AWS: Fundamentals Flashcards
What is the difference between horizontal and vertical scaling?
Vertical scaling (“Scaling up”) means moving your app to a server with more size/power than your current app server. In EC2 terms, this would mean increasing the size of an instance e.g. t2.micro to t2.large.
Horizontal scaling (“Scaling out”) means adding more servers to your existing pool of resources duplicating the app. Performance improvements are found because load is now distributed amongst more servers. In EC2 terms, this would mean setting up more app servers.
What is a load balancer?
A server that forwards internet traffic to multiple downstream servers.
What types of load balancer does AWS offer?
- Classic Load Balancer
- Application Load Balancer
- Network Load Balancer
- Gateway Load Balancer
What kind of traffic is supported with Classic Load Balancers?
TCP (layer 4)
HTTP & HTTPS (layer 7)
What kind of traffic is supported with Application Load Balancers?
HTTP & HTTPS & Websockets (layer 7) only
What kind of traffic is supported with Network Load Balancers?
UDP & TCP traffic
What features are present on the CLB, the ALB and the NLB? What do they have in common?
- Spread load across multiple downstream targets
- Implement health checks of downstream targets
- Highly available (comprised of multiple instances managed by AWS) and elastic
- TLS Termination (Decrypt SSL/TLS traffic before sending on to servers reducing load and saving the uploading of SSL certs on every machine)
- Can be internet facing or internal, separating public traffic from private traffic
- Export useful metrics to CloudWatch
Whatever the ELB, you must always configure at least one listener. What is a listener?
The listener defines how your inbound connections are routed to your downstream target groups (e.g. fleet of EC2 instances).
It will listen for traffic based on a given port and protocol that you configure.
What is a target group?
A group of resources that your want your ELB to route requests to.
Most of the ELBs are configured so that you register targets in target groups, and route traffic to the target groups.
Which ELB is different and how does it register targets?
Classic Load Balancer
CLB registers instances with the load balancer. There are no target groups defined.
Which ELB(s) can route to many ports on the same target?
Application Load Balancer
Network Load Balancer
Which ELB(s) supports routing to targets outside AWS?
Application Load Balancer
Network Load Balancer
Which ELB(s) can be used in EC2-Classic?
Classic Load Balancer
Which ELB(s) preserves the source IP?
Network Load Balancer.
NLB preserves the source IP address in TCP/UDP packets.
Whereas the ALB and ELB sends its own IP address to downstream targets.
Application Load Balancers and Classic Load Balancers automatically add X-Forwarded-For, X-Forwarded-Proto, and X-Forwarded-Port headers to the request. The X-Forwarded-For contains information about the client ip address. The X-Forwarded-Proto request header helps you identify the protocol (HTTP or HTTPS) that a client used. The X-Forwarded-Port request header helps you identify the destination port that the client used.
Which ELB(s) support routing traffic to targets based on the path in the url, the hostname or the query string?
Application Load Balancer
Which ELB(s) support redirecting requests from one URL to another?
Application Load Balancer
You can redirect traffic from http to https, for example
Which ELB is best for microservices?
Application Load Balancer
With one load balancer you can route to multiple apps on the same EC2 instance (e.g. containers).
What types of targets can be in an Application Load Balancer target group?
- EC2 Instances
- IP addresses (You can’t specify publicly routable IP addresses.)
- Lambda functions
What types of targets can be in a Network Load Balancer target group?
- EC2 Instances
2. IP addresses (You can’t specify publicly routable IP addresses.)
What is the difference between a hostname and an ip address?
A IP address is the numeric unique address that identifies devices on a network e.g. 192.0.2.1
A hostname is the name assigned to the device.
DNS servers translate the hostnames into IP addresses.
Which ELB(s) provides a static IP address?
Network Load Balancer
One static IP address is provided per AZ
What is the benefit of having a static IP address for your load balancer?
Enabling firewall rules.
For example: Your application collects data from your customers’ networks. Your customer wants to define strict firewall rules that ensures that the traffic leaving their network can only flow to a specific destination. If you have a firewall that CAN create rules based on DNS names (“allow traffic outbound to www.example.com“) then there is no issue but often these firewalls are based on IP addresses.
Which ELB is best for a near real time video streaming app?
Network Load Balancer
Less latency than a ALB: around 100ms vs 400 ms (ALB) per request
What is Session Affinity? (What are sticky sessions?)
All requests made by a client are sent to the same instance.
You can use the sticky session feature (also known as session affinity) to enable the load balancer to bind a user’s session to a specific target.
Which ELB(s) have the sticky session feature?
Application Load Balancer
Classic Load Balancer
Cookies are used to implement sticky sessions.
What two types of cookies can be used?
Application based cookies
Duration based cookies
What is cross zone load balancing?
If cross zone load balancing is disabled, it means that load balancers will only distribute load across the instances/resources within their availability zone.
Why is this a problem? You could have a situation where you have instances in multiple AZs but the load isn’t evenly distributed across them.
By enabling cross zone load balancing, traffic is now split evenly across instances no matter the zone.
Which ELB has cross zone load balancing enabled by default?
Application Load Balancer (cannot change)
Which ELB(s) do NOT have cross zone load balancing enabled by default and can be enabled without cost?
Classic Load Balancer
The Network Load Balancer’s cross zone load balancing is a paid service.
Why would you want to use more than one TLS/SSL with the same ELB?
The most common reason you might want to use multiple certificates is to handle different domains with the same load balancer.
Which ELB(s) have support for multiple TLS/SSL certificates?
Application Load Balancer
Network Load Balancer
The Classic Load Balancer does not support this => you must have multiple CLBs for multiple hostnames.
What is SNI?
Server Name Indication
It is an extension of the TLS protocol: in a client request, the hostname of the server is specified.
How does SNI work?
SNI works by having the client tell the server “This is the domain I expect to get a certificate for” when it first connects.
The load balancer is able to pick the required certificate from a list. If the domain is not found, a default certificate is returned.
What problem does connection draining solve?
Helps graceful shutdown of downstream instance/resource.
When an instance is considered unhealthy and set to be terminated, it’s possible that existing connections will halt abruptly.
How does connection draining work?
When enabled, a timeout must be specified.
When a resource is being deregistered, the load balancer will not send any new requests to the resource but it will allow existing in-flight requests to complete.
When the timeout is reached any existing connections are forceably closed.
What is the term used to describe connection draining when applied to targets groups of ALBs and NLBs?
Deregistration Delay
