Load Balancing Flashcards

Question 1

Q

What is vertical scalability?

Answer

A

Scale by increasing existing resources of a system
i.e: add cpu and memory to a vm.

Question 2

Q

What is horizontal scalability?

Answer

A

Scale by adding more infrastructure
i.e: add more servers to existing infrastructure.

Question 3

Q

What do you need to spread your resources across to achieve high availability in AWS?

Answer

A

You need to build your infrastructure acreoss Multiple AZs (which are made of 1 or more datacenters each).
Or in extreme cases across Multiple Regions.

Question 4

Q

What is passive HA?

Answer

A

It’s the same as Active-Passive HA

Question 5

Q

What is active HA?

Answer

A

It’s the same as Active-Active HA

Question 6

Q

Who manages the elastic load balancer?

Answer

A

AWS manages and ensures it will be always working

Question 7

Q

What is elastic load balancer?

Answer

A

A service that routes incoming traffic to different destinations depending on pre-specified sets of rules.

Question 8

Q

What are health checks in ELB?

Answer

A

The load balancer checks if the targets are up, and with that in mind decides to send or not send traffic to those targets.

Question 9

Q

How does the ELB do its health checks?

Answer

A

The health checks are either HTTP, HTTPS, or TCP.
With a protocol, a port, and a route (i.e: https protocol, checking the /health URL of the app) it checks the health of a web app for example. If the returned code is not an OK response, it declares the instance unhealthy. (The ok response is usually the 200 code for HTTP/HTTPS)

Question 10

Q

What are the kinds of ELB load balancers?

Answer

A

1 -Classic Load Balancer (CLB)
2 -Application Load Balancer (ALB)
3 -Network Load Balancer (NLB)
4 -Gateway Load Balancer (GLB)
The CLB still works but is not recommended by aws and is deprecated.

Question 11

Q

Which protocols is ELB ALB compatible with?

Answer

A

Application load balacer supports HTTP, HTTPS and Websocket protocols

Question 12

Q

Which protocols is ELB NLB compatible with?

Answer

A

TCP, TLS, SSL, and UDP protocols.

Question 13

Q

Which protocols is ELB GLB compatible with?

Answer

A

It operates directly at layer 3 (With IP Protocol).

Question 14

Q

What does the ALB balance?

Answer

A

Incoming HTTP/HTTPS traffic

Question 15

Q

What does the ALB balance between?

Answer

A

Between Target Groups. These could be comprised of EC2 instances, ECS (kubernetes), lambda functions, and directly IP Addresses

Question 16

Q

What kinds of balancing (routing) does ALB support

Answer

A

1) Based on the URL path, for example: abc.com/users towards a target group, and abc.com/posts towards a different target group.

2) Based on the URL hostname, for example: one.ex.com & other.ex.com

3) Based on a query, for example ex.com/users?id=123 or id?124.

Question 17

Q

What is a redirect ALB can do?

Answer

A

It can redirect HTTP traffic to HTTPS.

Question 18

Q

What are target groups in ALB?

Answer

A

The target groups are what ALB balances between. For example a target group could be a set of EC2 instances.

Question 19

Q

What are good ALB use cases?

Answer

A

Micro services, containerized applications like docker and amazon ECS, Web applications.

Question 20

Q

Whats the difference between Internal and internet facing in ELB?

Answer

A

Internal has no public IP. It routes requests from clients to targets only using source private ip addresses.
Internet facing routes requests from clients over the internet, to targets.
(This is related to the incoming request traffic).

Question 21

Q

What is a ELB Listener?

Answer

A

A listener is what checks for connection requests using the port and protocol you configure. The rules that you define for a listener determine how the load balancer routes requests to its registered targets.

Question 22

Q

What service are the terms listeners, clients, and targets related to? And define each of the terms

Answer

A

Elastic Load Balancer.
The load balancers listeners listen to requests from the clients to access a load balancing target or target group.

Question 23

Q

How does Network configuration work in ELB?

What is it for?

Answer

A

First you have to choose a VPC. Then you choose at least 1 or more AZs within the region you are configuring under, and a subnet for each AZ.

This is for defining which AZs the targets the load balancer routes traffic to are in.

Question 24

Q

How do security groups work with ELB?

Answer

A

A security group is attached to the load balancer, and its what controlls the allowed incoming traffic to the load balancer and its listeners.

GLB doesnt use SG cause it redirects packets directly.

Question 25

Q

What does an ALB need to have configured to be able to receive the HTTP traffic?

Answer

A

An SG with an inbound rule for HTTP (Or HTTPS)

Question 26

Q

What does an ALB need to have configured to be able to ROUTE the HTTP traffic?

Answer

A

To route the traffic, it need a configured listener and target group with healthy targets.

Question 27

Q

To which types of ELB do security groups apply?

Answer

A

ALB and NLB

Question 28

Q

What is the difference between ALB, NLB, and GLB?

Answer

A

The ALB listens to HTTP/HTTPS or websocket requests. The NLB listents to TCP/UDP or TLS requests, this could be any TCP/UDP port you specify. The GLB works with IP protocol.

Each has its advantages and ideal use cases.

ALB: The ALB works in layer 7, at the request level. This means it can route the connection requests based on information at the HTTP/HTTPS level. For example, it supports path-based routing. This means that it uses the path of the http url to determine where to route the connection to. It also supports host based routing, meaning that it can check the domain of the URL and use it to route to different target groups. The same for the query string parameters, and source ip.

NLB: NLB operates directly at Layer 4.

GLB: GLB is used for directing traffic to Virtual Firewalls, IDS (Intrusion detection systems), IPS (Instrusion Prevention Systems), and deep packed inspection systems. It acts as a gateway and directs traffic to instances with these scurity virtual appliances, then directs traffic to the destination target apps, or whatever.

Question 29

Q

What does an ELB listener do?

Answer

A

Forward requests to a target group

Question 30

Q

Which options do you have for ALB target groups targets?

Answer

A

Instances
IP Addresses
Lambda functions
Application load balancer

Question 31

Q

How do ALB Helath Checks work?

Answer

A

The alb tries to connect via HTTP or HTTPS to the specified path, for example /health, or just / which is the root path.

Question 32

Q

How do ALB listeners work?

Answer

A

The listener is configured with a target group, which can be of many kinds. And after that, the listener forwards the HTTP/HTTPS requests to the targets that are active.

Question 33

Q

What are listener rules, conditions and actions in ALB?

Answer

A

Listener rules are what decide how the listener routes the traffic. You create them in each listener.

Listener rules have conditions and actions.

Actions are what the listener decides to do after a condition is true.
It can forward to a specific target group, redirect to a different site, or return a specific response code, like 404 not found, etc.

Conditions are for example if the request is coming from a specific ip or range, if it is for a specific header like “header.example.com”, if the request is for a specific path of the application like “example.com/specificpath”, specific query strings, etc.

Rules also have priorities, you set a number for each rule that sets their priority order. Higher priority rules apply first.

Question 34

Q

Can a listener have multiple target groups?

Question 35

Q

What layer does NLB work on?

Answer

A

Layer 4 (TCP & UDP traffic)

Question 36

Q

What is NLB better than ALB at?

Answer

A

Handling millions of requests per second
Latency. Has lower latency, aprox 100ms to 400 in the alb.

Question 37

Q

Can NLB route traffic to target public ip addresses?

Answer

A

No, only private ip addresses.

Neither can ALB or GLB.

Can route to onpremises when using vpn or direct connect

Question 38

Q

What is an elastic ip?

Answer

A

A static public ip address. Up to 3 per aws account unless you talk to aws.

Question 39

Q

Can NLB only route to AWS ip addresses?

Answer

A

FALSE. You can load balance between aws ips and on premises ips.
You can build a hybrid target group and load balance in a hybrid mode.

Question 40

Q

How can you combine usage of a NLB and ALB?

Answer

A

You can put a NLB on top of a ALB. You could do this to get the fixed ip addresses with the NLB, and then with the ALB you can get all the rules for handling http traffic.

Question 41

Q

Which ELB has the option of using an Elastic IP?

Answer

A

The network load balancer.

Its the only one that supports using an elastic ip. Meaning a static ip.

Question 42

Q

What kind of sg would you create for a load balancer that is internet facing?

Answer

A

A sg with inbound HTTP or HTTPS traffic allowed.

Question 43

Q

What protocol do NLB listeners use?

Answer

A

TCP UDP or TLS.

Question 44

Q

What are good NLB use cases?

Answer

A

-High performance
-Low latency
-TLS offloading at scale (For redirectin unencryption of TLS to a specific server, and alleviating the load of a web server.
-Static IP Addresses

Apps that need to handle millions of requests per second. (Any very high performance or low latency use cases, and any kind of load balancing in a specific TCP or UDP port)

Question 45

Q

How does the ALB work specifically?

Answer

A

The ALB works in layer 7. The ALB listens to HTTP/HTTPS or websocket requests. So it operates at the request level. This means it can route the connection requests based on information at the HTTP/HTTPS level. For example, it supports path-based routing. This means that it uses the path of the http url to determine where to route the connection to. It also supports host based routing, meaning that it can check the domain of the URL and use it to route to different target groups.
The same for the query string parameters, and source ip.

Question 46

Q

What king of sg would i need for a NLB?

Answer

A

An incoming traffic sg with a TCP/UDP port allowed, depending on the protocol we chose for the listener.

Question 47

Q

What are ELB security groups attached to?

Answer

A

Directly to the ELB. This will allow traffic to your listeners.

Question 48

Q

What target group kinds does the NLB support?

Answer

A

EC2 instances
IP Addresses
Application Load Balancers

Question 49

Q

Is the sg attached to the ELB or to the listener?

Answer

A

To the ELB.
The listener uses a port and protocol, but SGs are attached directly to the ELB.
Then in the target side SGs can be attached to targets allowing traffic FROM THE ELB, in the port the listeners use to LISTEN for requests.

Question 50

Q

What is the protocol and port we choose to the listeners for?

Answer

A

To choose in which protocol the traffic will be routed to the targets.

Question 51

Q

What do you need for the listener to be able to route the traffic?

Answer

A

SGs in the target for incoming traffic in the specified port and protocol of the listener. (SGs are attached to targets allowing traffic from the ELB, not from the listener).

Question 52

Q

Why do you choose a protocol when creating a target group?

Answer

A

To choose how the targets will accept connections. This is the traffic port for the target group.

Question 53

Q

What happens if you choose GENEVE protocol for an ALB target group?

Answer

A

It wont work because GENEVE protocol is for target groups created for an GLB. The protocol you choose for your target group will decide for which kind of ELB will it be used for.

Question 54

Q

What SGs do you need for an ELB to work?

Answer

A

An SG attached to the ELB for incoming traffic from the internet or internal incoming traffic.
SGs for the targets for incoming traffic from the load balancer.

Question 55

Q

Which ELB can use GENEVE protocol?

Question 56

Q

Which ELB can target a lambda function?

Question 57

Q

Which ELB can target an ECS cluster?

Question 58

Q

Which ELB can listen to HTTP or HTTPS?

Question 59

Q

Which ELB can listen to TCP, UDP, or TLS?

Question 60

Q

Which ELB works directly with packets?

Question 61

Q

What are sticky sessions?

Answer

A

A single client will always be balanced to the same target in subsequent sessions.

Question 62

Q

For what kind of ELB are sticky sessions applicable?

Answer

A

ALB, NLG, and CLB.

Question 63

Q

How do sticky sessions work?

Answer

A

The requests sends a cookie to the load balancer for stickyness. And it has an expiration date which we can set.

Question 64

Q

What is sticky sessions useful for?

Answer

A

So users dont lose app data

Answer 58

A

Application-based Cookies
Duration-based Cookies

Answer 59

A

with x-forwarded-for (An HTTP header)

Answer 60

A

Its native of the layer 4 protocols, the segments include the info

Answer 61

A

-For load balancing virtual appliances:

IDS, IPS, NG FW, DDos protection

-Network Monitoring
-Analytics

Answer 62

A

In the target group. You enable stickiness for a specfic target group, not for each target

Answer 63

A

The ELB instance is the execution of an ELB in a specific AZ. For example an ALB configured to work in 3 AZs has an instance of itself in each AZ.

Answer 64

A

The ELB will distribute load evenly across each target no matter in which AZ it is.
Example: If you have 8 targets in one AZ and 2 targets in another AZ, it will send 10% of the traffic load to each instance, regardless of the AZ they are in.

Answer 65

A

Traffic is divided between ELB instances evenly, or in other words, between AZs evenly. This means 50% of traffic will go to AZ 1, and 50% will go to AZ 2, no matter if there is a target imbalance in each AZ.
Example: If you have 8 targets in one AZ and 2 targets in another AZ, it will send 25% of traffic to the 2 targets in first AZ, and the other 50% to the 8 targets in the 2nd AZ.

Answer 66

A

Aws certificate manager

Answer 67

A

With ACM: Aws certificate manager.

Alternatively you can use your own certificates

Answer 68

A

Server Name Indication:
For loading multiple SSL certificates to one web server.
This is useful when you use one server for multiple sites.

Example: You load multiple website certificates to a load balancer, and you have different target groups for these websites. Using SNI, the load balancer chooses which certificate to present to the client with the content of the target group website.

Answer 69

A

ALB and NLB

Answer 70

A

ALB and NLB, with SNI.

Answer 71

A

In the listener.

If you use multiple TLS Certs, then you need one listener per certificate. Each of those listeners will forward request traffic to the corresponding certificate website’s target group

Answer 72

A

A time period in which clients can still complete their connections after a target is deregistering or declared unhealthy.

This is called “draining state”. While a target is in this state, the ELB donesnt forward new connections to it.

You can set this time period to between 1 and 3600 seconds. Or you can disable it.

TLDR: Basically its the time an instance or target is kept working after its unhealthy or you want to unregister it for maintenance or whatever.

Answer 73

A

ASG is auto scaling group. And its for scale out EC2 intances (add more instances) to match an increasing load on a website or app

It also scales in (removes instances) to match a decreasing load.

Answer 74

A

It’s free

Answer 75

A

Scale out and scale in instances in a group.
Set a minimum and maximum of instances.
automatically register instances to a load balancer.
Recreate instance in case one is terminated or unhealthy.

Answer 76

A

Minimum capacity: The minimum amount of instances allowed.
Desired Capacity: The capacity you want related to the current load.
Maximum capacity: The maximum amount of instances allowed.

Answer 77

A

With an ASG.
If an instance is unhealthy and its not part of an ASG then its not shutdown. The ELB stops using this instance but the instance is still on. The ASG has its health checks associated with the ELB and shuts down instances that are declared unhealthy by the ELB. Creating new ones to replace it if it needs to meet desired capacity.

Answer 78

A

It gives asg info on how to launch ec2 instances in a group.

Answer 79

A

ASG can scale out or in based on specified cloudwatch alarms.

Answer 80

A

Reducing the number of something. In ASG, its instances.

Answer 81

A

Its a section of an auto scaling group. Here you can see the logs for the tasks that the asg performs, like creating an instance, etc.

Answer 82

A

Triggers you set to scale in or out a group of instances. There are many kinds

Answer 83

A

Scheduled actions
Predictive scaling policies
Dynamic scaling policies

Answer 84

A

A type of scaling policy. It is the simplest, you set a schedule for a specific time of day when you want a specific desired capacity.

You set the start time, and the recurrence of it.

Answer 85

A

Takes a look at a specific metric that you choose and based on its history it predicts how it will behave in the future. It can be used for forecast and take no action or it can be used to actually scale the instances.

This kind of policy uses machine learning.

Answer 86

A

Predictive Scaling Policiy

Answer 87

A

Here you have 3 kinds: Simple scaling, step scaling, and target tracking scaling. These policies use cloudwatch alarms to triggerdifferent actions, and each kind behaves a bit differently.

Answer 88

A

Simple scaling, step scaling, and target tracking scaling.

Answer 89

A

Step scaling uses a cloudwatch alarm, and depending on how high you go into the alarm, it executes different steps, these steps could be to add or remove instances.

Example: if a cloudwatch alarm chosen is triggered and you go over by “2”, then you take the first step which could be the action to add 5 instances.

Then if you go over by “4” the next step could be an action that adds 10 instances, etc.

Answer 90

A

This scaling policy lets us choose a target value for a specified metric, and create or remove instances as needed to maintain this value. (It creates cloudwatch alarms behind the scenes).

You can use preset metrics or create your own, the idea is to maintain a value you set. It could be instances amount or cpu usage, etc.

Example: if you want to maintain the CPU usage of your instances at around 70%, then you create this policy that adds instances to maintain their cpu usage at 70% and not go over it.

It will also scale in when below 70% to maintain that value.

Answer 91

A

Simple scaling uses a cloudwatch alarm, and when this alarm activates, it triggers an action, which can be to add or remove instances to the asg group.

Answer 92

A

It replaces unhealthy instances with new ones from the ASG template.

Answer 93

A

ALB uses HTTP or HTTPS.
NLB uses TCP, HTTP, or HTTPS.

Brainscape's Knowledge GenomeTM

Load Balancing Flashcards

Brainscape's Knowledge Genome^TM