ELB - Elastic Load Balancing Flashcards
What is an ELB?
EC2 Load balancer is a managed load balancer.
Load balancers are servers that forward internet traffic to multiple servers (EC2 Instances) downstream.
• It costs less to set up your own load balancer but it will be a lot more effort on your end.
• It is integrated with many AWS offerings/services.
Why is useful ELB Health Checks?
They enable the load balancer to know if instances it forwards traffic to are available to reply to requests
How does the ELB Health Check works?
- The health check is done on a port and a route (/health is common)
- If the response is not 200 (OK), then the instance is unhealthy
What are the 3 kinds of managed Load Balancers?
- Classic Load Balancer
- Application Load Balancer
- Network Load Balancer
How would you create ELB SGs?
ELB SG: receive HTTPS and HTTP from anywhere and restrict EC2 instances behind the ELB to accept just ELB SG private HTTP requests on port 80
Can you scale an ELB?
Yes, but not instantaneously, you need to contact AWS for a “warm-up”
What means ELB 503 error?
At capacity or no registered target
What to do if your ELB can’t connect to your appllication?
Check your SGs
What can you use for ELB monitoring?
ELB access logs and CloudWatch Metrics
What does provide a Classic Load Balancer?
It provides a fixed hostname and basic load balancing across multiple Amazon EC2 instances
At what level does operate a Classic Load Balancer?
operates at both the request level (layer 7, HTTP, HTTPS) and connection level (layer 4, TCP)
What is intended for a Classic Load Balancer?
is intended for applications that were built within the EC2-Classic network
What does provide an Application Load Balancer?
It provides a fixed hostname and advanced request routing to target groups based on request:
- path
- hostname
- query string, headers
At what level does operate an Application Load Balancer?
operates at request level (layer 7, HTTP, HTTPS, WebSocket)
What is intended for an Application Load Balancer?
modern application architectures, including microservices and containers
What would you need roughly to replace an Application Load Balancer in front of several applications with a Classic Load Balancer?
multiple Classic Load Balancer per application
What feature does provide an Application Load Balancer to communicate to ECS?
A port mapping feature to redirect to a dynamic port in ECS
What are the Application Load Balancer’s target groups?
- EC2 instances (can be managed by an ASG) – HTTP
- Lambda functions – HTTP request is translated into a JSON event
- IP Addresses – must be private IPs
At what level does Health Check occur on Application Load Balancers?
At target group level
How an application server behind an Application Load Balancer can see the IP, port and protocol of the client directly?
- The true IP of the client is inserted in the header X-Forwarded-For
- We can also get Port (X-Forwarded-Port) and proto (X-Forwarded-Proto)
What does provide a Network Load Balancer?
High performance load balancing of Transmission Control Protocol (TCP), User Datagram Protocol (UDP) and Transport Layer Security (TLS) traffic
At what level does operate a Network Load Balancer?
At connection level (layer 4, TCP, UDP, TLS)
What is intended for a Network Load Balancer?
extreme performance
What ELB is not free tier?
Network Load Balancer
What is Load Balancer Stickiness?
the same client is always redirected to the same instance behind a load balancer
What ELB are compatible with Stickiness?
Classic and Application Load Balancers
What can you control in an ELB Stickiness configuration
The expiration date of the cookie used
What could cause ELB Stickiness?
May bring imbalance to load
What is a common use case for ELB Stickiness?
make sure the user doesn’t lose his session data
What is Cross-Zone Load Balancing?
A configuration where each load balancer instance distributes evenly across all registered instances in all AZ
What is the behavior if Cross-Zone Load Balancing is disabled?
each load balancer node distributes requests evenly across the registered instances in its Availability Zone only
How is Cross-Zone Load Balancing by default on ELBs?
- Classic Load Balancer: Disabled by default
- Application Load Balancer: Always on (can’t be disabled)
- Network Load Balancer: Disabled by default
What SSL certificates use ELBs?
an x.509 certificate, but you can create or upload your own certificates alternatively
What you must specify for ELB’s HTTPS listeners?
A default SSL certificate
What can you do to support multiple domains on ELBs from security perspective?
you can add optional list of certs
How can the ELB redirect to correct hostname in case it is in front of many different hostnames?
clients can use SNI to specify the hostname they reach
How can an ELB support older versions of SSL / TLS?
It provides the ability to specify a security policy
What problem solves SNI?
solves the problem of loading multiple SSL certificates onto one web server (to serve multiple websites)
What is SNI?
Server Name Indication is a “newer” protocol, and requires the client to indicate the hostname of the target server in the initial SSL handshake
With what ELB does SNI work?
ALB and NLB (newer generation) and CloudFront
What’s ELB Connection Draining?
Time to complete “in-flight requests” while the instance is de-registering or unhealthy
What is the name of Connection Draining for ALBs and NLBs
Deregistration Delay
What is the default and range values of Connection Draining?
Between 1 second and 1 hour, the default is 5 minutes
Can you disable Connection Draining?
Yes, set it to 0
Which ELB does provide a fixed IP address?
NLB (helpful for whitelisting specific IP)
What is exposed by a load balancer?
a single point of access (DNS) to your application
What are 4xx and 5xx errors in ELBs?
- 4xx errors are client induced errors
- 5xx errors are application induced errors
