ELB + ASG Fundamentals Flashcards
What is load balancing?
Load Balances are servers that forward traffic to multiple servers (e.g., EC2 instances) downstream.
Why use a load balancer?
- Spread load across multiple downstream instances
- Expose a single point of access (DNS) to your application
- Seamlessly handle failures of downstream instances
- Do regular health checks to your instances
- Provide SSL termination (HTTPS) for your websites
- Enforce stickiness with cookies
- High availability across zones
- Separate public traffic from private traffic
What is Elastic Load Balancer?
Elastic Load Balancer is a managed load balancer
* AWS guarantees that it will be working
* AWS takes care of upgrades, maintenance, high availability
* AWS provides only a few configuration knobs
* It is integrated with many AWS offerings / services
What are Health Checks?
They enable the load balancer to know if instances it forwards traffic to are available to reply to requests.
When can we say the insance is unhealty?
If the health check response is not OK (200).
What are the 3 (4) types of ELBs?
- Classic Load Balancer (v1 - old generation) – 2009 – CLB (DEPRECATED)
- HTTP, HTTPS, TCP, SSL (secure TCP)
- Application Load Balancer (v2 - new generation) – 2016 – ALB
- HTTP, HTTPS, WebSocket
- Network Load Balancer (v2 - new generation) – 2017 – NLB
- TCP, TLS (secure TCP), UDP
- Gateway Load Balancer – 2020 – GWLB
- Operates at layer 3 (Network layer) – IP Protocol
What is a Load Balancer Security Group?
It accepts the HTTP/HTTPS request from users and forwards the HTTP call to the downstream. The application only accept traffic from the LB.
How to redirect LB to instances?
Create Target groups.
How to disable request directly to App Server, but enable the LB?
In the App server Security Group, remove the incoming request, add a new one with the LB Security Group only.
What is ALB?
Application Load Balancer is a Layer 7 (HTTP) load balancer.
What are the features of ALB?
- Load balancing to multiple HTTP applications across machines (target groups)
- Load balancing to multiple applications on the same machine (ex: containers)
- Support for HTTP/2 and WebSocket
- Support redirects (from HTTP to HTTPS for example)
What kind of routing is supported for ALB?
Routing tables to different target groups:
* Routing based on path in URL (example.com/users & example.com/posts)
* Routing based on hostname in URL (one.example.com & other.example.com)
* Routing based on Query String, Headers (example.com/users?id=123&order=false)
What is ALB good for?
- ALB are a great fit for micro services & container-based application (example: Docker & Amazon ECS)
- Has a port mapping feature to redirect to a dynamic port in ECS
- In comparison, we’d need multiple Classic Load Balancer per application
What can be part of a Target Group?
- EC2 instances (can be managed by an Auto Scaling Group) – HTTP
- ECS tasks (managed by ECS itself) – HTTP
- Lambda functions – HTTP request is translated into a JSON event
- IP Addresses – must be private IPs
Is health check per instances?
No, healt check is for target group level.
Can we see the IP of the client if we use ALB?
Yes, in the X-Forwarded-For header.
What layer is used by the Network Load Balancer?
The layer 4, TCP & UDP traffic. 100ms latency. Million requests / seconds.
How many IP can be assigned to NLB?
One NLB has 1 static IP per AZ, supports Elasctic IP.
Why is NLB used?
For extreme performance, TCP and UDP traffic.
What can be in an NLB Target Group?
- EC2 instances
- Private IP addresses
- ALBs
What are the Health Check supports in NLB target groups?
They support TCP, HTTP os HTTPS.
What is the usage of Gateway Load Balancer?
- Deploy, scale, and manage a fleet of 3rd party network virtual appliances in AWS.
- Example: Firewalls, Intrusion Detection and Prevention Systems, Deep Packet Inspection Systems, payload manipulation
What layer does GLB operate?
It operates on the layer 3, IP packets
What functions are combined in GLB?
- Transparent Network Gateway: single entry/exit for all traffic
- Load Balancer: distributes traffic to your virtual appliances
What protocol does GLB use?
Uses the GENEVE protocol on 6081
What are the target groups for GLB?
- EC2 instances
- Private IP addresses
What is ELB Sticky Sessions / Session Affinity?
It is possible to implement stickiness so that the
same client is always redirected to the same
instance behind a load balancer.
What ELBs supports Sticky Sessions?
ALB, NLB
Whats the typical Sticky Sessions use case?
Its used to make sure users doesn’t load session data (e.g. login credentials)
What are the prohibited cookie names if ALB is configured?
AWSALB, AWSALBAPP, or AWSALBTG
What is ELB Cross-Zone Load Balancing?
If configured, the load balancer will distribute the load EVENLY across all AZ.
Can you use Cross-Zone Load Balancing in all types of ELB?
yes, but
* Application Load Balancer
* Enabled by default (can be disabled at the Target Group level)
* No charges for inter AZ data
* Network Load Balancer & Gateway Load Balancer
* Disabled by default
* You pay charges ($) for inter AZ data if enabled
How SSL Certificates used in ELB?
The LB uses the certificate to use HTTPS.
* Manage certificates in ACM
* For each HTTPS listener (TG):
* Must specify a default cert
* Use SNI to spec. the hostname they reach
What is SSL Server Name Indication (SNI)?
- SNI solves the problem of loading multiple SSL certificates onto one web server (to serve multiple websites)
- It’s a “newer” protocol, and requires the client
to indicate the hostname of the target server in the initial SSL handshake - The server will then find the correct
certificate, or return the default one
What is Deregistration Delay / Connection Draining?
- Time to complete “in-flight requests” while the
instance is de-registering or unhealthy - Stops sending new requests to the EC2
instance which is de-registering - Between 1 to 3600 seconds (default: 300
seconds) - Can be disabled (set value to 0)
- Set to a low value if your requests are short
What are the Auto Scaling Groups(ASG)?
- The goal of an Auto Scaling Group (ASG) is to:
- Scale out (add EC2 instances) to match an increased load
- Scale in (remove EC2 instances) to match a decreased load
- Ensure we have a minimum and a maximum number of EC2 instances running
- Automatically register new instances to a load balancer
- Re-create an EC2 instance in case a previous one is terminated (ex: if unhealthy)
- ASG are free (you only pay for the underlying EC2 instances)
What are the ASG Attributes?
- A Launch Template
- Min Size / Max Size / Initial Capacity
- Scaling Policies
What are ASG Launch Tempaltes?
- AMI + Instance Type
- EC2 User Data
- EBS Volumes
- Security Groups
- SSH Key Pair
- IAM Roles for your EC2 Instances
- Network + Subnets Information
- Load Balancer Information
How to AutoScaling with CloudWatch?
It is possible to scale an ASG based on CloudWatch alarms
* An alarm monitors a metric (such as Average CPU, or a custom metric)
* Metrics such as Average CPU are computed for the overall ASG instances
What are ASG Dynamic Scaling Policies?
- Target Tracking Scaling => Target resource usage (CPU > 50%)
- Simple / Step Scaling => CW alarm triggered, then add 2 unit
- Scheduled Actions => At a time increase min units
What is ASG Predictive Scaling?
Machine Learning driven scaling. It will forecast the load and scale the LB.
What are the good ASG metrics?
- CPUUtilization: Average CPU
utilization across your instances - RequestCountPerTarget: to make sure
the number of requests per EC2
instances is stable - Average Network In / Out (if you’re
application is network bound) - Any custom metric (that you push
using CloudWatch)
What is ASG Scaling Cooldown
- After a scaling activity happens, you are in
the cooldown period (default 300 seconds) - During the cooldown period, the ASG will
not launch or terminate additional
instances (to allow for metrics to stabilize)
What is ASG Instance Refresh?
Goal: update launch template
and then re-creating all EC2
instances
* For this we can use the native
feature of Instance Refresh
* Setting of minimum healthy
percentage
* Specify warm-up time (how long
until the instance is ready to use)
