Load Balancing

Question 1

What is vertical scalability?

Answer 1

Scale by increasing existing resources of a system
i.e: add cpu and memory to a vm.

Question 2

What is horizontal scalability?

Answer 2

Scale by adding more infrastructure
i.e: add more servers to existing infrastructure.

Question 3

What do you need to spread your resources across to achieve high availability in AWS?

Answer 3

You need to build your infrastructure acreoss Multiple AZs (which are made of 1 or more datacenters each).
Or in extreme cases across Multiple Regions.

Question 4

What is passive HA?

Answer 4

It’s the same as Active-Passive HA

Question 5

What is active HA?

Answer 5

It’s the same as Active-Active HA

Question 6

Who manages the elastic load balancer?

Answer 6

AWS manages and ensures it will be always working

Question 7

What is elastic load balancer?

Answer 7

A service that routes incoming traffic to different destinations depending on pre-specified sets of rules.

Question 8

What are health checks in ELB?

Answer 8

The load balancer checks if the targets are up, and with that in mind decides to send or not send traffic to those targets.

Question 9

How does the ELB do its health checks?

Answer 9

The health checks are either HTTP, HTTPS, or TCP.
With a protocol, a port, and a route (i.e: https protocol, checking the /health URL of the app) it checks the health of a web app for example. If the returned code is not an OK response, it declares the instance unhealthy. (The ok response is usually the 200 code for HTTP/HTTPS)

Question 10

What are the kinds of ELB load balancers?

Answer 10

1 -Classic Load Balancer (CLB)
2 -Application Load Balancer (ALB)
3 -Network Load Balancer (NLB)
4 -Gateway Load Balancer (GLB)
The CLB still works but is not recommended by aws and is deprecated.

Question 11

Which protocols is ELB ALB compatible with?

Answer 11

Application load balacer supports HTTP, HTTPS and Websocket protocols

Question 12

Which protocols is ELB NLB compatible with?

Answer 12

TCP, TLS, SSL, and UDP protocols.

Question 13

Which protocols is ELB GLB compatible with?

Answer 13

It operates directly at layer 3 (With IP Protocol).

Question 14

What does the ALB balance?

Answer 14

Incoming HTTP/HTTPS traffic

Question 15

What does the ALB balance between?

Answer 15

Between Target Groups. These could be comprised of EC2 instances, ECS (kubernetes), lambda functions, and directly IP Addresses

Question 16

What kinds of balancing (routing) does ALB support

Answer 16

1) Based on the URL path, for example: abc.com/users towards a target group, and abc.com/posts towards a different target group.

2) Based on the URL hostname, for example: one.ex.com & other.ex.com

3) Based on a query, for example ex.com/users?id=123 or id?124.

Question 17

What is a redirect ALB can do?

Answer 17

It can redirect HTTP traffic to HTTPS.

Question 18

What are target groups in ALB?

Answer 18

The target groups are what ALB balances between. For example a target group could be a set of EC2 instances.

Question 19

What are good ALB use cases?

Answer 19

Micro services, containerized applications like docker and amazon ECS, Web applications.

Question 20

Whats the difference between Internal and internet facing in ELB?

Answer 20

Internal has no public IP. It routes requests from clients to targets only using source private ip addresses.
Internet facing routes requests from clients over the internet, to targets.
(This is related to the incoming request traffic).

Question 21

What is a ELB Listener?

Answer 21

A listener is what checks for connection requests using the port and protocol you configure. The rules that you define for a listener determine how the load balancer routes requests to its registered targets.

Question 22

What service are the terms listeners, clients, and targets related to? And define each of the terms

Answer 22

Elastic Load Balancer.
The load balancers listeners listen to requests from the clients to access a load balancing target or target group.

Question 23

How does Network configuration work in ELB?

What is it for?

Answer 23

First you have to choose a VPC. Then you choose at least 1 or more AZs within the region you are configuring under, and a subnet for each AZ.

This is for defining which AZs the targets the load balancer routes traffic to are in.

Question 24

How do security groups work with ELB?

Answer 24

A security group is attached to the load balancer, and its what controlls the allowed incoming traffic to the load balancer and its listeners.

GLB doesnt use SG cause it redirects packets directly.

Question 25

What does an ALB need to have configured to be able to receive the HTTP traffic?

Answer 25

An SG with an inbound rule for HTTP (Or HTTPS)

Question 26

What does an ALB need to have configured to be able to ROUTE the HTTP traffic?

Answer 26

To route the traffic, it need a configured listener and target group with healthy targets.

Question 27

To which types of ELB do security groups apply?

Answer 27

ALB and NLB

Question 28

What is the difference between ALB, NLB, and GLB?

Answer 28

The ALB listens to HTTP/HTTPS or websocket requests. The NLB listents to TCP/UDP or TLS requests, this could be any TCP/UDP port you specify. The GLB works with IP protocol. Each has its advantages and ideal use cases. ALB: The ALB works in layer 7, at the request level. This means it can route the connection requests based on information at the HTTP/HTTPS level. For example, it supports path-based routing. This means that it uses the path of the http url to determine where to route the connection to. It also supports host based routing, meaning that it can check the domain of the URL and use it to route to different target groups. The same for the query string parameters, and source ip. NLB: NLB operates directly at Layer 4. GLB: GLB is used for directing traffic to Virtual Firewalls, IDS (Intrusion detection systems), IPS (Instrusion Prevention Systems), and deep packed inspection systems. It acts as a gateway and directs traffic to instances with these scurity virtual appliances, then directs traffic to the destination target apps, or whatever.

Question 29

What does an ELB listener do?

Answer 29

Forward requests to a target group

Question 30

Which options do you have for ALB target groups targets?

Answer 30

Instances IP Addresses Lambda functions Application load balancer

Question 31

How do ALB Helath Checks work?

Answer 31

The alb tries to connect via HTTP or HTTPS to the specified path, for example /health, or just / which is the root path.

Question 32

How do ALB listeners work?

Answer 32

The listener is configured with a target group, which can be of many kinds. And after that, the listener forwards the HTTP/HTTPS requests to the targets that are active.

Question 33

What are listener rules, conditions and actions in ALB?

Answer 33

Listener rules are what decide how the listener routes the traffic. You create them in each listener. Listener rules have conditions and actions. Actions are what the listener decides to do after a condition is true. It can forward to a specific target group, redirect to a different site, or return a specific response code, like 404 not found, etc. Conditions are for example if the request is coming from a specific ip or range, if it is for a specific header like "header.example.com", if the request is for a specific path of the application like "example.com/specificpath", specific query strings, etc. Rules also have priorities, you set a number for each rule that sets their priority order. Higher priority rules apply first.

Question 34

Can a listener have multiple target groups?

Answer 34

YES

Question 35

What layer does NLB work on?

Answer 35

Layer 4 (TCP & UDP traffic)

Question 36

What is NLB better than ALB at?

Answer 36

Handling millions of requests per second Latency. Has lower latency, aprox 100ms to 400 in the alb.

Question 37

Can NLB route traffic to target public ip addresses?

Answer 37

No, only private ip addresses. Neither can ALB or GLB. Can route to onpremises when using vpn or direct connect

Question 38

What is an elastic ip?

Answer 38

A static public ip address. Up to 3 per aws account unless you talk to aws.

Question 39

Can NLB only route to AWS ip addresses?

Answer 39

FALSE. You can load balance between aws ips and on premises ips. You can build a hybrid target group and load balance in a hybrid mode.

Question 40

How can you combine usage of a NLB and ALB?

Answer 40

You can put a NLB on top of a ALB. You could do this to get the fixed ip addresses with the NLB, and then with the ALB you can get all the rules for handling http traffic.

Question 41

Which ELB has the option of using an Elastic IP?

Answer 41

The network load balancer. Its the only one that supports using an elastic ip. Meaning a static ip.

Question 42

What kind of sg would you create for a load balancer that is internet facing?

Answer 42

A sg with inbound HTTP or HTTPS traffic allowed.

Question 43

What protocol do NLB listeners use?

Answer 43

TCP UDP or TLS.

Question 44

What are good NLB use cases?

Answer 44

-High performance -Low latency -TLS offloading at scale (For redirectin unencryption of TLS to a specific server, and alleviating the load of a web server. -Static IP Addresses Apps that need to handle millions of requests per second. (Any very high performance or low latency use cases, and any kind of load balancing in a specific TCP or UDP port)

Question 45

How does the ALB work specifically?

Answer 45

The ALB works in layer 7. The ALB listens to HTTP/HTTPS or websocket requests. So it operates at the request level. This means it can route the connection requests based on information at the HTTP/HTTPS level. For example, it supports path-based routing. This means that it uses the path of the http url to determine where to route the connection to. It also supports host based routing, meaning that it can check the domain of the URL and use it to route to different target groups. The same for the query string parameters, and source ip.

Question 46

What king of sg would i need for a NLB?

Answer 46

An incoming traffic sg with a TCP/UDP port allowed, depending on the protocol we chose for the listener.

Question 47

What are ELB security groups attached to?

Answer 47

Directly to the ELB. This will allow traffic to your listeners.

Question 48

What target group kinds does the NLB support?

Answer 48

EC2 instances IP Addresses Application Load Balancers

Question 49

Is the sg attached to the ELB or to the listener?

Answer 49

To the ELB. The listener uses a port and protocol, but SGs are attached directly to the ELB. Then in the target side SGs can be attached to targets allowing traffic FROM THE ELB, in the port the listeners use to LISTEN for requests.

Question 50

What is the protocol and port we choose to the listeners for?

Answer 50

To choose in which protocol the traffic will be routed to the targets.

Question 51

What do you need for the listener to be able to route the traffic?

Answer 51

SGs in the target for incoming traffic in the specified port and protocol of the listener. (SGs are attached to targets allowing traffic from the ELB, not from the listener).

Question 52

Why do you choose a protocol when creating a target group?

Answer 52

To choose how the targets will accept connections. This is the traffic port for the target group.

Question 53

What happens if you choose GENEVE protocol for an ALB target group?

Answer 53

It wont work because GENEVE protocol is for target groups created for an GLB. The protocol you choose for your target group will decide for which kind of ELB will it be used for.

Question 54

What SGs do you need for an ELB to work?

Answer 54

An SG attached to the ELB for incoming traffic from the internet or internal incoming traffic. SGs for the targets for incoming traffic from the load balancer.

Question 55

Which ELB can use GENEVE protocol?

Answer 55

GLB

Question 56

Which ELB can target a lambda function?

Answer 56

ALB

Question 57

Which ELB can target an ECS cluster?

Answer 57

ALB

Question 58

Which ELB can listen to HTTP or HTTPS?

Answer 58

ALB

Question 59

Which ELB can listen to TCP, UDP, or TLS?

Answer 59

NLB

Question 60

Which ELB works directly with packets?

Answer 60

GLB

Question 61

What are sticky sessions?

Answer 61

A single client will always be balanced to the same target in subsequent sessions.

Question 62

For what kind of ELB are sticky sessions applicable?

Answer 62

ALB, NLG, and CLB.

Question 63

How do sticky sessions work?

Answer 63

The requests sends a cookie to the load balancer for stickyness. And it has an expiration date which we can set.

Question 64

What is sticky sessions useful for?

Answer 64

So users dont lose app data

Question 65

What kind of cookies can you use?

Answer 65

Application-based Cookies Duration-based Cookies

Question 66

Which ELB supports static IPs?

Answer 66

NLB

Question 67

How does ALB preserve the source IP in the redirection?

Answer 67

with x-forwarded-for (An HTTP header)

Question 68

How does NLB preserve the source IP in the redirection?

Answer 68

Its native of the layer 4 protocols, the segments include the info

Question 69

What are good GLB use cases?

Answer 69

-For load balancing virtual appliances: IDS, IPS, NG FW, DDos protection -Network Monitoring -Analytics

Question 70

Where is stickiness configured for an ELB?

Answer 70

In the target group. You enable stickiness for a specfic target group, not for each target

Question 71

What is an ELB instance?

Answer 71

The ELB instance is the execution of an ELB in a specific AZ. For example an ALB configured to work in 3 AZs has an instance of itself in each AZ.

Question 72

How does cross-zone load balancing enabled work?

Answer 72

The ELB will distribute load evenly across each target no matter in which AZ it is. Example: If you have 8 targets in one AZ and 2 targets in another AZ, it will send 10% of the traffic load to each instance, regardless of the AZ they are in.

Question 73

How does cross-zone load balancing disabled work?

Answer 73

Traffic is divided between ELB instances evenly, or in other words, between AZs evenly. This means 50% of traffic will go to AZ 1, and 50% will go to AZ 2, no matter if there is a target imbalance in each AZ. Example: If you have 8 targets in one AZ and 2 targets in another AZ, it will send 25% of traffic to the 2 targets in first AZ, and the other 50% to the 8 targets in the 2nd AZ.

Question 74

Which type of ELB has the cross-zone LB enabled by default?

Answer 74

ALB

Question 75

What Is ACM?

Answer 75

Aws certificate manager

Question 76

How do you manage AWS Certificates?

Answer 76

With ACM: Aws certificate manager. Alternatively you can use your own certificates

Question 77

What is SNI and what is it used for?

Answer 77

Server Name Indication: For loading multiple SSL certificates to one web server. This is useful when you use one server for multiple sites. Example: You load multiple website certificates to a load balancer, and you have different target groups for these websites. Using SNI, the load balancer chooses which certificate to present to the client with the content of the target group website.

Question 78

Which ELB uses SNI?

Answer 78

ALB and NLB

Question 79

Which ELB supports multiple Certificates and how does it do it?

Answer 79

ALB and NLB, with SNI.

Question 79

Where in the ELB is the Certificate added?

Answer 79

In the listener. If you use multiple TLS Certs, then you need one listener per certificate. Each of those listeners will forward request traffic to the corresponding certificate website's target group

Question 79

What is deregistration delay? How does it work?

Answer 79

A time period in which clients can still complete their connections after a target is deregistering or declared unhealthy. This is called "draining state". While a target is in this state, the ELB donesnt forward new connections to it. You can set this time period to between 1 and 3600 seconds. Or you can disable it. TLDR: Basically its the time an instance or target is kept working after its unhealthy or you want to unregister it for maintenance or whatever.

Question 80

What is ASG and what is it for?

Answer 80

ASG is auto scaling group. And its for scale out EC2 intances (add more instances) to match an increasing load on a website or app It also scales in (removes instances) to match a decreasing load.

Question 80

What is the cost of using ASG?

Answer 80

It's free

Question 81

How is ASG associated with an ELB?

Answer 81

?

Question 82

What are the main features of ASG?

Answer 82

Scale out and scale in instances in a group. Set a minimum and maximum of instances. automatically register instances to a load balancer. Recreate instance in case one is terminated or unhealthy.

Question 83

What are the different capacities you set in ASG?

Answer 83

Minimum capacity: The minimum amount of instances allowed. Desired Capacity: The capacity you want related to the current load. Maximum capacity: The maximum amount of instances allowed.

Question 84

How can an ec2 instance be terminated if the ELB declares it unhealthy?

Answer 84

With an ASG. If an instance is unhealthy and its not part of an ASG then its not shutdown. The ELB stops using this instance but the instance is still on. The ASG has its health checks associated with the ELB and shuts down instances that are declared unhealthy by the ELB. Creating new ones to replace it if it needs to meet desired capacity.

Question 85

What is an ASG launch template for?

Answer 85

It gives asg info on how to launch ec2 instances in a group.

Question 86

How can CloudWatch help ASG?

Answer 86

ASG can scale out or in based on specified cloudwatch alarms.

Question 87

What is scaling in?

Answer 87

Reducing the number of something. In ASG, its instances.

Question 88

What service is ASG part of?

Answer 88

EC2

Question 89

What service is ELB part of?

Answer 89

EC2

Question 90

What service are elastic ips part of?

Answer 90

EC2

Question 91

What is the ASG activity history?

Answer 91

Its a section of an auto scaling group. Here you can see the logs for the tasks that the asg performs, like creating an instance, etc.

Question 92

What are scaling policies?

Answer 92

Triggers you set to scale in or out a group of instances. There are many kinds

Question 93

What are the different kinds of scaling policies?

Answer 93

Scheduled actions Predictive scaling policies Dynamic scaling policies

Question 94

What are scheduled actions?

Answer 94

A type of scaling policy. It is the simplest, you set a schedule for a specific time of day when you want a specific desired capacity. You set the start time, and the recurrence of it.

Question 95

What are Predictive scaling policies?

Answer 95

Takes a look at a specific metric that you choose and based on its history it predicts how it will behave in the future. It can be used for forecast and take no action or it can be used to actually scale the instances. This kind of policy uses machine learning.

Question 96

Which ASG scaling policy uses machine learning?

Answer 96

Predictive Scaling Policiy

Question 97

What are dynamic scaling policies? Explain each

Answer 97

Here you have 3 kinds: Simple scaling, step scaling, and target tracking scaling. These policies use cloudwatch alarms to triggerdifferent actions, and each kind behaves a bit differently.

Question 98

What are the 3 kinds of dynamic scaling policies?

Answer 98

Simple scaling, step scaling, and target tracking scaling.

Question 99

What is step scaling and how does it work?

Answer 99

Step scaling uses a cloudwatch alarm, and depending on how high you go into the alarm, it executes different steps, these steps could be to add or remove instances. Example: if a cloudwatch alarm chosen is triggered and you go over by "2", then you take the first step which could be the action to add 5 instances. Then if you go over by "4" the next step could be an action that adds 10 instances, etc.

Question 100

What is target tracking scaling and how does it work?

Answer 100

This scaling policy lets us choose a target value for a specified metric, and create or remove instances as needed to maintain this value. (It creates cloudwatch alarms behind the scenes). You can use preset metrics or create your own, the idea is to maintain a value you set. It could be instances amount or cpu usage, etc. Example: if you want to maintain the CPU usage of your instances at around 70%, then you create this policy that adds instances to maintain their cpu usage at 70% and not go over it. It will also scale in when below 70% to maintain that value.

Question 100

What is simple scaling and how does it work?

Answer 100

Simple scaling uses a cloudwatch alarm, and when this alarm activates, it triggers an action, which can be to add or remove instances to the asg group.

Question 101

What happens when ASG uses the ALB health checks?

Answer 101

It replaces unhealthy instances with new ones from the ASG template.

Question 102

Which protocols does ALB and NLB use for health checks?

Answer 102

ALB uses HTTP or HTTPS. NLB uses TCP, HTTP, or HTTPS.