Routing control in Amazon Route 53 Application Recovery Controller
To fail over traffic to application replicas in Amazon Route 53 Application Recovery Controller, you use routing controls that are integrated with a specific kind of health check in Amazon Route 53. Routing controls are simple on-off switches that enable you to switch your client traffic from one replica to another. The traffic rerouting is accomplished by routing control health checks that are set up with Amazon Route 53 DNS records. For example, DNS failover records, associated with domain names that front your application replicas. This chapter explains how routing control works, how to set up routing control components, and how to use them to reroute traffic for failover.
The routing control components in Route 53 ARC are: clusters, control panels, routing controls, and routing control health checks. All routing controls are grouped on control panels. You can group them on the default control panel that Route 53 ARC creates for your cluster, or create your own custom control panels. You must create a cluster before you can create a control panel or a routing control. Each cluster in Route 53 ARC is a data plane of endpoints in five AWS Regions.
After you create routing controls and routing control health checks, you can create safety rules to help prevent unintentional recovery automation side effects. You can update routing control states to reroute traffic, individually or in batches, by using the AWS CLI or API actions (recommended), or by using the AWS Management Console.
This chapter explains how routing controls work, and how to create and use them to reroute traffic for your application.
Important
To learn about preparing to use Route 53 ARC to reroute traffic as part of a failover plan for your application in a disaster scenario, see Best practices for Amazon Route 53 Application Recovery Controller.
Topics
About routing control
Routing control redirects traffic by using health checks in Amazon Route 53 that are configured with DNS records associated with the top-level resource
of the cells in your recovery group, such as an Elastic Load Balancing load balancer. You can redirect traffic from one cell to another, for example, by updating a
routing control state to Off (to stop traffic flow to one cell) and updating another routing control state to On (to start
traffic flow to another). The process that changes the traffic flow is the Route 53 health check associated with the routing control, after Route 53 ARC
updates it to set it as healthy or unhealthy, based on the corresponding routing control state.
Routing controls support failover across any AWS service that has a DNS endpoint. You can update routing control states to fail over traffic for disaster recovery, or when you detect latency drops for your application, or other issues.
You can also configure safety rules in Route 53 ARC, to make sure that rerouting traffic by using routing controls doesn't impair availability. For more information, see Creating safety rules in Route 53 ARC .
It's important to note that routing controls are not themselves health checks that monitor the underlying health of endpoints.
For example, unlike a Route 53 health check, a routing control doesn't monitor response times or TCP connection times. A routing control is
a simple on-off switch that controls a health check. Typically, you change the state to redirect traffic, and that state change
moves the traffic to go to a particular endpoint for an entire application stack, or prevents routing to the whole application stack.
For example, in a simple scenario, when you change a routing control state from On to Off, it updates
a Route 53 health check, which you've associated with a DNS failover record to move the traffic off of an endpoint.
To update a routing control state and reroute traffic, you must connect to one of your cluster endpoints in Route 53 ARC. If the endpoint that you try to connect to is unavailable, try changing the state with another cluster endpoint. Your process for changing routing control states should be prepared to try each endpoint in rotation, since cluster endpoints are cycled through available and unavailable states for regular maintenance and updates.
When you create routing controls, you configure your DNS records to associate routing control health checks with Route 53 DNS names that front each application replica. For example, to control traffic failovers across two load balancers, one in each of two Regions, you create two routing control health checks and associate them with two DNS records, for example, Alias records with failover routing policies, with the domain names of the respective load balancers.
You can also set up more complex traffic failover scenarios by using Route 53 ARC routing control together with Route 53 health checks and
DNS record sets, using DNS records with weighted routing policies. To see a detailed example,
see the section on failing over user traffic in the following AWS blog post:
Building highly resilient applications using Amazon Route 53 Application Recovery Controller, Part 2: Multi-Region stack
A routing control in Route 53 ARC has several benefits over rerouting traffic with traditional health checks. For example:
A routing control gives you a way to fail over an entire application stack. This is in contrast to failing over individual components of a stack, as Amazon EC2 instances do, based on resource-level health checks.
A routing control gives you a safe, simple manual override that you can use to shift traffic to do maintenance or to recover from failures when internal monitors don't detect an issue.
You can use a routing control together with safety rules to prevent common side effects that can happen with fully automated health check-based automation, such as failing over to standby infrastructure that isn't prepared for failover.
