Load-Balancing Flashcards
Vertical scalability means increasing the ____ of the instance.
size
For example, if your application runs on a t2.micro, scaling it up to a t2.large
Vertical scalability is very common for ____ systems, such as database.
non-distributed
RDS and ElastiCache are services that can scale vertically.
There is usually a limit to how much you can scale vertically, a ____ limit.
hardware
Horizontal scalability means increasing the ____ of instances for your application.
number
Horizontal scaling implies ____ systems.
distributed
Amazon ____ makes it much easier to horizontally scale.
EC2
High availability usually goes hand in hand with ____ scaling.
horizontal
High availability means running your application/system in at least ___ data centers or availability zones.
2
The goal of high availability is to survive a ____ loss.
data center
High availability can be passive or active, identify below:
RDS Multi AZ - ____
horizonal scaling - ____
RDS Multi AZ - passive
horizonal scaling - active
Vertical scaling means to ‘scale up / down’.
From an instance size of t2.nano (.5GB of RAM, 1 vCPU) to u-12tbl.metal (12.3 TB of RAM, 448 vCPU)
Horizontal scaling means to ‘scale out / in’, with out meaning more instances.
Examples: Auto Scaling Group or Load Balancer
High availability is to run instances for the same application across ____.
multiple AZs
Examples: Auto Scaling Group multi AZ
Load Balancer multi AZ
____ are servers that forward traffic to multiple servers (EC2 instances) downstream.
Load Balancers
Reasons for using a load balancer:
- spread load across multiple downstream instances
- expose a single point of access (DNS) to your application
- seamlessly handle failures of downstream instances
- do regular health checks to your instances
- provide SSL termination (HTTPS) for your websites
- enforce stickiness with cookies
- high availability across zones
- separate public traffic from private traffic
An ____ Load Balancer is a managed load balancer that AWS maintains.
AWS guarantees it will be working
AWS takes care of upgrades, maintenance, high availability
AWS provides only a few configuration knobs
Integrated with other AWS services
This costs less than you setting up your own with less effort.
Elastic
____ checks enable the load balancer to know if instances it forwards traffic to is available to reply to requests.
This feature is crucial for load balancers.
Health
Load balancer health checks are done on a ____ and ____.
port and route
For ex: /health is common
AWS has 4 types of managed Load Balancers:
- Classic Load Balancer (v1 - old gen, 2009) - Has been deprecated from the console as AWS doesn’t want you to use it.
- Application Load Balancer (v2 - new gen, 2016) - supports http, https, websocket.
- Network Load Balancer (v2 - new gen, 2017) - supports tcp, tls (secure tcp), udp
- Gateway Load Balancer (2020) - operates at layer 3 (network layer). supports IP protocol
Load balancers can be setup as ____ or ____ ELBs.
internal (private)
external (public)
Load balancer security group will allow http/https traffic from anywhere.
The EC2 instances downstream of the Load Balancer will only allow http traffic from the security group of the load balancer.
Application load balancers is Layer ___ (http)
7
Application load balancers balance to multiple http applications across machines, called ____.
Application load balancers balance to multiple applications on the same machine, called ____.
target groups
containers
Application load balancers support:
- http/2 and WebSocket
- redirects (from http to https for example)
Application load balancers support routing to different target groups
- routing based on path in URL (example.com/users & example.com/posts)
- routing based on hostname in URL (one.example.com & other.example.com)
- routing based on query string, headers (example.com/users?id=123&order=false)
____ load balancers are a great fit for micro services and container-based applications (example: Docker and Amazon ECS)
Application
Application load balancers have a ____ feature to redirect to a dynamic port in ECS.
port mapping
Application load balancer target groups can include:
- EC2 instances
- ECS tasks
- Lambda functions
- IP addresses (must be private IPs)
Application load balancers can route to multiple ____ groups.
target
Health checks for application load balancer targets are at the ____ level.
target group
Application Load Balancer - client IP
Which load balancer is described below?
- Forward TCP & UDP traffic to your instances
- Handles millions of requests per second
- Ultra-low latency
Network Load Balancer (NLB)
Network Load Balancers have ____ per AZ and support assigning ____.
This is helpful for whitelisting specific IP.
one static IP
Elastic IP
Which load balancer is used for extreme performance, TCP or UDP traffic?
Network Load Balancer (NLB)
____ load balancers are not included in the AWS free tier.
Network
Network Load Balancers support the following target groups:
- EC2 instances
- IP addresses - must be private IPs
- Application Load Balancer
- Health Checks support the TCP, HTTP and HTTPS protocols
____ Load Balancers allow you to deploy, scale and manage a fleet of 3rd party network virtual appliances in AWS.
Ex: firewalls, intrusion detection and prevention systems, deep packet inspection systems, etc.
Gateway
Gateway load balancers operate at the lowest level, the network layer (layer 3) for IP packets.
A ____ load balancer combines the following functions:
- Transparent Network Gateway: single entry/exit for all traffic
- Load Balancer - distributes traffic to your virtual appliances
Gateway
The ____ load balancer uses the GENEVE protocol on port 6081.
Gateway
Gateway load balancers support the following target groups:
- EC2 instances
- IP addresses - must be private IPs
____ is an implementation that ensures the same client is always redirected to the same instance behind a load balancer.
Sticky Sessions (Session Affinity)
This is enabled on the target group.
Which of the following load balancers does not support sticky sessions (session affinity)?
a) classic load balancer
b) application load balancer
c) network load balancer
d) gateway load balancer
gateway load balancer
A ____ is used for stickiness with classic and application load balancers. It has an expiration date you control.
cookie
Note: network load balancers work without cookies
The use case for sticky sessions (session affinity) is to ensure the user doesn’t lose their ____.
session data
Enabling session stickiness may bring ____ to the load over the backend EC2 instances.
imbalance
What are the two types of sticky session cookies?
application-based
duration-based
Application-based sticky session cookies:
- custom cookie
- generated by the target
- can include any custom attributes required by the app
- cookie name must be specified individually for each target group
- AWSALB, AWSALBAPP, AWSALBTG are reserved names for use by the ELB
- application cookie
- generated by the load balancer
- cookie name is AWSALBAPP
Duration-based sticky session cookies:
- cookie generated by the load balancer
- cookie name is AWSALB for ALB, AWSELB for CLB
With ____ load balancing, each load balancer instance distributes evenly across all registered instances in all AZs.
Cross-Zone
In regards to cross-zone load balancing, which load balancer is described below:
- cross-zone LB enabled be default (can be disabled at target group level)
- no charges for inter AZ data
a) application LB
b) network LB
c) gateway LB
d) classic LB
application LB
In regards to cross-zone load balancing, which load balancer is described below:
- cross-zone LB disabled be default (can be enabled under the LB attributes tab)
- you pay charges for inter AZ data if enabled
a) application LB
b) network LB
c) gateway LB
d) classic LB
network and gateway
In regards to cross-zone load balancing, which load balancer is described below:
- cross-zone LB disabled be default
-no charges for inter AZ data if enabled
a) application LB
b) network LB
c) gateway LB
d) classic LB
classic
A ____ allows traffic between your clients and your load balancer to be encrypted in transit.
Also called in-flight encryption.
SSL Certificate
____ refers to Secure Sockets Layer and is used to encrypt connections.
____ refers to Transport Layer Security, which is a newer version.
SSL
TSL
____ SSL certificates are issued by Certificate Authorities (CA) such as Comodo, Symantec, GoDaddy, etc.
Public
SSL certificates have an ____ (you set) and must be renewed.
expiration date
The load balancer uses an ____ certificate (SSL/TLS server certificate).
X.509
You can manage certificates using ____.
Alternatively, you can upload your own certificates.
ACM - AWS Certificate Manager
When you create a HTTPS listener for your load balancer:
- you must specify a ____
- you can add an optional list of certs to support multiple ____
- Clients can use ____ to specify the hostname they reach
- ability to specify a security policy to support older versions of SSL/TLS
default certificate
domains
Server Name Indication (SNI)
SNI (Server Name Indication) solves the problem of loading ____ onto one web server (to serve multiple websites).
multiple SSL certificates
____ is a newer protocol that requires the client to indicate the hostname of the target server in the initial SSL handshake.
The server will then find the correct certificate, or return the default one.
Server Name Indication (SNI)
Server Name Indication (SNI) only works with what AWS products?
Application LB
Network LB
CloudFront
SSL Certificates recap:
- Classic Load Balancer (v1)
- support only one SSL certificate
- must use multiple CLB for multiple hostnames with multiple SSL certificates
- Application and Network Load Balancers (v2):
- supports multiple listeners with multiple SSL certificates
- Uses Server Name Indication (SNI) to make it work
____ is a feature that allows an instance time to complete “in-flight requests” while the instance is de-registering or unhealthy.
It stops sending new requests to the EC2 instance which is de-registering.
Connection Draining (feature name for Classic LB)
Deregistration Delay (new feature name with Application/Network LBs)
Connection draining parameters (time to wait for draining to complete before terminating instance):
- between 1 to 3600 seconds (5 mins). The default is ____
- feature can be disabled by setting to ____
- set to a low value if your requests are short
300 seconds
0
Using a ____, you can:
- scale out (add EC2 instances) to match an increased load
- scale in (remove EC2 instances) to match a decreased load
Auto Scaling Group (ASG)
An Auto Scaling Group can be used to ensure we have a ____ and ____ number of EC2 instances running.
minimum and maximum
True/False: An Auto Scaling Group will automatically register new instances to a load balancer.
True
An ____ can re-create an EC2 instance in the case a previous one is terminated (ex if unhealthy).
Auto Scaling Group (ASG)
Auto Scaling Groups are free, you only pay for the underlying EC2 instances.
Auto Scaling Group diagram
When setting up your Auto Scaling Group, you create a ____ which contains the attributes to use when the ASG creates instances.
Some items you can include: AMI + Instance Type, EC2 User Data, EBS Volumes, Security Groups, SSH Key Pair, etc.
You also can set the Min size, Max size and Initial capacity for the group.
Launch template
It is possible to scale an Auto Scaling Group based on CloudWatch ____.
alarms
Metrics, such as Average CPU, are computed for the ____ Auto Scaling Group instances.
overall
Based on a CloudWatch ____, we can create:
- scale-out policies (increase number of instances)
- scale-in policies (decrease number of instances)
alarm
Which type of Auto Scaling Group scaling policy is described below:
Anticipate a scaling based on known usage patterns.
Ex: increase the min capacity to 10 at 6pm on Fridays
a) Dynamic Scaling
b) Scheduled Scaling
c) Predictive Scaling
Scheduled Scaling
Which type of Auto Scaling Group scaling policy is described below:
Target Tracking Scaling - ex: I want the average ASG CPU to stay at around 40%
Simple / Step Scaling - ex: when a CloudWatch alarm is triggered ( example CPU > 70%), then add 2 units
a) Dynamic Scaling
b) Scheduled Scaling
c) Predictive Scaling
Dynamic Scaling
Which type of Auto Scaling Group scaling policy is described below:
Continuously forecast load and schedule scaling ahead
a) Dynamic Scaling
b) Scheduled Scaling
c) Predictive Scaling
Predictive Scaling
Good metrics to scale on:
- CPUUtilization: Average CPU utilization across your instances
- RequestCountPerTarget: to make sure the number of requests per EC2 instance is stable
- Average Network In/Out: if your’re application is network bound
- Any custom metrics that you push using CloudWatch
After a scaling activity happens, you are in the ____ period (default 300 secs).
cooldown
During an Auto Scaling Group cooldown period, the ASG will not ____ or ____ additional instances ( to allow for metrics to stabilize).
launch
terminate
