ELB Flashcards
What is the difference between availability and scaleability?
Scalability implies a system/application that can handle greater loads by adapting.
Availability aims to survive a data center loss, normally by running your application/system in at least 2 data centers (== AZs)
What is a load balancer?
A server that forwards traffic to multiple servers downstream.
Why use a load balancer?
- Spread load across multiple downstream instances
- Expose a single point of access (DNS) to your application
- Seamlessly handle failures of downstream instances
- Do regular health checks to your instances
- Provide SSL termination (HTTPS) for your websites
- Enforce stickiness with cookies
- High availability across zones
- Separate public traffic from private traffic
What layers does a CLB support?
Classic Load Balancer - supports TCP (layer 4), HTTP/S (layer 7)
What layer does an ALB (v2) operate on?
Layer 7 - HTTP
What does an ALB do?
Application Load Balancer - Load balancing to multiple HTTP applications across machines or across the same machine.
Support for HTTP/2 and WebSocket.
Support redirects (from HTTP to HTTPS for example).
What routing does ALB support?
Routing based on path in URL, hostname in URL or Query String/Headers
What is a good use-case for ALB and why?
Great fit for micro-services & container-based applications (Docker, ECS for example) - has a port mapping feature to redirect to a dynamic port in ECS.
What makes ALB better than CLB in terms of fit for micro-services?
A CLB operates on one application, so we would need multiple CLBs per application in a micro-services system.
What layer does an NLB operate on?
Network Load Balancer - Layer 4, TCP and UDP traffic to your instances
Describe the properties of NLB operations
- Handles millions of requests per second.
- Less latency than ALB - approx. 100ms vs 400ms for ALB#
- One static IP per AZ - supports assigning Elastic IP (helpful for whitelisting specific IP)
- Not included in AWS free tier
What are the possible target groups for NLB?
EC2 instances, IP addresses (must be private IPs), ALB
What protocols do the NLB health checks support?
TCP, HTTP and HTTPS
What is the purpose of the GLB?
Gateway load balancer - deploy, scale and manage a fleet of 3rd party network virtual appliances in AWS (e.g. firewalls, intrusion detection and prevention systems, deep packet inspection systems, payload manipulation etc.)
What layer does GLB operate on?
Layer 3 - network layer
What functions does the GLB combine?
- Transparent Network Gateway: single entry/exit for all traffic.
- Load balancer: distributes traffic to your virtual appliances
What type of balancer uses the GENEVE protocol?
GLB
A GLB uses a certain protocol - what is its name and the port it operates on?
GENEVE protocol, port 6081
What are the possible target groups of GLB?
EC2 instances, private IPs
What is session affinity?
Also known as stickiness/sticky sessions - the same client is always redirected to the same instance behind a load balancer
How does session stickiness work, and on what load balancers is it available?
Use a cookie to direct to instance, with an expiration date. Available on CLB and ALB
What is a use case for session stickiness?
Make sure a user doesn’t lose his session data
What is a downside of session stickiness?
May imbalance load over backend EC2 instances
What is Cross-Zone Load Balancing?
Each load balancer instance distributes evenly across all registered instances in all AZ
What are the aws config and cost differences for Cross-Zone Load Balancing between ALB, NLB and CLB?
ALB - enabled by default (can disable at the target group level), no charges for inter AZ data
NLB - disabled by default, you pay for inter AZ data if enabled (same with GWLB)
CLB - disabled by default, no charges for inter AZ data
What does an SSL certificate do?
Allows traffic between your clients and load balancer to be encrypted in transit (in-flight encryption)
What does SSL stand for?
Secure Sockets Layer
What does TLS stand for?
Transport Layer Security
How does HTTPS differ from HTTP?
HTTPS uses SSL to provide secure, encrypted traffic
What is ACM and how does it work?
AWS Certificate Manager - manages SSL certificates. Can upload your own certificates which can then be assigned to an HTTPS listener.
What does SNI stand for?
Server Name Indication
What is the purpose of SNI?
Allows loading of multiple SSL certificates to one web server in order to serve multiple websites
How does SNI work?
- Requires the client to indicate the hostname of the target server in the initial SSL handshake
- The server will then find the correct certificate or return the default one
What load balancers support SNI?
ALB & NLB, or CloudFront
How does CLB cope with multiple SSL certificates?
Must use multiple CLB with multiple hostnames for multiple SSL certificates
What is Connection Draining?
- Time to complete ‘in-flight requests’ while the instance is de-registering or unhealthy
- Stops sending new requests to the EC2 instance which is de-registering
What is Connection Draining also known as?
Deregistration delay (for ALB and NLB)
Why would you set a long time for connection draining to take place?
Instance requests may be long running - e.g. file uploads.
What is the purpose of an Auto Scaling Group?
- Scale out (add EC2 instances) to match increased load
- Scale in (remove) to match decreased load
- Ensure we have min and max number of instances running
- Automatically register new instances to a load balancer
- Re-create an instance if the previous one is terminated (e.g. is unhealthy)
What information is required for an ASG launch template?
- AMI + Instance type
- EC2 user data
- EBS volumes
- Security groups
- SSH key pair
- IAM roles for the EC2 instance
- Network and Subnets information
- Load balancer information
- Instance capacity information
- Scaling policies
What is an example of Target Tracking Scaling?
Scaling according to a metric - e.g. I want average ASG CPU to stay at around 40%
What is an example of Simple / Step Scaling?
When a CloudWatch alarm is triggered (e.g. CPU > 70%) then add 2 units
What is an example of Scheduled Action Scaling?
Anticipate a scaling based on known usage patterns - e.g. increase the min capacity to 10 at 5pm on Fridays
What is mean by Predictive Scaling?
Continuously forecast load based on historical data and schedule scaling ahead
What are some good metrics to scale on?
CPU utilization, Request count per target, Average Network In / Out
What is Scaling Cooldown?
After a scaling activity, there is a cooldown period during which the ASG will not launch or terminate additional instances
What is a good method of reducing a scaling cooldown period?
Using a ready-to-use AMI to reduce configuration time in order to be serving requests faster.
