ELB

Question 1

What is ELB?

Answer 1

Elastic Load Balancing automatically distributes incoming application traffic across multiple targets, such as Amazon EC2 instances. This can be done across multiple AZs.

Question 2

What are the 4 different types of ELB in AWS.

Answer 2

• Application Load Balancer
• Network Load Balancer
• Gateway Load Balancer
• Classic Load Balancer

Question 3

Describe ALB.

Answer 3

Application Load Balancer:
- Best suited for load balancing of HTTP and HTTPS traffic.
- They operate at Layer 7 and are application-aware.
- Intelligent Load Balancer

Question 4

Describe NLB.

Answer 4

Network Load Balancer
- Operating at the connection level (Layer4)
Network Load Balancers are capable of handling millions of requests per
second, while maintaining ultra-low latencies.
- Performance Load Balancer

Question 5

Describe CLB.

Answer 5

• Classic Load Balancers are the legacy load balancers. You can load balance HTTP/HTTPS applications and use Layer 7-specific features, such as X-Forwarded-For and sticky sessions.
• You can also use strict Layer 4 load balancing for applications that rely purely on the TCP protocol.

Classic/Test/Dev Load Balancer.

Question 6

LB and health checks.

Answer 6

All AWS load balancers can be configured with health checks.
- Health checks periodically send requests to load balancers’ registered instances to test their status.
- The status of the instances that are healthy at the time of the health check is InService.
- The status of any instances that are unhealthy at the time of the health check is OutOfService. The load balancer performs health checks on all
registered instances, whether the instance is in a healthy state or an unhealthy state.

Question 7

Describe Gateway Load Balancer

Answer 7

Choose a Gateway Load Balancer when you need to deploy and manage a fleet of third-party virtual appliances that support GENEVE. These appliances enable you to improve security, compliance, and policy controls.

Question 8

What are the listeners in ALB?

Answer 8

• A listener checks for connection requests from clients, using the protocol and port you configure.
• You define rules that determine how the load balancer routes requests to its registered targets.
• Each rule consists of a priority, one or more actions, and one or more conditions.

Question 9

How does Elastic Load Balancing work?

Answer 9

• Clients make requests to your application.
• The listeners in your load balancer receive requests matching the protocol and port that you configure.
• The receiving listener evaluates the incoming request against the rules you specify, and if applicable, routes the request to the appropriate target group. You can use an HTTPS listener to offload the work of TLS encryption and decryption to your load balancer.
• Healthy targets in one or more target groups receive traffic based on the load balancing algorithm, and the routing rules you specify in the listener.

Question 10

What are the target groups in ALB?

Answer 10

Each target group routes requests to one or more registered targets, such as EC2 instances, using the protocol and port number you specify.

Question 11

What are the Limitations of ALB?

Answer 11

• Application Load Balancers only support HTTP and HTTPS.
• To use an HTTPS listener, you must deploy at least one SSL/TLS server certificate on your load balancer. The load balancer uses a server certificate to terminate the frontend connection and then decrypt requests from clients before sending them to the targets.

Question 12

What are the listeners in NLB?

Answer 12

• A listener checks for connection requests from clients, using the protocol and port you configure.
• The listener on a Network Load Balancer then forwards the request to the target group. There are no rules, unlike with Application Load Balancers.

Question 13

What is a TLS listener in NLB?

Answer 13

You can use a TLS listener to offload the work of encryption and decryption to your load balancer so your applications can focus on their business logic. If the listener protocol is TLS, you must deploy exactly one SSL server certificate on the listener.

Question 14

What are some use cases of NLB?

Answer 14

• Network Load Balancers are best suited for load balancing of TCP traffic
  where extreme performance is required.
• Operating at the connection level (Layer 4, Network Load Balancers are capable of handling millions of requests per second, while maintaining ultra-low latencies.
• Use for extreme performance!

Question 15

How the X-Forwarded-For request header is used in CLB?

Answer 15

When traffic is sent from a load balancer, the server access logs contain the IP address of the proxy or load balancer only.

To see the original IP address of the client, the X-Forwarded-For request header is used.

Question 16

What are the Gateway Timeouts in CLB?

Answer 16

If your application stops responding, the Classic Load Balancer responds with a 504 error.
This means the application is having issues. This could be either at the web server layer or the database layer.

Question 17

What Are Sticky Sessions?

Answer 17

Classic Load Balancers route each request independently to the registered EC2 instance with the smallest load.
- Sticky sessions allow you to bind a user’s session to a specific EC2 instance.
- You can enable sticky sessions for Application Load Balancers as well,
but the traffic will be sent at the target group level.

Question 18

What Is Deregistration Delay?

Answer 18

• Deregistration delay allows load balancers to keep existing connections open if the EC2 instances are deregistered or become unhealthy.
• This enables the load balancer to complete in-flight requests made to instances that are deregistering or unhealthy.
• You can disable deregistration delay if you want your load balancer to immediately close connections to the instances that are deregistering or
  have become unhealthy

Question 19

What are the main differences between Internet-Facing Load Balancers (ILBs) and Internal Load Balancers (ILBs) in AWS?

Answer 19

• Internet-Facing Load Balancers (ILBs) are accessible from the internet and distribute traffic from clients on the public internet. They have nodes in public subnets and public IPv4.
• Internal Load Balancers (ILBs) are not accessible from the internet and are used for distributing traffic within a Virtual Private Cloud (VPC). They have nodes in private subnets and private IPv4.
• Internet-facing ILBs have a publicly resolvable DNS name, while Internal ILBs have a DNS name resolvable only within the VPC.

Question 20

What is the recommended minimum subnet size for Amazon Elastic Load Balancers (ELBs) in AWS?

Answer 20

• The recommended minimum subnet size for ELBs is /27 or larger. A /27 subnet provides 32 IP addresses, with 27 available for use, allowing for better flexibility and scalability.
• While a “/28”(leaves 11 free, aws says at least 8 free needed) subnet might technically meet the minimum requirement for ELB operation, it doesn’t leave much room for expansion or flexibility.

Question 21

What is the minimum number of Availability Zones required for an Amazon Elastic Load Balancer (ELB) in AWS?

Answer 21

The minimum number of Availability Zones required for an ELB in AWS is Two. Multi-AZ configuration ensures high availability and fault tolerance.

Question 22

What is Cross-Zone Load Balancing in AWS?

Answer 22

• Cross-Zone Load Balancing evenly distributes traffic across instances in all enabled Availability Zones, enhancing load balancing efficiency.
• It’s a default feature in for Application Load Balancers (ALBs) (only?).
• It promotes high availability by ensuring that all instances in different AZs participate in handling requests.

Question 23

What limitation is associated with Classic Load Balancers (CLBs) in AWS for handling HTTPS traffic with multiple domains?

Answer 23

• SNI Support: CLBs do not support Server Name Indication (SNI), which is essential for handling multiple SSL certificates on a single load balancer.
• Scaling Flexibility: As a result, each unique domain with a different SSL certificate requires a separate CLB, limiting scaling flexibility and potentially increasing operational complexity.

Question 24

Can ALBs and NLBs in AWS have static IP addresses?

Answer 24

• ALBs do not have static IP addresses and rely on DNS names for routing.
• NLBs can have static Elastic IP addresses (EIPs) associated with them, providing a fixed entry point for clients.

Question 25

Can ALBs and NLBs in AWS provide end-to-end encryption to backend instances?

Answer 25

• ALBs terminate SSL/TLS encryption at the load balancer and require separate SSL/TLS connections to achieve end-to-end encryption with instances.
• NLBs pass traffic directly to instances, allowing for end-to-end encryption without SSL/TLS termination at the load balancer.

Question 26

What type of load balancer is used with AWS PrivateLink to provide services to other VPCs?

Answer 26

Network Load Balancers (NLBs) are used with AWS PrivateLink to provide services to other VPCs.

Question 27

What is the Health Check grace period in ASG?

Answer 27

The delay before starting checks(default is 300s). Allows system launch, bootstrapping, and application start.

Question 28

What are 3 different ways that ELB’s can handle SSL?

Answer 28

• SSL Bridging: The SSL/TLS wrapper is removed by the ELB listener. It has access to the unencrypted HTTP data and takes action based on that. It initiates a new SSL/TLS connection to the backend. The backend instances therefore need to do cryptografic operations(need to have SSL cert etc). This is the default mode for ALB.
• SSL Pass Through: The ELB just passes the connection to the instances in which they have the SSL certificate. No certificate exposure to AWS. NLB is like that.
• SSL Offloading: The SSL/TLS wrapper is removed by the ELB listener. But the ELB is connected to the backend instances using HTTP. Can be done in ALB by creating a rule to forward HTTP to the backend instances

Question 29

How can I implement connection stickiness on ALB?

Answer 29

1. Session stickiness:
   - Create a sticky session rule.
   - Attach the sticky session rule to the target group.
2. Application cookies:
   • Configure your application to set a cookie on the client’s browser(1s -7days).
   • When the client connects to ALB, ALB will forward the cookie to the backend instance.
   • The backend instance can then use the cookie to identify the client and maintain state between the client and server.

Question 30

How can I implement connection stickiness on NLB?

Answer 30

1. Target group stickiness: Configure the target group with a stickiness duration.
2. Source IP stickiness: Configure the target group with a stickiness duration and a stickiness type of source IP.