ELB + ASG Fundamentals

Question 1

What is load balancing?

Answer 1

Load Balances are servers that forward traffic to multiple servers (e.g., EC2 instances) downstream.

Question 2

Why use a load balancer?

Answer 2

• Spread load across multiple downstream instances
• Expose a single point of access (DNS) to your application
• Seamlessly handle failures of downstream instances
• Do regular health checks to your instances
• Provide SSL termination (HTTPS) for your websites
• Enforce stickiness with cookies
• High availability across zones
• Separate public traffic from private traffic

Question 3

What is Elastic Load Balancer?

Answer 3

Elastic Load Balancer is a managed load balancer
* AWS guarantees that it will be working
* AWS takes care of upgrades, maintenance, high availability
* AWS provides only a few configuration knobs
* It is integrated with many AWS offerings / services

Question 4

What are Health Checks?

Answer 4

They enable the load balancer to know if instances it forwards traffic to are available to reply to requests.

Question 5

When can we say the insance is unhealty?

Answer 5

If the health check response is not OK (200).

Question 6

What are the 3 (4) types of ELBs?

Answer 6

• Classic Load Balancer (v1 - old generation) – 2009 – CLB (DEPRECATED)
• HTTP, HTTPS, TCP, SSL (secure TCP)
• Application Load Balancer (v2 - new generation) – 2016 – ALB
• HTTP, HTTPS, WebSocket
• Network Load Balancer (v2 - new generation) – 2017 – NLB
• TCP, TLS (secure TCP), UDP
• Gateway Load Balancer – 2020 – GWLB
• Operates at layer 3 (Network layer) – IP Protocol

Question 7

What is a Load Balancer Security Group?

Answer 7

It accepts the HTTP/HTTPS request from users and forwards the HTTP call to the downstream. The application only accept traffic from the LB.

Question 8

How to redirect LB to instances?

Answer 8

Create Target groups.

Question 9

How to disable request directly to App Server, but enable the LB?

Answer 9

In the App server Security Group, remove the incoming request, add a new one with the LB Security Group only.

Question 10

What is ALB?

Answer 10

Application Load Balancer is a Layer 7 (HTTP) load balancer.

Question 11

What are the features of ALB?

Answer 11

• Load balancing to multiple HTTP applications across machines (target groups)
• Load balancing to multiple applications on the same machine (ex: containers)
• Support for HTTP/2 and WebSocket
• Support redirects (from HTTP to HTTPS for example)

Question 12

What kind of routing is supported for ALB?

Answer 12

Routing tables to different target groups:
* Routing based on path in URL (example.com/users & example.com/posts)
* Routing based on hostname in URL (one.example.com & other.example.com)
* Routing based on Query String, Headers (example.com/users?id=123&order=false)

Question 13

What is ALB good for?

Answer 13

• ALB are a great fit for micro services & container-based application (example: Docker & Amazon ECS)
• Has a port mapping feature to redirect to a dynamic port in ECS
• In comparison, we’d need multiple Classic Load Balancer per application

Question 14

What can be part of a Target Group?

Answer 14

• EC2 instances (can be managed by an Auto Scaling Group) – HTTP
• ECS tasks (managed by ECS itself) – HTTP
• Lambda functions – HTTP request is translated into a JSON event
• IP Addresses – must be private IPs

Question 15

Is health check per instances?

Answer 15

No, healt check is for target group level.

Question 16

Can we see the IP of the client if we use ALB?

Answer 16

Yes, in the X-Forwarded-For header.

Question 17

What layer is used by the Network Load Balancer?

Answer 17

The layer 4, TCP & UDP traffic. 100ms latency. Million requests / seconds.

Question 18

How many IP can be assigned to NLB?

Answer 18

One NLB has 1 static IP per AZ, supports Elasctic IP.

Question 19

Why is NLB used?

Answer 19

For extreme performance, TCP and UDP traffic.

Question 20

What can be in an NLB Target Group?

Answer 20

• EC2 instances
• Private IP addresses
• ALBs

Question 21

What are the Health Check supports in NLB target groups?

Answer 21

They support TCP, HTTP os HTTPS.

Question 22

What is the usage of Gateway Load Balancer?

Answer 22

• Deploy, scale, and manage a fleet of 3rd party network virtual appliances in AWS.
• Example: Firewalls, Intrusion Detection and Prevention Systems, Deep Packet Inspection Systems, payload manipulation

Question 23

What layer does GLB operate?

Answer 23

It operates on the layer 3, IP packets

Question 24

What functions are combined in GLB?

Answer 24

• Transparent Network Gateway: single entry/exit for all traffic
• Load Balancer: distributes traffic to your virtual appliances

Question 25

What protocol does GLB use?

Answer 25

Uses the GENEVE protocol on 6081

Question 26

What are the target groups for GLB?

Answer 26

• EC2 instances
• Private IP addresses

Question 27

What is ELB Sticky Sessions / Session Affinity?

Answer 27

It is possible to implement stickiness so that the
same client is always redirected to the same
instance behind a load balancer.

Question 28

What ELBs supports Sticky Sessions?

Answer 28

ALB, NLB

Question 29

Whats the typical Sticky Sessions use case?

Answer 29

Its used to make sure users doesn’t load session data (e.g. login credentials)

Question 30

What are the prohibited cookie names if ALB is configured?

Answer 30

AWSALB, AWSALBAPP, or AWSALBTG

Question 31

What is ELB Cross-Zone Load Balancing?

Answer 31

If configured, the load balancer will distribute the load EVENLY across all AZ.

Question 32

Can you use Cross-Zone Load Balancing in all types of ELB?

Answer 32

yes, but
* Application Load Balancer
* Enabled by default (can be disabled at the Target Group level)
* No charges for inter AZ data
* Network Load Balancer & Gateway Load Balancer
* Disabled by default
* You pay charges ($) for inter AZ data if enabled

Question 33

How SSL Certificates used in ELB?

Answer 33

The LB uses the certificate to use HTTPS.
* Manage certificates in ACM
* For each HTTPS listener (TG):
* Must specify a default cert
* Use SNI to spec. the hostname they reach

Question 34

What is SSL Server Name Indication (SNI)?

Answer 34

• SNI solves the problem of loading multiple SSL certificates onto one web server (to serve multiple websites)
• It’s a “newer” protocol, and requires the client
  to indicate the hostname of the target server in the initial SSL handshake
• The server will then find the correct
  certificate, or return the default one

Question 35

What is Deregistration Delay / Connection Draining?

Answer 35

• Time to complete “in-flight requests” while the
  instance is de-registering or unhealthy
• Stops sending new requests to the EC2
  instance which is de-registering
• Between 1 to 3600 seconds (default: 300
  seconds)
• Can be disabled (set value to 0)
• Set to a low value if your requests are short

Question 36

What are the Auto Scaling Groups(ASG)?

Answer 36

• The goal of an Auto Scaling Group (ASG) is to:
• Scale out (add EC2 instances) to match an increased load
• Scale in (remove EC2 instances) to match a decreased load
• Ensure we have a minimum and a maximum number of EC2 instances running
• Automatically register new instances to a load balancer
• Re-create an EC2 instance in case a previous one is terminated (ex: if unhealthy)
• ASG are free (you only pay for the underlying EC2 instances)

Question 37

What are the ASG Attributes?

Answer 37

• A Launch Template
• Min Size / Max Size / Initial Capacity
• Scaling Policies

Question 38

What are ASG Launch Tempaltes?

Answer 38

• AMI + Instance Type
• EC2 User Data
• EBS Volumes
• Security Groups
• SSH Key Pair
• IAM Roles for your EC2 Instances
• Network + Subnets Information
• Load Balancer Information

Question 39

How to AutoScaling with CloudWatch?

Answer 39

It is possible to scale an ASG based on CloudWatch alarms
* An alarm monitors a metric (such as Average CPU, or a custom metric)
* Metrics such as Average CPU are computed for the overall ASG instances

Question 40

What are ASG Dynamic Scaling Policies?

Answer 40

• Target Tracking Scaling => Target resource usage (CPU > 50%)
• Simple / Step Scaling => CW alarm triggered, then add 2 unit
• Scheduled Actions => At a time increase min units

Question 41

What is ASG Predictive Scaling?

Answer 41

Machine Learning driven scaling. It will forecast the load and scale the LB.

Question 42

What are the good ASG metrics?

Answer 42

• CPUUtilization: Average CPU
  utilization across your instances
• RequestCountPerTarget: to make sure
  the number of requests per EC2
  instances is stable
• Average Network In / Out (if you’re
  application is network bound)
• Any custom metric (that you push
  using CloudWatch)

Question 43

What is ASG Scaling Cooldown

Answer 43

• After a scaling activity happens, you are in
  the cooldown period (default 300 seconds)
• During the cooldown period, the ASG will
  not launch or terminate additional
  instances (to allow for metrics to stabilize)

Question 44

What is ASG Instance Refresh?

Answer 44

Goal: update launch template
and then re-creating all EC2
instances
* For this we can use the native
feature of Instance Refresh
* Setting of minimum healthy
percentage
* Specify warm-up time (how long
until the instance is ready to use)