Load Balancers Flashcards
What is an Elastic Load Balancer?
An aws managed load balancer. There are four types: classic, application, network, and gateway.
What are four types of Elastic Load Balancer?
1) Application load balancer
2) Network load balancer
3) Classic load balancer
4) Gateway load balancer
What is a Classic Load Balancer?
1) Operates at layer 4 and 7
2) Supports protocols: HTTP/HTTPS, TCP, and SSL/TLS.
3) No target groups. EC2 instances register directly with the load balancer.
4) Heath checks are: HTTP, HTTPS, or TCP.
What is an Application Load Balancer?
1) Operates at layer 7
2) Supports protocols: HTTP/HTTPS, WebSocket, HTTP/2, and gRPC
3) Load balances to multiple targets
4) Load balances to multiple application/ports on the same server
5) Support for custom HTTP responses
6) Supports redirects (HTTP to HTTPS traffic)
What is a Network Load Balancer?
1) Operates at layer 4
2) Supports TCP, UDP, and TLS
3) Handles 1 million requests per a second
4) Has one static IP per AZ
5) Static IP attaches to an ENI
What is a Gateway Load Balancer?
What is the health check HTTP code that is sent from the server(s) to the load balancer to verify health of thservers?
200 (OK)
An administrator is considering the different types of an AWS managed load balancer to setup load balancing for three web servers. For now, that type of traffic that would be load balanced are TCP/SSL connections. But there are future plans to include a chat function embedded in the UI. What is the best type of load balancer that meet these requirements?
Application load balancer because it can use the websocket protocol.
Which load balancer supports the websocket protocol?
Application load balancer
True or false: elastic load balancers only load balance traffic that is public facing.
False. Load balancing can be setup for either public or private access.
In order to enhance security with load balanced traffic, it is recommended to use two security groups: load balancer security group and EC2 instance security group. Is this the case?
Yes
Where is the EC2 instance security group expecting traffic if a user is accessing a web application? The load balancer does have a security group attached.
Source traffic is expected from the load balancer and not the end user.
What layer(s) does the classic load balancer operate at?
Layers 4 - 7
What is a listener?
It checks for connection requests from clients, using the protocol and port that you configure, and forwards requests to one or more registered instances using the protocol and port number.
What are health checks?
They used to monitor the health of the registered instances so that the load balancer only sends requests to the healthy instances.
You have 12 instances with ten running on AZ 1a and two instances in AZ 2b. The load balancer will distribute the traffic evenly between the two AZs. The EC2 instances in AZ 2b are slow to respond to client requests. What is the best solution to have traffic load balanced evenly between the two AZs?
Evenly divide the number of EC2 instances between the AZs with six on each AZ.
What will you need enable to distribute traffic evenly across all registered instances in all enabled Availability Zones?
cross-zone load balancing
For an application load balancer, what is the default routing algorithm?
Round robin
What load balancer has been deprecated since Aug 2022?
Classic load balancer with EC2 classic instances. Also known as version 1 elastic load balancer.
What is SNI?
Server Name Indicator
An extension to the Transport Layer Security (TLS) by which a client indicates which hostname it is attempting to connect to at the start of the handshaking process.
When configuring a load balancer, what is the recommended minimum subnet size?
/27
What is cross-zone load balancing?
Each load balancer node distributes traffic across the registered targets (EC2 instance) in all enabled Availability Zones.
If a load balancer is enabled between two AZs, how much traffic is load balanced between each AZ?
50% each
Why is it recommended to enable cross-zone load balancing if a load balancer sits between two AZ?
Since 50% of traffic is load balanced between the AZs, this would mean that an AZ with a smaller number of EC2 instances than the other AZ will still receive 50% of the traffic. This may degrade the EC2 instance if it has a high volume of traffic to process. Overall, this may cause intermittent slowness for some clients.
What is connection draining?
When instances are unhealthy or deregistered (taken out of the pool).
What is x-forwarded for?
They are HTTP headers that preserve the information from the client. Three things that are preserved:
1) client ip
2) client protocol (http or https)
3) client port (80 or 443)
What is proxy protocol?
It is a way to preserve the client’s ip using layer 4 TCP headers. This feature is used only on classic load balancer v1 and network load balancer v2.
What is a routing algorithm?
This is a load balancing method that includes round robin, least outstanding requests, or flow hashing.
What is connection idle timeout?
A timeout period for connectivity from client to the load balancer and/or connectivity between the load balancer to the EC2 instance.
This is used for CLB, ALB, and NLB.
What is sticky sessions?
Using a cookie to send a client’s traffic to the same server as the original request.
What is another term for sticky sessions?
Session affinity
What is a target group?
This is a pool of EC2 instances behind the load balancer.
What is the only type of load balancer that uses connection draining?
Classic load balancer
What is deregistration delay?
Feature that stops sending traffic to instances that deregistering targets. It also allows existing connections to complete.
What types of load balancers support deregistration delay?
1) Application load balancer
2) Network load balancer
3) Gateway load balancer
True or false: deregistration delay is not a default setting.
False, it is turned on by default.
Where is the deregistering delay configured?
On the target group
What are two types of features that allows targets to gracefully close connections without taking anymore connections?
1) Connection draining
2) Deregistering delay
What is the timeout value for both connection draining and deregistering delay?
300 seconds
Where is connection draining configured?
On the load balancer itself (classic only)
What are the 2 types of load balancers that support x-forwarded-for http headers?
1) Classic load balancer v2
2) Application load balancer
True or false: network load balancers also support x-forwarded-for.
False, x-forwarded-for only works a layer 7.
What are the two types of load balancers that support the proxy protocol?
1) Classical load balancer v1
2) Network load balancer v2
What layer does proxy protocol work on?
Layer 4
There’s an additional tcp layer 4 header added that works with http/https and other upper level protocols.
True or false: proxy protocol can support passthrough (packets left untouched by the load balancer).
True
If the proxy protocol is unable to use layer 7 information to preserver the client’s ip, where is this information added?
The client’s ip is added into the additional TCP.
Is the proxy protocol enabled by default if the target is configured with an IP?
No, it has to be enabled.
What is the default connection idle timeout for both the CLB and ALB?
60 seconds
What is the default connection idle timeout for the NLB?
TCP 350 seconds
UDP 120 seconds
What is zonal shift?
It shifts a load balancer resource away from an impaired Availability Zone with a single action. This is a Route 53 feature.
What is gRPC?
A remote procedure call protocol that integrates with a microservice (APIs) running over HTTP/2.
What types of load balancer can only use gRPC?
1) ALB
2) NLB
How can an ALB load balance traffic to an on-prem or vpc peered network?
1) Create network reachablity to the on-prem network or vpc peer.
2) Create a target group that points to the on-prem network or vpc peer.
What is used to get to an internet facing load balancer?
DNS
What is the DNS string for a public facing load balancer?
name-someName.region.elb.amazonaws.com
ipv6.name-someName.region.elb.amazonaws.com
dualstack.name-someName.region.elb.amazonaws.com
What is the DNS string for a private load balancer?
internal-someName.region.elb.amazonsws.com
What is the maximum number of IP addresses across all subnets that will be used for one ALB?
100
For an ALB, what can be encompassed in a target group?
1) EC2 instances
2) ECS tasks
3) Lambda functions
4) Private IP addresses used to connect to peered vpc, on prem networks using direct connect or vpn
True or false: ALB supports weighted target groups.
True
What are the different targets that ALB can route to?
1) URL path
2) Hostname
3) Query string
4) HTTP header
5) Source IP
True or false: microservices or container-based services are a great fit for ALBs.
True
What are two features of ALB?
1) Use of SNI (server name indicator) to use multiple TLS certificates
2) Authenticate users before routing to targets
An ALB has to route a query and a hostname to two different targets. How can this be achieved?
Apply rules to route the different traffic to different targets.
For ALB, what is the last rule to be processed?
The default rule
Which load balancer is used when high performance is needed to process traffic?
Network load balancer
