ELB + ASG Flashcards
horizontal scalability
- elasticity
- increase number of instances for app
- implies distributed systems
- common for web apps and modern apps
- autoscaling groups, load balancers
vertical scalability
- increase size of the instance
- scaling t2.micro to t2.large
- good for non distributed system such as RDS database
- hardware limited
high availability
- goes hand in hand with horizontal scaling
- more than one availability zones
- autoscaling groups, load balancers in multi AZ
ELB - Elastic Load Balancer (managed)
- spread load across multiple downstream instances
- single point of access (DNS) to app
- health checks (tcp or http)
- way to verify if ec2 instance is working properly
- uses port + route /health endpoint
CLB (v1)
- classic (v1 - old) - deprecated CLB
- tcp (layer 4), http, https (layer 7)
- one CLB per application
- only supports one SSL cert
ALB (v2)
- HTTP, HTTPS, websocket - Layer 7 only
- load balancing to multiple apps on same machine (containers)
- static hostname, multiple SSL certs, uses SNI to make it work
- health checks at target group level
- one ALB can service multiple apps
- routing tables to different target groups
- routing based on path in url
- /users and /posts
- routing based on hostname
- routing based on query strings
- ?id=123&order=false
- routing based on path in url
NLB (v2)
- tcp, udp (layer 4)
- lower latency
- one static IP per AZ - good for whitelisting specific IPs. also provides static DNS name
- not included in free tier
Gateway Load Balancer - GLB
- IP packets - network layer 3
- all vpc traffic through single entrypoint
- uses GENEVE protocol on port 6081
- all traffic to go through firewall, deep packet inspection, etc
sticky session (session affinity)
- same client always redirected to same instance
- CLBs and ALBs
- cookie used for stickiness as expiration date
- application-based cookies
- custom generated by target app
- can include your own attributes
- cookie name specified individually for each target group
- application cookie
- generated by load balancer
- AWSALBAPP
- custom generated by target app
- duration-based cookie
- generated by load balancer
- AWSALB or AWSELB
- application-based cookies
cross-zone balancing
- always on for ALB
- disabled by default for NLB
- pay to enable
- disabled by default for CLB
- free to enable
SSL/TLS
- Secure Sockets Layer, Transport Layer Security
- nowadays TLS is mainly used
- public SSL certs are issued by CAs (certificate authorities)
SNI - Server Name Indication
- solves problem of loading multiple SSL certs onto one web server to serve multiple sites
- ‘newer’ protocol that requires the client to indicate the hostname of the target server in the initial SSL handshake
- the server then finds the correct cert or returns the default one
- only works for ALB and NLB, Cloudfront
Connection Draining / Deregistration Delay
- gives some time to complete ‘in-flight requests’ while instance is deregistering or unhealthy
- ELB stops sending new requests to draining instances
- set drain connection value to a low value if requests are short. long requests - high drain value
- default is 800s (1 to 3600s)
Auto Scaling Groups (ASG)
- minimum capacity, desired capacity, max capacity
- health check passed from ELB to ASG which can then terminate unhealthy instances
ELB access logs
Elastic Load Balancing provides access logs that capture detailed information about requests sent to your load balancer. Each log contains information such as the time the request was received, the client’s IP address, latencies, request paths, and server responses. You can use these access logs to analyze traffic patterns and troubleshoot issues. Access logging is an optional feature of Elastic Load Balancing that is disabled by default.
