ELB - Elastic Load Balancing

Question 1

What is an ELB?

Answer 1

EC2 Load balancer is a managed load balancer.
Load balancers are servers that forward internet traffic to multiple servers (EC2 Instances) downstream.
• It costs less to set up your own load balancer but it will be a lot more effort on your end.
• It is integrated with many AWS offerings/services.

Question 2

Why is useful ELB Health Checks?

Answer 2

They enable the load balancer to know if instances it forwards traffic to are available to reply to requests

Question 3

How does the ELB Health Check works?

Answer 3

• The health check is done on a port and a route (/health is common)
• If the response is not 200 (OK), then the instance is unhealthy

Question 4

What are the 3 kinds of managed Load Balancers?

Answer 4

• Classic Load Balancer
• Application Load Balancer
• Network Load Balancer

Question 5

How would you create ELB SGs?

Answer 5

ELB SG: receive HTTPS and HTTP from anywhere and restrict EC2 instances behind the ELB to accept just ELB SG private HTTP requests on port 80

Question 6

Can you scale an ELB?

Answer 6

Yes, but not instantaneously, you need to contact AWS for a “warm-up”

Question 7

What means ELB 503 error?

Answer 7

At capacity or no registered target

Question 8

What to do if your ELB can’t connect to your appllication?

Answer 8

Check your SGs

Question 9

What can you use for ELB monitoring?

Answer 9

ELB access logs and CloudWatch Metrics

Question 10

What does provide a Classic Load Balancer?

Answer 10

It provides a fixed hostname and basic load balancing across multiple Amazon EC2 instances

Question 11

At what level does operate a Classic Load Balancer?

Answer 11

operates at both the request level (layer 7, HTTP, HTTPS) and connection level (layer 4, TCP)

Question 12

What is intended for a Classic Load Balancer?

Answer 12

is intended for applications that were built within the EC2-Classic network

Question 13

What does provide an Application Load Balancer?

Answer 13

It provides a fixed hostname and advanced request routing to target groups based on request:

• path
• hostname
• query string, headers

Question 14

At what level does operate an Application Load Balancer?

Answer 14

operates at request level (layer 7, HTTP, HTTPS, WebSocket)

Question 15

What is intended for an Application Load Balancer?

Answer 15

modern application architectures, including microservices and containers

Question 16

What would you need roughly to replace an Application Load Balancer in front of several applications with a Classic Load Balancer?

Answer 16

multiple Classic Load Balancer per application

Question 17

What feature does provide an Application Load Balancer to communicate to ECS?

Answer 17

A port mapping feature to redirect to a dynamic port in ECS

Question 18

What are the Application Load Balancer’s target groups?

Answer 18

• EC2 instances (can be managed by an ASG) – HTTP
• Lambda functions – HTTP request is translated into a JSON event
• IP Addresses – must be private IPs

Question 19

At what level does Health Check occur on Application Load Balancers?

Answer 19

At target group level

Question 20

How an application server behind an Application Load Balancer can see the IP, port and protocol of the client directly?

Answer 20

• The true IP of the client is inserted in the header X-Forwarded-For
• We can also get Port (X-Forwarded-Port) and proto (X-Forwarded-Proto)

Question 21

What does provide a Network Load Balancer?

Answer 21

High performance load balancing of Transmission Control Protocol (TCP), User Datagram Protocol (UDP) and Transport Layer Security (TLS) traffic

Question 22

At what level does operate a Network Load Balancer?

Answer 22

At connection level (layer 4, TCP, UDP, TLS)

Question 23

What is intended for a Network Load Balancer?

Answer 23

extreme performance

Question 24

What ELB is not free tier?

Answer 24

Network Load Balancer

Question 25

What is Load Balancer Stickiness?

Answer 25

the same client is always redirected to the same instance behind a load balancer

Question 26

What ELB are compatible with Stickiness?

Answer 26

Classic and Application Load Balancers

Question 27

What can you control in an ELB Stickiness configuration

Answer 27

The expiration date of the cookie used

Question 28

What could cause ELB Stickiness?

Answer 28

May bring imbalance to load

Question 29

What is a common use case for ELB Stickiness?

Answer 29

make sure the user doesn’t lose his session data

Question 30

What is Cross-Zone Load Balancing?

Answer 30

A configuration where each load balancer instance distributes evenly across all registered instances in all AZ

Question 31

What is the behavior if Cross-Zone Load Balancing is disabled?

Answer 31

each load balancer node distributes requests evenly across the registered instances in its Availability Zone only

Question 32

How is Cross-Zone Load Balancing by default on ELBs?

Answer 32

• Classic Load Balancer: Disabled by default
• Application Load Balancer: Always on (can’t be disabled)
• Network Load Balancer: Disabled by default

Question 33

What SSL certificates use ELBs?

Answer 33

an x.509 certificate, but you can create or upload your own certificates alternatively

Question 34

What you must specify for ELB’s HTTPS listeners?

Answer 34

A default SSL certificate

Question 35

What can you do to support multiple domains on ELBs from security perspective?

Answer 35

you can add optional list of certs

Question 36

How can the ELB redirect to correct hostname in case it is in front of many different hostnames?

Answer 36

clients can use SNI to specify the hostname they reach

Question 37

How can an ELB support older versions of SSL / TLS?

Answer 37

It provides the ability to specify a security policy

Question 38

What problem solves SNI?

Answer 38

solves the problem of loading multiple SSL certificates onto one web server (to serve multiple websites)

Question 39

What is SNI?

Answer 39

Server Name Indication is a “newer” protocol, and requires the client to indicate the hostname of the target server in the initial SSL handshake

Question 40

With what ELB does SNI work?

Answer 40

ALB and NLB (newer generation) and CloudFront

Question 41

What’s ELB Connection Draining?

Answer 41

Time to complete “in-flight requests” while the instance is de-registering or unhealthy

Question 42

What is the name of Connection Draining for ALBs and NLBs

Answer 42

Deregistration Delay

Question 43

What is the default and range values of Connection Draining?

Answer 43

Between 1 second and 1 hour, the default is 5 minutes

Question 44

Can you disable Connection Draining?

Answer 44

Yes, set it to 0

Question 45

Which ELB does provide a fixed IP address?

Answer 45

NLB (helpful for whitelisting specific IP)

Question 46

What is exposed by a load balancer?

Answer 46

a single point of access (DNS) to your application

Question 47

What are 4xx and 5xx errors in ELBs?

Answer 47

• 4xx errors are client induced errors

- 5xx errors are application induced errors