High Availability and Scalability: ELB & ASG

Question 1

What is scalability?

Answer 1

Means your application can adapt to accommodate for greater loads

Question 2

What are the 2 kinds of scalability

Answer 2

Vertical
Horizontal (elasticity)

Question 3

Vertical Scalability

Answer 3

Increasing the Size of the instance

Question 4

Common use case of Vertical scalability?

Answer 4

Non distributed systems such as database

RDS, Elasticache

Question 5

What is the limit of Vertical Scalability?

Answer 5

Hardware limit

Question 6

Horizontal Scalability

Answer 6

Increase the number of instances/systems for your app

Question 7

What does horizontal scaling implies?

Answer 7

That you have distributed systems

Question 8

What is horizontal scalability most common for?

Answer 8

Web apps / modern apps

Question 9

What is High Availability?

Answer 9

Means running your app / system in at leas 2 data centres (AZ)

Question 10

Goal of HA?

Answer 10

Survive a data centre loss

Question 11

HA can be passive and also active. Give 2 examples

Answer 11

Passive - RDS Multi AZ
Active - Horizontal Scaling

Question 12

What type of scalability is Auto Scaling Group & Load balancer part of?

Answer 12

Horizontal Scaling

Question 13

What is Auto Scaling Group multi AZ & Load Balancer multi AZ part of?

Answer 13

High Availability

Question 14

What is a Load Balancer (ELB)

Answer 14

servers forward traffic to multiple servers (EC2 instances) down stream

Question 15

What can provide Spreading of load across multiple downstream instances?

Answer 15

ELB

Question 16

What can expose single point of access (DNS) to your app?

Answer 16

ELB

Question 17

What can seamlessly handle failures of downstream instances?

Answer 17

ELB

Question 18

What can do regular health checks to your instances?

Answer 18

ELB

Question 19

What can provide SSL termination (HTTPS) for your websites?

Answer 19

ELB

Question 20

What can enforce stickiness with cookies?

Answer 20

ELB

Question 21

What can provide HA across zones?

Answer 21

ELB

Question 22

What can separate public traffic from private traffic?

Answer 22

ELB

Question 23

ELB is integrated with

Answer 23

EC2, EC2 Auto Scaling Groups, Amazon ECS

AWS Certificate Manager (ACM), CloudWatch

Route 53, AWS WAF, AWS Global Accelerator

Question 24

How do ELB do health checks of EC2 instances?

Answer 24

Have a dedicated port and a route. Its important to know when to not send traffic to an instance if its down

Question 25

What does the instance response need to be to be healthy?

Answer 25

200 OK

Question 26

How many types of ELB are there on AWS?

Answer 26

4

Question 27

What are the types of ELB?

Answer 27

1. Classic Load Balancer (HTTP, HTTPS, TCP, SSL (Secure TCP)
2. Application Load Balancer (HTTP, HTTPS, WebSocket)
3. Network Load Balancer (TCP, TLS (secure TCP), UDP)
4. Gateway Load Balancer (layer 3 (Network Layer)) - IP protocol

Question 28

Load Balancer Security Groups Architecture

Answer 28

Users use HTTPS/HTTP From anywhere to connect to Load Balancer. The SG on LB allows 80 (HTTP) and 443 (HTTPS).

The SG of the EC2 instance ONLY allows the SG from the LB to connect via HTTP (80). So the source will not be an IP, but the SG name. And allow traffic only.

Question 29

Which OSI Layer is Application LB?

Answer 29

7 - ONLY HTTP

Question 30

What does Application LB have support for?

Answer 30

HTTP/2 & WebSocket

Question 31

Does Application LB support redirects?

Answer 31

Yes from HTTP to HTTPS

Question 32

What are ALB great for?

Answer 32

Micro services & container-based applications

(Docker & Amazon ECS)

Question 33

ALB can route, to different target groups. Give an ex.

Answer 33

example.com/users & example.com/posts

Question 34

Benefit of ALB

Answer 34

You can have just 1 for multiple applications

Question 35

ALB Architecture example

Answer 35

1 App Load Balancer routing www.example.com/user to HTTP target group for Users (2 EC2) and also routing example.com/search to another target group for Search applications that have 2 different EC2 instancesd

Question 36

What are Target Groups?

Answer 36

Can be
1. EC2 instances (managed by ASG) HTTP
2. ECS tasks (ECS managed) HTTP
3. Lambda Functions - HTTP req is translated into a JSON event
4. IP Addr - must be private IP

Question 37

Can ALB route to multiple target groups?

Answer 37

Yes

Question 38

Where are the health checks done with an ALB?

Answer 38

Target Group Level

Question 39

What can you do with an ALB to redirect 2 different types of traffic to 2different target groups?

Answer 39

Write Query Strings/Parameters

Question 40

How does the Client IP talk to EC2 instance with an ALB in the middle?

Answer 40

ALB uses Connection Termination which takes the client public IP and then uses the Load Balancers Private IP to talk to the EC2 instance

Question 41

What layer is Network Load Balancer in?

Answer 41

Layer 4 - Transport Layer

Question 42

What does Network Load Balancer allow?

Answer 42

Forward TCP & UDP traffic to instances

Question 43

Benefit of having NLB vs ALB?

Answer 43

Less latency ~100 ms

Question 44

How many static IP does NLB have per AZ?

Answer 44

Only 1

Question 45

Does support Elastic IP?

Answer 45

Yes

Question 46

What can you connect with an NLB?

Answer 46

Target Groups with:
1. EC2 instances
2. IP of EC2 instances/servers
3. Target Group that has an ALB inside

Question 47

Can you put an NLB in front of an ALB?

Answer 47

Yes

Question 48

What health checks does NLB support?

Answer 48

TCP
HTTP
HTTPS protocols

Question 49

When would you use a Gateway Load Balancer for?

Answer 49

Firewalls, IDS/IPS, Deep Packet Inspection Systems, Payload manipulation..

Basically you can redirect all traffic into one of the above using the GLB

Question 50

Gateway Load Balancer Architecture Scenario

Answer 50

User traffic goes to routing table, which goes to GLB, then GLB distributes traffic to Target groups (firewall EC2, IDS, etc) then they get checked, go back to the GLB, then get sent to the application

Question 51

Which OSI layer does Gateway Load Balancer operate at?

Answer 51

Layer 3 - Network layer (IP packets)

Question 52

What are the two functions of a Gateway Load Balancer?

Answer 52

1. Transparent Network Gateway
2. Load Balancer

Question 53

What does a Transparent Network Gateway function of a Gateway Load Balancer do?

Answer 53

Single entry/exit for all traffic

Question 54

What does Load Balancing of GLB does?

Answer 54

Distributes traffic to your virtual appliances

Question 55

Which Load Balancer uses GENEVE protocol on port 6081?

Answer 55

Gateway Load Balancer

Question 56

What are GLB Target Groups?

Answer 56

EC2 Instances & IP Addresses (private)

Question 57

What are Sticky Sessions (Session Affinity)

Answer 57

When you have 3 clients, 1 Load Balancer, and 2 EC2 instances and you redirect client 1 ALWAYS to the same EC2 instance. You can do the same with the other 2 clients for example.

Question 58

Which Load Balancers can have Sticky Sessions?

Answer 58

Network / App load balancers

Question 59

How does a sticky session work? (technical)

Answer 59

Cookie is used and has an expiration date you control

Question 60

Why would you use a sticky session?

Answer 60

For the user so they do not lose their session data

Question 61

What are the 2 session cookies you can have for Sticky Sessions?

Answer 61

Application (custom & application) & duration

Question 62

Who creates the Duration cookie?

Answer 62

The load balancer

Question 63

Who creates the custom cookie in App base cookies?

Answer 63

The target

Question 64

Who creates the application cookie in app based cookies?

Answer 64

Load balancer

Question 65

Cross Zone Load Balancing

Answer 65

2 AZ and 2 LB. 1 AZ has 2 instances, the other has 8. Regardless of which LB the traffic goes to, it will be distributed 50/50 on each AZ. This means that all 10 EC2 get 10% traffic, so it is even

Question 66

Which LB is Cross Load Balancing enabled by default?

Answer 66

Application Load Balancer

Question 67

Which LB is Cross Load Balancing disabled by default?

Answer 67

Network & Gateway

Question 68

What is an SSL certificate?

Answer 68

Allows traffic between clients & load balancer to be encrypted in transit

Question 69

SSL meaning

Answer 69

Secure Sockets Layer

Question 70

TLS meaning

Answer 70

Transport Layer Security (newer version of SSL)

Question 71

Who issues public SSL certificates?

Answer 71

Certificate Authorities (CA)

Question 72

How doe SSL Certs work?

Answer 72

Users contact Load balancer using HTTPS over public internet, then ssl termination happens inside load balancer, and then HTTP is used over VPC to reach EC2 instance

Question 73

What is an X.509 certificate?

Answer 73

SSL/TLS Server cert

Question 74

What is an HTTPS listener?

Answer 74

It is a socket that is established between server and client. This is how you connect

Question 75

What is SNI?

Answer 75

Server Name Indication

Question 76

What does SNI solve?

Answer 76

How to load multiple SSL certs onto one web server (for multiple websites)

Question 77

What does SNI require the client to indicate?

Answer 77

Host name of the target server in the initial SSL handshake. Then the server knows which certificate to use

Question 78

SNI only works for which LB?

Answer 78

App & Network & CloudFront

Question 79

What is Connection Draining? (Deregistration Delay)

Answer 79

Sets the time to complete the “in-flight requests” while the instance is de-registering or unhealthy

Question 80

What happens when you de-register an EC2 instance?

Answer 80

Load Balancer stops sending new requests to that “unhealthy” instance

Question 81

What does an Auto Scaling Group (ASG) do when load increases/decreases

Answer 81

Allows to scale in/out to match load

Question 82

What can you ensure with an ASG?

Answer 82

That you have minimum / maximum number of EC2 instances running

Question 83

What can an ASG do automatically?

Answer 83

Register new instances to a Load Balancer

Question 84

What happens if an EC2 instance is terminated (unhealthy) and is in an ASG?

Answer 84

It automatically creates a new one in its place

Question 85

What do you set in an ASG?

Answer 85

Minimum
Desired
Maximum capacity

Question 86

What is an ASG Launch Template?

Answer 86

It contains information on how to launch EC2 instances within your ASG - contains all the info you need (parameters)

Question 87

ASG can be triggered by which AWS service?

Answer 87

CloudWatch Alarm

Question 88

What can trigger a CloudWatch Alarm?

Answer 88

Metrics such as Average CPU usage etc

Question 89

What are the 2 kinds of Auto Scaling Policies?

Answer 89

Dynamic & Predictive

Question 90

How does Target Tracking Scaling Work (dynamic)

Answer 90

E.g. I want ASG CPU usage to stay at around 40%

Question 91

How does the Simple / Step Scaling work (dynamic)

Answer 91

Cloud watch alarm, when CPU goes over 70% add 2 units.

When CPU goes under 30% remove one unit

Question 92

How do Scheduled Actions work in ASG (dynamic)

Answer 92

Based on known usage patterns

e.g. Increase min capacity to 10 at 5pm on Fridays

Question 93

How does Predictive Scaling work?

Answer 93

Continuously forecast load and schedule scaling ahead

1. Analyse historical load
2. Generate forecast
3. Schedule scaling actions

Question 94

What are some good metrics to scale on?

Answer 94

1. CPU Utilisation
2. Request Count Per Target
3. Average Network In/Out
4. Any custom metric (cloud watch)

Question 95

What are Scaling Cooldowns?

Answer 95

After scaling activity you are in a cool down period (300 sec)

Question 96

What is an ASG not allowed to do during a cooldown period?

Answer 96

Terminate, or launch instances

Question 97

How can you reduce cooldown period of ASG?

Answer 97

Use ready-to-use AMI

Question 98

An Elastic Load Balancer provides

Answer 98

Stati DNS name

Question 99

What do you do if your website only sees your Load Balancers private address instead of your users?

Answer 99

Modify websites back end to get the client IP address from the X-Forwarded-For header

Question 100

What protocols do ALBs support?

Answer 100

HTTP/HTTPS/WebSocket