High Availability and Scalability: ELB & ASG Flashcards
What is scalability?
Means your application can adapt to accommodate for greater loads
What are the 2 kinds of scalability
Vertical
Horizontal (elasticity)
Vertical Scalability
Increasing the Size of the instance
Common use case of Vertical scalability?
Non distributed systems such as database
RDS, Elasticache
What is the limit of Vertical Scalability?
Hardware limit
Horizontal Scalability
Increase the number of instances/systems for your app
What does horizontal scaling implies?
That you have distributed systems
What is horizontal scalability most common for?
Web apps / modern apps
What is High Availability?
Means running your app / system in at leas 2 data centres (AZ)
Goal of HA?
Survive a data centre loss
HA can be passive and also active. Give 2 examples
Passive - RDS Multi AZ
Active - Horizontal Scaling
What type of scalability is Auto Scaling Group & Load balancer part of?
Horizontal Scaling
What is Auto Scaling Group multi AZ & Load Balancer multi AZ part of?
High Availability
What is a Load Balancer (ELB)
servers forward traffic to multiple servers (EC2 instances) down stream
What can provide Spreading of load across multiple downstream instances?
ELB
What can expose single point of access (DNS) to your app?
ELB
What can seamlessly handle failures of downstream instances?
ELB
What can do regular health checks to your instances?
ELB
What can provide SSL termination (HTTPS) for your websites?
ELB
What can enforce stickiness with cookies?
ELB
What can provide HA across zones?
ELB
What can separate public traffic from private traffic?
ELB
ELB is integrated with
EC2, EC2 Auto Scaling Groups, Amazon ECS
AWS Certificate Manager (ACM), CloudWatch
Route 53, AWS WAF, AWS Global Accelerator
How do ELB do health checks of EC2 instances?
Have a dedicated port and a route. Its important to know when to not send traffic to an instance if its down
What does the instance response need to be to be healthy?
200 OK
How many types of ELB are there on AWS?
4
What are the types of ELB?
- Classic Load Balancer (HTTP, HTTPS, TCP, SSL (Secure TCP)
- Application Load Balancer (HTTP, HTTPS, WebSocket)
- Network Load Balancer (TCP, TLS (secure TCP), UDP)
- Gateway Load Balancer (layer 3 (Network Layer)) - IP protocol
Load Balancer Security Groups Architecture
Users use HTTPS/HTTP From anywhere to connect to Load Balancer. The SG on LB allows 80 (HTTP) and 443 (HTTPS).
The SG of the EC2 instance ONLY allows the SG from the LB to connect via HTTP (80). So the source will not be an IP, but the SG name. And allow traffic only.
Which OSI Layer is Application LB?
7 - ONLY HTTP
What does Application LB have support for?
HTTP/2 & WebSocket
Does Application LB support redirects?
Yes from HTTP to HTTPS
What are ALB great for?
Micro services & container-based applications
(Docker & Amazon ECS)
ALB can route, to different target groups. Give an ex.
example.com/users & example.com/posts
Benefit of ALB
You can have just 1 for multiple applications
ALB Architecture example
1 App Load Balancer routing www.example.com/user to HTTP target group for Users (2 EC2) and also routing example.com/search to another target group for Search applications that have 2 different EC2 instancesd
What are Target Groups?
Can be
1. EC2 instances (managed by ASG) HTTP
2. ECS tasks (ECS managed) HTTP
3. Lambda Functions - HTTP req is translated into a JSON event
4. IP Addr - must be private IP
Can ALB route to multiple target groups?
Yes
Where are the health checks done with an ALB?
Target Group Level
What can you do with an ALB to redirect 2 different types of traffic to 2different target groups?
Write Query Strings/Parameters
How does the Client IP talk to EC2 instance with an ALB in the middle?
ALB uses Connection Termination which takes the client public IP and then uses the Load Balancers Private IP to talk to the EC2 instance
What layer is Network Load Balancer in?
Layer 4 - Transport Layer
What does Network Load Balancer allow?
Forward TCP & UDP traffic to instances
Benefit of having NLB vs ALB?
Less latency ~100 ms
How many static IP does NLB have per AZ?
Only 1
Does support Elastic IP?
Yes
What can you connect with an NLB?
Target Groups with:
1. EC2 instances
2. IP of EC2 instances/servers
3. Target Group that has an ALB inside
Can you put an NLB in front of an ALB?
Yes
What health checks does NLB support?
TCP
HTTP
HTTPS protocols
When would you use a Gateway Load Balancer for?
Firewalls, IDS/IPS, Deep Packet Inspection Systems, Payload manipulation..
Basically you can redirect all traffic into one of the above using the GLB
Gateway Load Balancer Architecture Scenario
User traffic goes to routing table, which goes to GLB, then GLB distributes traffic to Target groups (firewall EC2, IDS, etc) then they get checked, go back to the GLB, then get sent to the application
Which OSI layer does Gateway Load Balancer operate at?
Layer 3 - Network layer (IP packets)
What are the two functions of a Gateway Load Balancer?
- Transparent Network Gateway
- Load Balancer
What does a Transparent Network Gateway function of a Gateway Load Balancer do?
Single entry/exit for all traffic
What does Load Balancing of GLB does?
Distributes traffic to your virtual appliances
Which Load Balancer uses GENEVE protocol on port 6081?
Gateway Load Balancer
What are GLB Target Groups?
EC2 Instances & IP Addresses (private)
What are Sticky Sessions (Session Affinity)
When you have 3 clients, 1 Load Balancer, and 2 EC2 instances and you redirect client 1 ALWAYS to the same EC2 instance. You can do the same with the other 2 clients for example.
Which Load Balancers can have Sticky Sessions?
Network / App load balancers
How does a sticky session work? (technical)
Cookie is used and has an expiration date you control
Why would you use a sticky session?
For the user so they do not lose their session data
What are the 2 session cookies you can have for Sticky Sessions?
Application (custom & application) & duration
Who creates the Duration cookie?
The load balancer
Who creates the custom cookie in App base cookies?
The target
Who creates the application cookie in app based cookies?
Load balancer
Cross Zone Load Balancing
2 AZ and 2 LB. 1 AZ has 2 instances, the other has 8. Regardless of which LB the traffic goes to, it will be distributed 50/50 on each AZ. This means that all 10 EC2 get 10% traffic, so it is even
Which LB is Cross Load Balancing enabled by default?
Application Load Balancer
Which LB is Cross Load Balancing disabled by default?
Network & Gateway
What is an SSL certificate?
Allows traffic between clients & load balancer to be encrypted in transit
SSL meaning
Secure Sockets Layer
TLS meaning
Transport Layer Security (newer version of SSL)
Who issues public SSL certificates?
Certificate Authorities (CA)
How doe SSL Certs work?
Users contact Load balancer using HTTPS over public internet, then ssl termination happens inside load balancer, and then HTTP is used over VPC to reach EC2 instance
What is an X.509 certificate?
SSL/TLS Server cert
What is an HTTPS listener?
It is a socket that is established between server and client. This is how you connect
What is SNI?
Server Name Indication
What does SNI solve?
How to load multiple SSL certs onto one web server (for multiple websites)
What does SNI require the client to indicate?
Host name of the target server in the initial SSL handshake. Then the server knows which certificate to use
SNI only works for which LB?
App & Network & CloudFront
What is Connection Draining? (Deregistration Delay)
Sets the time to complete the “in-flight requests” while the instance is de-registering or unhealthy
What happens when you de-register an EC2 instance?
Load Balancer stops sending new requests to that “unhealthy” instance
What does an Auto Scaling Group (ASG) do when load increases/decreases
Allows to scale in/out to match load
What can you ensure with an ASG?
That you have minimum / maximum number of EC2 instances running
What can an ASG do automatically?
Register new instances to a Load Balancer
What happens if an EC2 instance is terminated (unhealthy) and is in an ASG?
It automatically creates a new one in its place
What do you set in an ASG?
Minimum
Desired
Maximum capacity
What is an ASG Launch Template?
It contains information on how to launch EC2 instances within your ASG - contains all the info you need (parameters)
ASG can be triggered by which AWS service?
CloudWatch Alarm
What can trigger a CloudWatch Alarm?
Metrics such as Average CPU usage etc
What are the 2 kinds of Auto Scaling Policies?
Dynamic & Predictive
How does Target Tracking Scaling Work (dynamic)
E.g. I want ASG CPU usage to stay at around 40%
How does the Simple / Step Scaling work (dynamic)
Cloud watch alarm, when CPU goes over 70% add 2 units.
When CPU goes under 30% remove one unit
How do Scheduled Actions work in ASG (dynamic)
Based on known usage patterns
e.g. Increase min capacity to 10 at 5pm on Fridays
How does Predictive Scaling work?
Continuously forecast load and schedule scaling ahead
- Analyse historical load
- Generate forecast
- Schedule scaling actions
What are some good metrics to scale on?
- CPU Utilisation
- Request Count Per Target
- Average Network In/Out
- Any custom metric (cloud watch)
What are Scaling Cooldowns?
After scaling activity you are in a cool down period (300 sec)
What is an ASG not allowed to do during a cooldown period?
Terminate, or launch instances
How can you reduce cooldown period of ASG?
Use ready-to-use AMI
An Elastic Load Balancer provides
Stati DNS name
What do you do if your website only sees your Load Balancers private address instead of your users?
Modify websites back end to get the client IP address from the X-Forwarded-For header
What protocols do ALBs support?
HTTP/HTTPS/WebSocket
