Load Balancer

Question 1

Means that an application / system can handle greater loads by adapting.

Answer 1

Scalability

Question 2

What are the 2 types of Scalability

Answer 2

Vertical
Horizontal

Question 3

Icreasing the size of the instance

Answer 3

Vertical Scalability

Question 4

Vertical scalability is very common for ___________, such as a ____________.

Answer 4

non distributed systems
database

Question 5

What are 2 types of services that can scale vertically?

Answer 5

RDS
ElastiCache

Question 6

Is there’s usually a limit to how much you can vertically scale and WHY????

Answer 6

YES
Hardware limit

Question 7

Means increasing the number of instances / systems for your application

Answer 7

Horizontal Scalability

Question 8

____________ scaling implies distributed systems.

Answer 8

Horizontal

Question 9

Very common for web applications /
modern applications

Answer 9

Horizontal Scalability

Question 10

___________ usually goes hand in hand with horizontal scaling

Answer 10

High Availability

Question 11

Means running your application / system in at least 2 data centers (== Availability Zones)

Answer 11

High Availability

Question 12

What is the goal of high availability?

Answer 12

survive a data center loss

Question 13

The high availability can be _________ (for RDS Multi AZ for example)

Answer 13

passive

Question 14

The high availability can be _______ (for horizontal scaling)

Answer 14

active

Question 15

Are servers that forward traffic to multiple servers (e.g., EC2 instances) downstream

Answer 15

Load Balances

Question 16

READ ALL OF THESE
* Spread load across multiple downstream instances
* Expose a single point of access (DNS) to your application
* Seamlessly handle failures of downstream instances
* Do regular health checks to your instances
* Provide SSL termination (HTTPS) for your websites
* Enforce stickiness with cookies
* High availability across zones
* Separate public traffic from private traffic

Answer 16

Load Balances

Question 17

They enable the load balancer to know if instances it forwards traffic to are available to reply to requests

Answer 17

Health Checks

Question 18

The health check is done on a ______ and a ________

Answer 18

port
route

Question 19

If the response is not __________ (OK), then the instance is unhealthy

Answer 19

200

Question 20

AWS has 4 kinds of managed Load Balancers

Answer 20

Classic Load Balancer
Application Load Balancer
Network Load Balancer
Gateway Load Balancer

Question 21

(v1 - old generation) – 2009 – * HTTP, HTTPS,TCP,SSL(secureTCP)
* Supports TCP (Layer 4), HTTP & HTTPS (Layer 7)
* Health checks are TCP or HTTP based
* Fixed hostname XXX.region.elb.amazonaws.com

Answer 21

Classic Load Balancer

Question 22

(v2 - new generation) – 2016 – * HTTP, HTTPS,WebSocket
* Is Layer 7 (HTTP)
* Load balancing to multiple HTTP applications across machines (target groups)
* Load balancing to multiple applications on the same machine (ex: containers)
* Suppor t for HTTP/2 and WebSocket
* Support redirects (from HTTP to HTTPS for example)

Answer 22

Application Load Balancer

Question 23

(v2 - new generation) – 2017
* TCP,TLS(secureTCP),UD

Answer 23

Network Load Balancer

Question 24

2020 –
* Operates at layer 3 (Network layer) – IP Protocol

Answer 24

Gateway Load Balancer

Question 25

What are the 3 ways of Application Load Balancer routing tables to different target groups

Answer 25

Routing based on path in URL
Routing based on hostname in URL
Routing based on Query String, Headers

Question 26

are a great fit for micro services & container-based application (example: Docker & Amazon ECS)

Answer 26

Application Load Balancer (ALB)

Question 27

Does ALB have a port mapping feature to redirect to a dynamic port in ECS?

Answer 27

YES

Question 28

Application Load Balancer (v2) Target Groups (4)

Answer 28

EC2 instances (can be managed by an Auto Scaling Group) – HTTP
ECS tasks (managed by ECS itself) – HTTP
Lambda functions – HTTP request is translated into a JSON event
IP Addresses – must be private IPs

Question 29

Can ALB’s route to multiple target groups

Answer 29

YES

Question 30

For ALB’s, Health checks are at what level?

Answer 30

target group level

Question 31

READ EVERYTHING
* Fixed hostname (XXX.region.elb.amazonaws.com)
* The application servers don’t see the IP of the client directly
* The true IP of the client is inserted in the header X-Forwarded-For
* We can also get Port (X-Forwarded-Port) and proto (X-Forwarded-Proto)

Answer 31

Application Load Balancer (v2)

Question 32

(Layer 4) allow to:
* Forward TCP & UDP traffic to your instances
* Handle millions of request per seconds
* Less latency ~100 ms (vs 400 ms for ALB)

Answer 32

Network Load Balancer (v2)

Question 33

Are used for extreme performance,TCP or UDP traffic

Answer 33

NLB

Question 33

NLB has ______ static IP per AZ, and supports assigning Elastic IP (helpful for whitelisting specific IP)

Answer 33

ONE

Question 34

Is NLB included in the AWS free Tier????

Answer 34

NO

Question 35

Network Load Balancer – Target Groups (4)

Answer 35

• EC2 instances
• IP Addresses – must be private IPs
• Application Load Balancer
• Health Checks support the TCP, HTTP and HTTPS Protocols

Question 36

• Deploy, scale, and manage a fleet of 3rd party network virtual appliances in AWS
• Example: Firewalls, Intrusion Detection and Prevention Systems, Deep Packet Inspection Systems, payload manipulation, …

Answer 36

Gateway Load Balancer

Question 37

Operates at Layer 3 (Network Layer) – IP Packets

Answer 37

Gateway Load Balancer

Question 38

GLB Combines 2 of the following functions

Answer 38

Transparent Network Gateway – single entry/exit for all traffic
Load Balancer – distributes traffic to your virtual appliances

Question 39

GLB uses the _________ protocol on port ______?

Answer 39

GENEVE
6081

Question 40

Gateway Load Balancer –Target Groups (2)

Answer 40

• EC2 instances
• IP Addresses – must be private IPs

Question 41

READ EVERYTHING
* It is possible to implement stickiness so that the same client is always redirected to the same instance behind a load balancer
* This works for Classic Load Balancer, Application Load Balancer, and Network Load Balancer
* For both CLB & ALB, the “cookie” used for stickiness has an expiration date you control
* Use case: make sure the user doesn’t lose his session data
* Enabling stickiness may bring imbalance to the load over the backend EC2 instances

Answer 41

Sticky Sessions (Session Affinity)

Question 42

2 types of Sticky Sessions – Cookie Names

Answer 42

Application-based Cookies
Duration-based Cookies

Question 43

2 types of Application-based Cookies

Answer 43

Custom cookie
Application cookie

Question 44

• Generated by the target
• Can include any custom attributes required by the application
• Cookie name must be specified individually for each target group
• Don’t use AWSALB, AWSALBAPP, or AWSALBTG (reserved for use by the ELB)

Answer 44

Custom cookie

Question 45

• Generated by the load balancer
• Cookie name is AWSALBAPP

Answer 45

Application cookie

Question 46

• Cookie generated by the load balancer
• Cookie name is AWSALB for ALB, AWSELB for CLB

Answer 46

Duration-based Cookies

Question 47

• Enabled by default (can be disabled at the Target Group level)
• No charges for inter AZ data

Answer 47

Cross-Zone Load Balancing for Application Load Balancer

Question 48

• Disabled by default
• You pay charges ($) for inter AZ data if enabled

Answer 48

Cross-Zone Load Balancing for Network Load Balancer & Gateway Load Balancer

Question 49

• Disabled by default
• No charges for inter AZ data if enabled

Answer 49

Cross-Zone Load Balancing for Classic Load Balancer

Question 50

• Allows traffic between your clients and your load balancer to be encrypted in transit (in-flight encryption)
• Used to encrypt connections

Answer 50

An SSL Certificate

Question 51

What does SSL stand for??

Answer 51

Secure Sockets Layer

Question 52

What is the newer version of SSL??

Answer 52

TLS

Question 53

What does TLS stand for??

Answer 53

Transport Layer Security

Question 54

You can manage SSL/TLS certificates using ________?

Answer 54

ACM (AWS Certificate Manager)

Question 55

• You must specify a default certificate
• You can add an optional list of certs to support multiple domains
• Clients can use SNI (Server Name Indication) to specify the hostname they reach
• Ability to specify a security policy to support older versions of SSL /TLS (legacy clients)

Answer 55

SSL Certificates - HTTPS listener

Question 56

• Only works for ALB & NLB (newer generation), CloudFront
• Does not work for CLB (older gen)

Answer 56

SSL – Server Name Indication (SNI)

Question 57

• solves the problem of loading multiple SSL certificates onto one web server (to serve multiple websites)
• It’s a “newer” protocol, and requires the client to indicate the hostname of the target server in the initial SSL handshake
• The server will then find the correct certificate, or return the default one

Answer 57

SSL – Server Name Indication (SNI)

Question 58

• Support only one SSL certificate
• Must use multiple CLB for multiple hostname with multiple SSL certificates

Answer 58

Classic Load Balancer

Question 59

• Supports multiple listeners with multiple SSL certificates
• Uses Server Name Indication (SNI) to make it work

Answer 59

Elastic Load Balancers – SSL Certificates for Application Load Balancer (v2)

Question 60

Which 2 Load Balancers

• Supports multiple listeners with multiple SSL certificates
• Uses Server Name Indication (SNI) to make it work

Answer 60

Network Load Balancer
Application Load Balancer

Question 61

• Time to complete “in-flight requests” while the instance is de-registering or unhealthy
• Stops sending new requests to the EC2 instance which is de-registering
• Between 1 to 3600 seconds (default: 300 seconds)
• Can be disabled (set value to 0)
• Set to a low value if your requests are short

Answer 61

Deregistration Delay

Question 62

• In real-life, the load on your websites and application can change
• In the cloud, you can create and get rid of servers very quickly

Answer 62

What’s an Auto Scaling Group?

Question 63

READ EVERYTHING
* Scale out (add EC2 instances) to match an increased load
* Scale in (remove EC2 instances) to match a decreased load
* Ensure we have a minimum and a maximum number of EC2 instances running
* Automatically register new instances to a load balancer
* Re-create an EC2 instance in case a previous one is terminated (ex: if unhealthy)

Answer 63

Auto Scaling Group (ASG)

Question 64

Is ASG free???

Answer 64

YES .. (you only pay for the underlying EC2 instances)

Question 65

(3) Auto Scaling Group Attributes

Answer 65

A Launch Template
Min Size / Max Size / Initial Capacity
Scaling Policies

Question 66

Is it possible to scale an ASG based on CloudWatch alarms??

Answer 66

YES

Question 67

Auto Scaling Groups – Dynamic Scaling Policies (3)

Answer 67

Target Tracking Scaling
Simple / Step Scaling
Scheduled Actions

Question 68

Auto Scaling Groups – Dynamic Scaling Policies:
* Most simple and easy to set-up
* Example: I want the average ASG CPU to stay at around 40%

Answer 68

Target Tracking Scaling

Question 69

Auto Scaling Groups – Dynamic Scaling Policies:
* When a CloudWatch alarm is triggered (example CPU > 70%), then add 2 units
* When a CloudWatch alarm is triggered (example CPU < 30%), then remove 1

Answer 69

Simple / Step Scaling

Question 70

Auto Scaling Groups – Dynamic Scaling Policies:
* Anticipate a scaling based on known usage patterns
* Example: increase the min capacity to 10 at 5 pm on Fridays

Answer 70

Scheduled Actions

Question 71

Auto Scaling Groups - continuously forecast load and schedule scaling ahead

Answer 71

Predictive scaling

Question 72

4 Good metrics to scale on…

Answer 72

• CPUUtilization: Average CPU utilization across your instances
• RequestCountPerTarget: to make sure the number of requests per EC2 instances is stable
• Average Network In / Out (if you’re application is network bound)
• Any custom metric (that you push using CloudWatch)

Question 73

After a scaling activity happens, you are in the _______?

Answer 73

cooldown period

Question 74

What is the default cooldown period?

Answer 74

300 seconds

Question 75

During the cooldown period, the ASG will _________?

Answer 75

not launch or terminate additional instances (to allow for metrics to stabilize)

Question 76

Increase or decrease the current capacity of the group based on a target value for a specific metric. This is similar to the way that your thermostat maintains the temperature of your home – you select a temperature and the thermostat does the rest.

Answer 76

Target tracking scaling

Question 77

Increase or decrease the current capacity of the group based on a set of scaling adjustments, known as step adjustments, that vary based on the size of the alarm breach.

Answer 77

Step scaling

Question 78

Increase or decrease the current capacity of the group based on a single scaling adjustment.

Answer 78

Simple scaling

Question 79

READ EVERYTHING
1. If there are instances in multiple Availability Zones, choose the Availability Zone with the most instances and at least one instance that is not protected from scale in. If there is more than one Availability Zone with this number of instances, choose the Availability Zone with the instances that use the oldest launch configuration.

2. Determine which unprotected instances in the selected Availability Zone use the oldest launch configuration. If there is one such instance, terminate it.
3. If there are multiple instances to terminate based on the above criteria, determine which unprotected instances are closest to the next billing hour. (This helps you maximize the use of your EC2 instances and manage your Amazon EC2 usage costs.) If there is one such instance, terminate it.
4. If there is more than one unprotected instance closest to the next billing hour, choose one of these instances at random.