ELB & ASG Flashcards
What are the four types of load balancers?
Classic Load Balancer, Application Load Balancer, Network Load Balancer, Gateway Load Balancer
What layer is an application load balancer?
Layer 7 (HTTP)
What are the various manners we can route to different target groups with our ALB?
Path-based routing, hostname-based routing, Query string/header routing, and source IP
What can be included in ALB Target groups?
EC2 instances, ECS tasks, Lambda functions and private IPs
How can you find the IP of the client for the ALB?
In the header X-Forwarded-For
What is a Network Load Balancer used for?
It functions at the fourth layer of the OSI model. To forward TCP & UDP traffic to your instances
How many Static IPs per AZ can a Network Load Balancer have?
One
What can the Target Groups of NLB be?
EC2 Instances, Private IPs or an ALB
True or False: The NLB cannot have a fixed IP Address
False. The NLB must have a fixed IP address for each AZ.
True or False: You must configure the security group for an NLB upon creation.
False. NLBs do not have security groups like ALB. The security group pertaining to the instances must be configured to allow traffic from the NLB and/or clients
We want to use the GENEVE protocol on port 6081 to communicate with AWS resources. What do we use?
A Gateway Load Balancer. A Gateway Load Balancer operates at the third layer of the Open Systems Interconnection (OSI) model. It listens for all IP packets across all ports and forwards traffic to the target group that’s specified in the listener rule, using the GENEVE protocol on port 6081.
Which load balancers can Sticky Sessions be applied for?
ALB and CLB
How do Sticky Sessions work?
A cookie is supplied to the client with an expiration date. The cookie determines what resource the client is directed towards
What are the two cookies provided for Sticky Sessions?
Application-based cookie: Gives more control around the duration of the session
Duration-based cookie: When the client routes to a target, it is given a load balancer generated cookie that is used to map the session to a target
Why would you use Cross Zone Load Balancing?
You want to make sure that traffic is distributed evenly for all instances ACROSS AZs
True or false: Cross-Zone load balancing is always on for ALB and NLB
False. ALB is enabled and can’t be disabled. NLB is disabled by default
How can you configure the ALB to serve traffic to a specific target group?
Define the rules in the listeners. A listener is a process that checks for connection requests using a protocol and a port
How can you configure the ALB to serve traffic to a specific target group?
Define a listener rule. The conditions in the listener rule help determine how the load balancer routes requests to its registered targets
True or False: You cannot configure a security group on an ALB
False. An NLB does not have a security group configuration. An ALBs security group and EC2 security group must be configured
Why would we use a Server Name Indication?
SNI solves the problem of loading multiple SSL certificates onto one web server.
What is an SSL certificate?
It is a digital certificate that authenticates a websites identity and enables an encrypted connection
https://www.kaspersky.com/resource-center/definitions/what-is-a-ssl-certificate
Why would we use Server Name Indication?
It allows the client to indicate which hostname it is trying to connect to at the start of the TLS handshake. That way, mulitple certificates can be used on one server.
We have two domain names on a server being targeted by an ALB. How do we properly send traffic to the proper target group?
We can use Server Name Indication
What is connection draining/de-registration delay?
ELB stops sending requests to targets that are deregistering. ELB will wait a certain amount of time (delay) to deregister so that requests in process can complete
We need to make sure we have a certain number of EC2 instances running at any given time. What can we use?
An Auto Scaling Group
We want to trigger more instances when a CloudWatch alarm is triggered, what ASG policy do we use?
Simple/Step Scaling
What is the Simple/Step Scaling ASG Policy?
It is configured by setting a CloudWatch alarm that when triggered, adds instances
What is the Target Tracking Scaling ASG policy?
It auto-scales based on average metrics, looking to keep things like CPU utilization or throughput on a specified average
There are predictable times when the traffic on our EC2 instances will spike. What ASG policy can we use?
Scheduled Actions
What is AWS Predictive Scaling for ASG?
It analyzes past trends, uses machine learning to generate a forecast and schedules scaling actions
Scaling an EC2 instance from r4.large to r4.4xlarge is called….
Vertical Scaling. Vertical scaling is adding more compute power to existing machines
True or False: an ALB provides a static IP
False. It will provide a static DNS though. AWS wants to provide a static endpoint for the ELB, even if the underlying infrastructure changes
You are using an Application Load Balancer to distribute traffic to your website hosted on EC2 instances. It turns out that your website only sees traffic coming from private IPv4 addresses which are in fact your Application Load Balancer’s IP addresses. What should you do to get the IP address of clients connected to your website?
Modify your websites backend to get the client IP address from the X-Forwarded-For header
What IP address will your instances receive when they receive requests from an ALB?
They will receive the ALB’s IP address. Not the clients.
You are working as a Solutions Architect for a company and you are required to design an architecture for a high-performance, low-latency application that will receive millions of requests per second. Which type of Elastic Load Balancer should you choose?
Network Load Balancer
Which protocol does ALB’s not support: HTTP, HTTPS, TCP or WebSocket?
TCP
True or False: to get a static IP on an ALB, you must assign an Elastic IP
False. ALB cannot have static IPs. If you need a static IP, you should assign a Network Load Balancer in front.
Which feature in both Application Load Balancers and Network Load Balancers allows you to load multiple SSL certificates on one listener?
Server Name Indication
A web application is hosted on a fleet of EC2 instances managed by an Auto Scaling Group. You are exposing this application through an Application Load Balancer. Both the EC2 instances and the ALB are deployed on a VPC with the following CIDR 192.168.0.0/18. How do you configure the EC2 instances’ security group to ensure only the ALB can access them on port 80?
Add an Inbound Rule with port 80 and ALBs Security Group as the source. Using an ALBs security group is the best practice to keep the EC2 instances secure.
An application is deployed with an Application Load Balancer and an Auto Scaling Group. Currently, you manually scale the ASG and you would like to define a Scaling Policy that will ensure the average number of connections to your EC2 instances is around 1000. Which Scaling Policy should you use?
Target Tracking Policy
You have an ASG and a Network Load Balancer. The application on your ASG supports the HTTP protocol and is integrated with the Load Balancer health checks. You are currently using the TCP health checks. You would like to migrate to using HTTP health checks, what do you do?
Migrate the health checks to HTTP. A Network Load Balancer supports HTTP/s and TCP health checks.
What is the difference between simple and step scaling policy for ASG?
Step will scale the number of instances based on INCREMENTAL CloudWatch triggers. Simple will scale to a specific number based on a single metric. Simple also has a cooldown period that must take place before it can scale again.
