Points of Failure in your network design for public endpoints?
How frequently do you review and update your network topology for changes in workload demands?
What strategies do you have in place for scaling your public endpoints during high traffic?

Who should be doing this?

Network Architect

Design the overall network topology to ensure highly available connectivity for public endpoints.
Evaluate and select appropriate technologies for DNS, CDNs, API gateways, and load balancers.
Implement redundancy and failover mechanisms in network architecture.
Determine IP address management strategies for public and private ranges.
Oversee network segmentation and security practices to protect data integrity.

DevOps Engineer

Configure and manage load balancers and reverse proxies to optimize traffic distribution.
Monitor network performance and availability to identify and respond to issues quickly.
Implement automated solutions for network deployments and scaling.

Site Reliability Engineer (SRE)

Establish Service Level Objectives (SLOs) for network availability and performance.
Conduct regular reviews and tests of network configurations and failover scenarios.
Analyze incident reports and improve network designs based on lessons learned.

Security Specialist

Ensure that a secure architecture is in place for all public endpoints.
Implement security policies for DNS, API gateways, and load balancers, including DDoS protection.
Regularly assess and update security measures to address emerging threats.

Project Manager

Coordinate efforts between network, DevOps, and security teams to align on project goals.
Manage timelines and deliverables related to network topology planning and implementation.
Communicate project status and updates to stakeholders.

What evidence shows this is happening in your organization?

Network Topology Design Template: A template to design and document network topologies that ensure highly available network connectivity to public endpoints. It includes sections for considering public/private IP address management, DNS configuration, and load balancing strategies.
Availability and Connectivity Report: A detailed report that outlines the current state of network connectivity for public endpoints, including uptime metrics, DNS performance, and the effectiveness of implemented CDNs and load balancers.
Network Reliability Policy: A policy document that mandates the use of highly available network solutions for public endpoints. It includes guidelines for implementing load balancers, failover strategies, and regular audits of DNS settings.
Network Monitoring Dashboard: A real-time monitoring dashboard that displays the availability of network endpoints, DNS response times, and the health status of load balancers and CDNs used for public endpoints.
High Availability Network Connectivity Plan: A comprehensive plan that outlines strategy and architectural decisions for maintaining high availability for workloads’ public endpoints, including details on redundancy and disaster recovery measures.
Checklist for Network Connectivity Best Practices: A checklist designed for engineers and architects to ensure that best practices for highly available network connectivity are being followed, covering DNS configurations, CDN setups, and load balancing implementations.

Cloud Services

AWS

Amazon Route 53: A highly available and scalable DNS web service that provides reliable domain name resolution and health checking for your applications.
Amazon CloudFront: A fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs with low latency and high transfer speeds.
AWS Elastic Load Balancing: Automatically distributes incoming application traffic across multiple targets, such as Amazon EC2 instances, containers, and IP addresses, ensuring high availability.
AWS Global Accelerator: Improves the availability and performance of your applications with a set of static IP addresses that act as a fixed entry point for your applications hosted in one or more AWS Regions.
Amazon API Gateway: Allows you to create, publish, maintain, monitor, and secure APIs at any scale, providing a highly available entry point for your backend services.

Azure

Azure Traffic Manager: A DNS-based traffic load balancer that enables you to distribute traffic to your public endpoints across multiple Azure regions and external locations.
Azure Front Door: A scalable and secure entry point for web applications that improves availability and performance by distributing traffic globally across Azure regions.
Azure Load Balancer: Distributes incoming network traffic across multiple servers, ensuring high availability and reliability for your application.
Azure Application Gateway: A web traffic load balancer that enables you to manage traffic to your web applications, providing features such as SSL termination and Web Application Firewall.
Azure DNS: A reliable and secure DNS service that provides name resolution for your applications and services hosted in Azure.

Google Cloud Platform

Cloud DNS: A high-performance, resilient, and scalable Domain Name System (DNS) service that serves your DNS needs with high availability.
Cloud Load Balancing: Distributes your incoming traffic across multiple virtual machine instances, increasing the availability and responsiveness of your applications.
Google Cloud CDN: Uses Google’s globally distributed edge points to accelerate content delivery for your web applications, ensuring reliability and performance.
Traffic Director: A fully managed traffic management service that provides load balancing for services within and across cloud environments.
API Gateway: A fully managed service that allows you to create, secure, and monitor APIs for your applications, ensuring reliable access to your services.

Question: How do you plan your network topology?
Pillar: Reliability (Code: REL)

Operational Excellence

Determine what your priorities are

Structure your organization to support your business outcomes

Organizational culture to support your business outcomes

Implement observability in your workload

Reduce defects, ease remediation, and improve flow into production

Mitigate deployment risks

Be ready to support a workload

Uilize workload observability

Understand the health of your operations

Manage workload and operations events

Evolve your operations

Security

Securely operate your workload

Manage identities for people and machines

Manage permissions for people and machines

Detect and investigate security events

Protect your network resources

Protect your compute resources

Classify your data

Protect your data at rest

Protect your data in transit

Anticipate, respond to, and recover from incidents

Incorporate and validate the security properties of applications throughout the design, development, and deployment lifecycle

Reliability

Manage service quotas and constraints

Plan your network topology

Design your workload service architecture

Design interactions in a distributed system to prevent failures

Design interactions in a distributed system to mitigate or withstand failures

Monitor workload resources

Design your workload to adapt to changes in demand

Implement change

Back up data

Fault isolation to protect your workload

Design your workload to withstand component failures

Test reliability

Plan for disaster recovery (DR)

Cost Optimization

Implement cloud financial management

Govern usage

Monitor your cost and usage

Decommission resources

Evaluate cost when you select services

Meet cost targets when you select resource type, size and number

Use pricing models to reduce cost

Plan for data transfer charges

Manage demand, and supply resources

Evaluate new services

Evaluate the cost of effort

Performance

Select the appropriate cloud resources and architecture patterns for your workload

Select and use compute resources in your workload

Store, manage, and access data in your workload

Select and configure networking resources in your workload

Support more performance efficiency for your workload

Sustainability

Select Regions for your workload

Align cloud resources to your demand

Take advantage of software and architecture patterns to support your sustainability goals

Take advantage of data management policies and patterns to support your sustainability goals

Select and use cloud hardware and services in your architecture to support your sustainability goals

Implement organizational processes support your sustainability goals