Load Balancers Flashcards

1
Q

Briefly explain the four load balancers and the key differences between them.

A

Classic: old, very few use cases.
Application Load Balancer: the new hotness. It’s layer 7 (http, https, websockets)
Network Load Balancer: for layer 4 (tcp, udp). Better performance and lower latency than ALB. Unlike ALB, has only one static IP per AZ.
Gateway Load balancer: for 3rd party “virtual appliances”. Gives you one gateway for distributing traffic between them.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Explain layer 4 vs layer 7

A

Think of layer 7 as the outer layer of networking. That’s where you have high abstraction networking like http, https, websockets.

Layer 4 is deeper than layer 7; think tcp and udp packets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Can you load balance to multiple applications in the same machine (like docker images)

A

Yeah, ALB lets you do this.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

When would you want to use a classic load balancer?

A

Almost never. Use cases:
TCP/SSL listeners
Support for EC2-classic
Support for sticky sessions using application-generated cookies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How are cookies created for sticky sessions?

A

It’s done by the ALB automatically. In CLB you need to create them manually (within EC2 applications)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

How can you configure routing tables to diff target groups in an ALB?

A

Based on:

  • the path in the URL
  • the hostname in the URL
  • query strings or headers
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What’s a good load balancer for microservices or container-based applications, and why?

A

ALB. It has port mapping feature to redirect to a dynamic port in ECS (elastic container service)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What target groups can an ALB have?

A
  • EC2 instances (can be managed by an ASG)
  • ECS tasks (managed by ECS itself)
  • Lambda functions: the HTTP request is translated into a JSON event
  • IP addresses (must be private IPs)

Important thing to note is that have multiple target groups per ALB.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Can you target lambda functions with an ALB?

A

Yep. The HTTP request is translated into a JSON event.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

How do health checks work with an ALB?

A

Health checks are associated with its individual target groups, not with the ALB itself.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

How can an application see the IP of the client who made an HTTP request?

A

It’s sent by the ALB as ‘x-forwarded-for-header’ (with similar ones for port and protocol)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

How do you change the hostname for an ALB?

A

Trick question; it has a fixed hostname. Same is true for a CLB.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What do I need to know about NLB?

A
  • extremely high performance
  • less latency than ALB
  • unlike ALB, it has one static IP per AZ; you can use an elastic IP for this too
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

When is a NLB useful?

A

If you’re dealing with TCP/UDP traffic or need extreme performance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

If you’re using an ALB, how can you ensure that a user’s requests go to the same instance?

A

You can enable stickiness, which uses a cookie with a TTL you configure.

This is useful for session data, but can cause a load imbalance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

How does load balancing work between AZs?

A

Each load balancer instance distributes evenly across all registered instances in all AZ. Cross-zone load balancing is ALWAYS ON for ALBs, but can be toggled for ELBs.

17
Q

When do you need to pay data transfer fees?

A

Any time data is sent from one AZ to another. The one exception is that you don’t need to pay if you’re using an ALB (but do for an ELB).

18
Q

How are SSL certs managed in AWS?

A

ACM (amazon certificate manager). You can create them through ACM or upload your own.

19
Q

What is SNI? What is it used for?

A

Server name indication. Clients use SNI to indicate the hostname they want to reach in the initial SSL handshake. This lets the server respond with an SSL cert that matches their request, and means that we can load multiple certs onto one webserver.

SNI works for ALB, NLB, Cloudfront, but not CLB.

20
Q

What is connection draining?

A

Connection draining is the time to complete “in-flight requests” while the instance is de-registering or unhealthy. All new traffic is stopped, and existing requests are given time to complete before killing the instance.

21
Q

I’m worried about existing HTTP connections being lost when an ALB scales in. How can I protect against this?

A

Connection draining. A target won’t shut down while connections are still waiting for a reply. By default this is 300 seconds, can be 0-3600 seconds.

It’s sometimes called “deregistration delay”.

If it’s a web app you can probably get away with like 20 seconds.

22
Q

When would connection draining not be useful?

A

Any request that takes longer than an hour (3600 seconds).