High Availability & Scalability Flashcards
_______ are crucial for load balancers and they enable the load balancer to know if instances it forwards traffic to are available to reply to requests and health check is done on a port and a route (/health is common) and if the response is not 200 (OK) the the instance is unhealthy
Health checks
What are the different types of load balancer on AWS?
- Classics load balancer
- application load balancer (HTTP, HTTPS, TCP, SSL (secure TCP)
- Network load balancer (TCP, TLS (secure TCP), UDP)
- Gateway load balancer (operates at layer 3)
Application load balance is a __________ (HTTP)
Layer 7
_____________ load balancing to multiple HTTPS applications across machines (target groups) and multiple applications on the same machine (ex containers) and it support for HTTP/2 and websocket and support redirects (from HTTP to HTTPS for example)
Application load balancer
Application load balancer supports __________
Route routing ( routing based on path in URL, host name in URL, query string, headers)
ALB (Application load balancer) are a great fit for ___________ applications
Micro services & container based application (ex. Docket & Amazon ECS)
What are the different target groups for application load balancer?
- EC2 instance (can be managed by an auto scaling group)- HTTP
- ECS task (managed by ECS itself)- HTTP
- Lambda functions - HTTP request is translated into a JSON event
- IP addresses- must be private IPs
ALB can route multiple target groups & health checks are at the target group level
What are some features should know about application load balancer?
- Fixed host and (XXX.region.elb.amazonaws.com)
- The application servers don’t see the IP of the client directly (the true IP of the client is inserted in the header X-forwarded-For)
Network load balancer (layer 4) allows you to do what?
- Forward TCP & UDP traffic to your instances
- Handle millions of request per seconds
- Less latency - 100ms (vs 400 ms for ALB)
Network load balancer (NLB) has _____________ per AZ and supports assigning elastic IP(helpful for whitelisting specific IP)
one static IP per AZ
What are the target groups for network load balancer?
- EC2 instances
- IP Addresses (must be private IP)
- Application load balancer
- Health checks supports the TCP, HTTP, and HTTPS protocols
___________ is used to deploy, scale, and manage a fleet of 3rd party network virtual appliances in AWS
Gateway Load Balancer
What are some features of gateway load balancer?
- Operates at layer 3 (Network layer) - IP packets
- Combines the following functions:
1. Transparent network gateway- single entry/exit for all traffic
- Load balancer- distributes traffic to your virtual appliances
- Uses the GENEVE protocol on port 6081
What are the target groups for gateway load balancer?
- EC2 instances
- IP addresses (must be private IPs)
How does a gateway load balancer work?
- Users (source) use route table
- That route table sends traffic to the gateway load balancer
- The gateway load balancer send that traffic to your target group
- Target groups sends the traffic back to gateway load balancer
- The gateway load balancer sends traffic to your application
It’s possible to implement ___________ so that the same client is always redirected to the same instance behind a load balancer
stickiness (sticky sessions)
__________ works for classic load balancer, application load balancer, and network load balancer
Sticky session (the cookie used for stickiness has an expiration date you control) (NLB can work without cookies)
What are the use case for sticky sessions?
To make sure the user doesn’t lose his session data
What are the two types of cookies you can have for sticky sessions?
- Application- based cookies
- Custom cookie that is generated by the target & dont use AWSALB, AWSALBAPP, or AWSALBTG when naming your cookie (it’s reserved for use by the ELB) - Duration - based cookie
- Cookie generated by the load balancer
- Cookie name is AWSALB for ALB, AWSELB for CLB
With __________ each load balancer instance distribute evenly across all registered instances in all AZ
Cross - Zone load balancing
Without _________ request are distributed in the instance of the node of the elastic load balancer
Without cross zone balancer
With the ________ by default the cross zone load balancing is enabled (but can be disabled at the target group level) & no charges for inter AZ data
Application load balancer
With ____________ cross zone balancing is disabled by default and if enabled will have to pay for inter AZ
Network load balancer and & gateway load balancer
An _____________ allows traffic between your client and your load balancer to be encrypted in transit ( in flight encryption)
SSL certificate
__________ refers to secure socket layer, used to encrypt connections
SSL
__________ refers to transport layer security, which is a newer version& nowadays it’s mainly used but people still refer as SSL
TLS
Clients use ______ to specify the host name they reach
SNI (server Name indication)
_______ solves the problem of loading multiple SSL certificates onto one web server (to serve multiple websites) & it’s a “newer” protocol & requires the client to Indi image the host name of the target server in the initial SSL handshake
SNI (only works for ALB & NLB)
________ support only one SSL certificate and must use multiple CLB for multiple hostname with multiple SSL certificates
Classic load balancer (v1)
____________ supports multiple listeners with multiple SSL certificates & uses server name indication (SNI) to make it work
Application load balancer (v2)
___________ supports multiple listeners with multiple SSL certificates & uses SNI to make it work
Network load balancer (v2)
When using a CLB connection draining is called __________
Connection draining
When using an ALB & NLB connection draining is called what?
Deregistration delay
___________ gives time to complete “in flight request” while the instance is De-registering or unhealthy and once it’s done the ELB will stop sending new request to the EC2 jbstance which is De-registering (can setup parameters for 5 mind & can be fisabled by setting the vsl you e to 0)
Connection draining
How does connection draining work?
- When an instance is in draining mode, the users that are connected with the ELB are waiting for existing connections to be completed
- If new users try to connect to the ELB then the ELB will only establish new connections with other EC2 instances
With connection draining with you set it to a _______ value your request must be short
Low value
Auto scaling groups (ASG) are __________
Free (only pay for the underlying EC2 instance)
What are the auto scaling group attributes?
- Launch template
- AMI + instance type
- EC2 user data
- EBS volumes
- security groups
- SSH key pair
- IAM roles for your EC2 instances
- Network + subnets information
- Load balancer information - Min size / Max size / initial capacity
- Scaling policies
It’s possible to scamjng an ASG based on ____________ alarms
Cloudwatch alarms
An alarm is a ________ (such as avg CPU or custom metric) so for example if the avg CPU as a whole for your ASG is too high then need to add EC2 instance which will trigger the alarm & scaling activity in your scaling group
metric
Related to ASG and cloudestch alarms, based on the alarms what can you create?
- Can create scale - out policies (increase the number of instances)
- Can create scale - in policies (decrease the number of instances)
What are the different types of scaling policies?
- Dynamic scaling
- Which has target tracking scaling (define a metric and target value and the ASG will scale out or in to keep your target metric) - Simple/ step scaling
- when a cloudwatch alarm is triggered (when your metric is higher than your target) then adds 2 units
- when a cloudwatch alarm is trigger ( when metric is below your target) then it removes one
- Schedules scaling
- aniticioae a scaling based on knownusage patterns (ex increase the min capacity to 10 at 5pm on Fridays bc u know you will get new users) - Predictive scaling
- Continuously forecast load and schedule scaling ahead of time
What are some good metrics to scale on?
- CPU Utilization (avg CPU)
- Request count per target: to make sure the number of request per EC2 instance is table
- Average network in/out (if you’re application is network bound)
- Any custom metric (that you push using cloudwatch)
After a scaling activity happens your are in the ______________
Cool down period (default 300 seconds)
What occurs in the ASG scaljnc cooldowns?
During the cooldown period, the ASG wil not launch lr terminate additional instance (to allow for metrics to stabilize)
- So you would wanna use a ready to use AMI to reduce configuration time in order to be serving request faster and reduce the cooldown period
