AWS: Fundamentals

Question 1

What is the difference between horizontal and vertical scaling?

Answer 1

Vertical scaling (“Scaling up”) means moving your app to a server with more size/power than your current app server. In EC2 terms, this would mean increasing the size of an instance e.g. t2.micro to t2.large.

Horizontal scaling (“Scaling out”) means adding more servers to your existing pool of resources duplicating the app. Performance improvements are found because load is now distributed amongst more servers. In EC2 terms, this would mean setting up more app servers.

Question 2

What is a load balancer?

Answer 2

A server that forwards internet traffic to multiple downstream servers.

Question 3

What types of load balancer does AWS offer?

Answer 3

1. Classic Load Balancer
2. Application Load Balancer
3. Network Load Balancer
4. Gateway Load Balancer

Question 4

What kind of traffic is supported with Classic Load Balancers?

Answer 4

TCP (layer 4)

HTTP & HTTPS (layer 7)

Question 5

What kind of traffic is supported with Application Load Balancers?

Answer 5

HTTP & HTTPS & Websockets (layer 7) only

Question 6

What kind of traffic is supported with Network Load Balancers?

Answer 6

UDP & TCP traffic

Question 7

What features are present on the CLB, the ALB and the NLB? What do they have in common?

Answer 7

1. Spread load across multiple downstream targets
2. Implement health checks of downstream targets
3. Highly available (comprised of multiple instances managed by AWS) and elastic
4. TLS Termination (Decrypt SSL/TLS traffic before sending on to servers reducing load and saving the uploading of SSL certs on every machine)
5. Can be internet facing or internal, separating public traffic from private traffic
6. Export useful metrics to CloudWatch

Question 8

Whatever the ELB, you must always configure at least one listener. What is a listener?

Answer 8

The listener defines how your inbound connections are routed to your downstream target groups (e.g. fleet of EC2 instances).
It will listen for traffic based on a given port and protocol that you configure.

Question 9

What is a target group?

Answer 9

A group of resources that your want your ELB to route requests to.

Question 10

Most of the ELBs are configured so that you register targets in target groups, and route traffic to the target groups.

Which ELB is different and how does it register targets?

Answer 10

Classic Load Balancer

CLB registers instances with the load balancer. There are no target groups defined.

Question 11

Which ELB(s) can route to many ports on the same target?

Answer 11

Application Load Balancer

Network Load Balancer

Question 12

Which ELB(s) supports routing to targets outside AWS?

Answer 12

Application Load Balancer

Network Load Balancer

Question 13

Which ELB(s) can be used in EC2-Classic?

Answer 13

Classic Load Balancer

Question 14

Which ELB(s) preserves the source IP?

Answer 14

Network Load Balancer.

NLB preserves the source IP address in TCP/UDP packets.

Whereas the ALB and ELB sends its own IP address to downstream targets.

Application Load Balancers and Classic Load Balancers automatically add X-Forwarded-For, X-Forwarded-Proto, and X-Forwarded-Port headers to the request. The X-Forwarded-For contains information about the client ip address. The X-Forwarded-Proto request header helps you identify the protocol (HTTP or HTTPS) that a client used. The X-Forwarded-Port request header helps you identify the destination port that the client used.

Question 15

Which ELB(s) support routing traffic to targets based on the path in the url, the hostname or the query string?

Answer 15

Application Load Balancer

Question 16

Which ELB(s) support redirecting requests from one URL to another?

Answer 16

Application Load Balancer

You can redirect traffic from http to https, for example

Question 17

Which ELB is best for microservices?

Answer 17

Application Load Balancer

With one load balancer you can route to multiple apps on the same EC2 instance (e.g. containers).

Question 18

What types of targets can be in an Application Load Balancer target group?

Answer 18

1. EC2 Instances
2. IP addresses (You can’t specify publicly routable IP addresses.)
3. Lambda functions

Question 19

What types of targets can be in a Network Load Balancer target group?

Answer 19

1. EC2 Instances

2. IP addresses (You can’t specify publicly routable IP addresses.)

Question 20

What is the difference between a hostname and an ip address?

Answer 20

A IP address is the numeric unique address that identifies devices on a network e.g. 192.0.2.1

A hostname is the name assigned to the device.

DNS servers translate the hostnames into IP addresses.

Question 21

Which ELB(s) provides a static IP address?

Answer 21

Network Load Balancer

One static IP address is provided per AZ

Question 22

What is the benefit of having a static IP address for your load balancer?

Answer 22

Enabling firewall rules.

For example: Your application collects data from your customers’ networks. Your customer wants to define strict firewall rules that ensures that the traffic leaving their network can only flow to a specific destination. If you have a firewall that CAN create rules based on DNS names (“allow traffic outbound to www.example.com“) then there is no issue but often these firewalls are based on IP addresses.

Question 23

Which ELB is best for a near real time video streaming app?

Answer 23

Network Load Balancer

Less latency than a ALB: around 100ms vs 400 ms (ALB) per request

Question 24

What is Session Affinity? (What are sticky sessions?)

Answer 24

All requests made by a client are sent to the same instance.

You can use the sticky session feature (also known as session affinity) to enable the load balancer to bind a user’s session to a specific target.

Question 25

ELB ------ Which ELB(s) have the sticky session feature?

Answer 25

Application Load Balancer | Classic Load Balancer

Question 26

ELB ------ Cookies are used to implement sticky sessions. What two types of cookies can be used?

Answer 26

Application based cookies | Duration based cookies

Question 27

ELB ------ What is cross zone load balancing?

Answer 27

If cross zone load balancing is disabled, it means that load balancers will only distribute load across the instances/resources within their availability zone. Why is this a problem? You could have a situation where you have instances in multiple AZs but the load isn't evenly distributed across them. By enabling cross zone load balancing, traffic is now split evenly across instances no matter the zone.

Question 28

ELB ------ Which ELB has cross zone load balancing enabled by default?

Answer 28

Application Load Balancer (cannot change)

Question 29

ELB ------ Which ELB(s) do NOT have cross zone load balancing enabled by default and can be enabled without cost?

Answer 29

Classic Load Balancer The Network Load Balancer's cross zone load balancing is a paid service.

Question 30

ELB ------ Why would you want to use more than one TLS/SSL with the same ELB?

Answer 30

The most common reason you might want to use multiple certificates is to handle different domains with the same load balancer.

Question 31

ELB ------ Which ELB(s) have support for multiple TLS/SSL certificates?

Answer 31

Application Load Balancer Network Load Balancer The Classic Load Balancer does not support this => you must have multiple CLBs for multiple hostnames.

Question 32

ELB ------ What is SNI?

Answer 32

Server Name Indication It is an extension of the TLS protocol: in a client request, the hostname of the server is specified.

Question 33

ELB ------ How does SNI work?

Answer 33

SNI works by having the client tell the server “This is the domain I expect to get a certificate for” when it first connects. The load balancer is able to pick the required certificate from a list. If the domain is not found, a default certificate is returned.

Question 34

ELB ------ What problem does connection draining solve?

Answer 34

Helps graceful shutdown of downstream instance/resource. When an instance is considered unhealthy and set to be terminated, it's possible that existing connections will halt abruptly.

Question 35

ELB ------ How does connection draining work?

Answer 35

When enabled, a timeout must be specified. When a resource is being deregistered, the load balancer will not send any new requests to the resource but it will allow existing in-flight requests to complete. When the timeout is reached any existing connections are forceably closed.

Question 36

ELB ------ What is the term used to describe connection draining when applied to targets groups of ALBs and NLBs?

Answer 36

Deregistration Delay