How ACK One Multi‑Cluster Gateways Enable Seamless Same‑City Disaster Recovery

Alibaba Cloud's ACK One platform has introduced a Multi‑cluster Gateway feature designed for cloud‑native, multi‑cloud, and multi‑cluster environments. This gateway consolidates north‑south traffic across clusters, enabling efficient same‑city disaster recovery (DR) for applications.

Why Same‑City DR Matters

Extreme failures such as network outages, power loss, fires, or earthquakes demand high availability of applications and data. Cloud DR solutions fall into three categories: same‑city cross‑AZ, cross‑region, and two‑region three‑center. Same‑city DR, with low latency and proximity, effectively mitigates AZ‑level disasters and is easier to implement than cross‑region DR.

Limitations of Existing DNS‑Based DR

Current same‑city DR approaches rely on DNS and multiple Ingress Controllers, leading to several issues:

Inability to perform Layer‑7 routing.

Client‑side DNS caching causing brief service interruptions during IP switches.

Requirement for multiple load balancers and Ingress resources per cluster, increasing cost and management overhead.

ACK One Multi‑Cluster Gateway Architecture

The gateway is built on ACK One Fleet and integrates the MSE cloud‑native gateway. It uses the Ingress API to manage Layer‑7 traffic across clusters, providing features such as automatic same‑city DR, header‑based gray releases, and weighted traffic load balancing.

All operations are performed at the regional level within the Fleet instance, eliminating the need to install Ingress Controllers in each cluster.

Key Components

MSE Ingress : Extends the MSE cloud‑native gateway, compatible with Nginx Ingress annotations, supporting over 90% of Nginx use cases, gray releases, and comprehensive security.

Kubernetes Ingress API : Provides a simple, declarative way to proxy services, widely supported since Kubernetes 1.2.

Kubernetes Gateway API (future support): Offers a more generic proxy API for additional protocols.

Implementation Steps

Create two ACK clusters in different AZs within the same region.

In the ACK One Fleet, create an MSE gateway via a MseIngressConfig resource.

Use ACK One GitOps to distribute applications to both clusters.

Define traffic rules by creating Ingress resources in the Fleet, enabling:

HTTP routing with Layer‑7 forwarding and header‑based routing.

Traffic splitting based on weight for A/B testing, blue‑green, or canary deployments.

Health‑based automatic smooth DR, routing traffic away from unhealthy clusters.

Traffic mirroring and replica‑count‑based load balancing.

Same‑City Multi‑Active DR Scenario

Both clusters host identical services (same name and namespace) with a 1:1 replica ratio. Traffic is initially split evenly. If one cluster becomes unhealthy, its traffic is automatically shifted to the healthy cluster, eventually routing 100% of traffic to the healthy side.

Same‑City Active‑Passive DR Scenario

One cluster acts as the primary, the other as standby. All traffic goes to the primary. Upon primary failure, traffic smoothly fails over to the standby cluster.

Advantages Over DNS‑Based DR

Only one regional load balancer IP is needed, reducing cost.

Supports Layer‑7 routing, which DNS‑based methods lack.

Eliminates client‑side DNS cache delays, providing seamless failover.

All configurations are centralized in the Fleet, lowering operational complexity.

Conclusion

ACK One's Multi‑cluster Gateway, combined with ACK One GitOps, offers a powerful, low‑cost way to build same‑city DR systems for multi‑cluster applications, supporting both active‑active and active‑passive patterns with fine‑grained traffic control and automatic health‑based failover.