Load Balancing & Scaling

Question 1

What is a load balancer?

Answer 1

A service that distributes incoming application traffic across multiple targets, such as EC2 instances, in multiple Availability Zones to increase the availability of your application.

Question 2

How does a load balancer work?

Answer 2

By using one or more listeners. It checks for connection requests, then forwards the request based on your rules. A listener has a default rule and you can add more.

Question 3

What are the features of a load balancer rule?

Answer 3

Target group,
Condition,
Priority.

Forwarding happens when the condition is met.

Question 4

Can a target for a load balancer belong to more than one target group?

Answer 4

Yes.

Question 5

What is ELB? What are the features?

Answer 5

Elastic Load Balancing. It automatically distributes incoming application traffic across multiple targets and virtual appliances in one or more Availability Zones (AZs).

• Single point of access (DNS)
• Handles failures of downstream instances
• Does health checks
• Provides HTTPS
• Enforce stickiness with cookies
• High availability across zones
• Separates private and public traffic
• Security (use with security groups)
• Monitoring (integrates with CloudWatch, request tracing)

Question 6

What are the 4 types of load balancers?

Answer 6

Classic CLB
Application ALB
Network NLB
Gateway GWLB

Question 7

I have some third-party virtual appliances. Which load balancer should I choose?

Answer 7

Gateway Load Balancer.

Question 8

I need flexible application management, using Lambda functions and redirects. Which load balancer should I choose?

Answer 8

Application Load Balancer.

Question 9

I need extreme performance and a static IP address. Which load balancer should I choose?

Answer 9

Network Load Balancer.

Question 10

What does it mean to scale vertically? What kind of application would do that?

Answer 10

Make your instance bigger, like micro to large.

Non-distributed applications like databases would scale vertically.

Question 11

Describe an Application Load Balancer.

Answer 11

Works at the application layer (layer 7).
• HTTP
• Supports HTTP/2, WebSocket
• Supports content-based routing (e.g. IP address, the path or hostname in the URL, or query string/headers in request)
• Can route to targets on the same instance: good for applications that run in containers
• Supports redirects (e.g. HTTP -> HTTPS)
• 1 ALB can support many applications
• Fixed hostname

Good for:
• Microservices
• Containers

Question 12

Describe a Classic Load Balancer.

Answer 12

Previous-generation load balancer; no longer recommended.
     • TCP (layer 4)
     • HTTP/HTTPS (layer 7)
     • fixed hostname
     • one application = 1 load balancer

Question 13

Describe a Network Load Balancer.

Answer 13

Works at layer 4
• TCP/UDP
• Ultra-low latency, extreme performance

Has 1 Static IP per AZ
Supports Elastic IP (good for white-listing)
Supports VPC endpoint services

Different listener on unique ports
Target can be outside your VPC like on-prem

Question 14

What can be in a target group of an NLB?

Answer 14

EC2 instances

Private IP addresses
• specify fixed static IP address
• e.g. if you have a server in your own datacenter

ALB
• you can chain NLB to ALB
• e.g. you want to use the static IPs of the NLB but also the HTTP features of the ALB

Question 15

Describe a Gateway Load Balancer

Answer 15

Operates at Level 3 (Network Layer - IP packets)

• Works as Load Balancer
• ALSO works as Transparent Network Gateway (single entry/exit point for all traffic)

Allows you to deploy/manage/scale a fleet of 3rd party network virtual appliances in AWS. These appliances sit between your users and the targets.

Users -> GLB -> appliances -> GLB -> target

E.g. You want all traffic to be inspected for security

Question 16

I need to use the GENEVE protocol on port 6081.

Answer 16

Gateway Load Balancer.

Question 17

What can be in a target group of the Gateway Load Balancer?

Answer 17

EC2.

Private IP addresses

Question 18

What is a sticky session? How does it work? What are the pros and cons?

Answer 18

Aka Affinity Session.

An optional feature for CLB & ALB
Uses a cookie with an expiration date
Allows user to always communicate with the same EC2

Pros: keep session data like login ID
Cons: unbalanced load

Question 19

What are the 2 types of cookie used for sticky sessions?

Answer 19

Application Based:
a) Custom
• generated by target (application)
• can include custom attributes required by the app
• must have a different name for each target group
• name is anything except AWSALB, AWSALBAPP, AWSALBTG
b) Application cookie:
• generated by load balancer
• name is AWSALBAPP

Duration Based:
• generated by load balancer
• name is AWSALB or AWSELB (for classic)

Question 20

What are the potential target groups for an ALB?

Answer 20

EC2 instances
ECS tasks
Lambda functions
Private IP addresses

ALB can route to multiple target groups

Question 21

What is Cross-Zone Load Balancing? When can you use it and when do you pay?

Answer 21

Allows you to distribute traffic evenly ACROSS AZs, regardless of where the load balancer is.

ALB: always on (can’t turn it off), free inter-AZ data
NLB: off by default, pay for inter-AZ data
CLB: off by default, free inter-AZ data

Question 22

Describe SSL and TLS

Answer 22

Ways to encrypt your data in transit.

Secure Sockets Layer
Transport Layer Security (newer version but people still say SSL)

Certificates are issued by CA and have expiration date.

Question 23

How does SSL/TLS work with a Load Balancer?

Answer 23

• Traffic comes in to ELB encrypted
• ELB uses x.509 cert (SSL/TLS cert)
• You can manage certs in AWS Certificate Manager

For the ELB listener (HTTPS listener):
• you must specify a default cert
• you can optionally add certs to support multiple domains
• clients can use SNI (Server Name Indication) to specify the hostname they want
• you can specify a security policy for older versions of SSL/TLS

Question 24

What is SNI and how does it work?

Answer 24

Server Name Indication.
• Solves the problem of loading multiple certs onto 1 webserver
• Newer protocol, the client has to indicate the hostname of the target in the initial handshake, then the server finds the correct cert (or default one)

Only works for ALB, NLB, CloudFront.

Question 25

I want to use CLB but also multiple hostnames that have different certificates. How do I do this?

Answer 25

CLB can only have one SSL cert. You have to use multiple CLBs in this case.

Question 26

What is it called when an EC2 needs to go offline? How does the ELB handle it?

Answer 26

CLB: Connection Draining
ALB/NLB: Deregistration Delay

When the EC2 goes into “draining”, the ELB stops sending new requests to it. It will allow existing connections to complete for a time period you specify.
• set to a longer time if you have long requests like uploads
• this can be disabled

Question 27

How does an Auto Scaling Group (ASG) work?

Answer 27

You specify a plan for each group in response to demand. Plan includes:
• min/max instances
• desired (actual) # of instances

Auto Scaling will launch or terminate instances as needed.

New instances can be automatically added to the ELB.

Question 28

What are the attributes of an ASG? What do you need to set it up?

Answer 28

"Let Me Now Eat Snacks"
• Launch template (or config)
• Min/Max/Desired capacity
• Network/Subnet
• ELB
• Scaling policy

Question 29

How does Auto Scaling get triggered?

Answer 29

CloudWatch alarms
• metrics e.g. average CPU for all instances
• custom metrics

EC2 managed rules (easier)

Scheduled (if demand is predictable)

Health Checks (EC2 and optionally ELB checks)

SQS queues

Question 30

What happens if you attach an IAM role to an ASG?

Answer 30

Any new instances that are launched will be assigned the IAM role

Question 31

How much does an ASG cost?

Answer 31

It’s free. You are charged by the instance.

Question 32

What kinds of scaling policies are there?

Answer 32

Dynamic/Scheduled/Predictive

Dynamic - Target tracking (easiest), e.g. CPU must stay around 40%

Dynamic - Simple/Step Scaling: CloudWatch alarms

Scheduled, e.g. demand is high on Friday at 5PM

Predictive: ML prediction based on history. Good for apps that take a long time to initialize

Question 33

What are some common metrics to scale on?

Answer 33

CPU utilization
Request Count per Target
Average Network In/Out
Custom

Question 34

What is a scaling cooldown? How can I change it?

Answer 34

After a scaling event (in or out), it waits for metrics to stabilize for 5 minutes by default.

For Simple scaling policies.

If you use a prebuilt AMI there is less config time and you can reduce the cooldown period.

Question 35

How does Auto Scaling terminate instances by default?

Answer 35

1) Find the AZ with the most instances

2) Terminate the one with the oldest launch config/template

Question 36

What are ASG lifecycle hooks?

Answer 36

You can set up a hook in the Pending or Terminating state to do extra stuff before going into service or terminating.

E.g. run security checks. install extra software, extract logs or files before termination.

Question 37

What is the difference between Launch Template and Launch Configuration?

Answer 37

Both have:
AMI ID, instance type, key pair, security groups, launch params like tags, user data….

Config: older, must be re-created every time. Not recommended.

Template:
• Can have versions
• Supports parameter subsets for re-use and inheritance
• You can provision On-Demand and Spot instances (or a mix)
• Can use T2 Unlimited Burst
• Recommended

Question 38

You are using an Application Load Balancer to distribute traffic to your website hosted on EC2 instances. It turns out that your website only sees traffic coming from private IPv4 addresses which are in fact your Application Load Balancer’s IP addresses. How do you get the client IP?

Answer 38

Get it from the header under X-Forwarded-For

Question 39

An application is deployed with an Application Load Balancer and an Auto Scaling Group. Currently, you manually scale the ASG and you would like to define a Scaling Policy that will ensure the average number of connections to your EC2 instances is around 1000. Which Scaling Policy should you use?

Answer 39

Target tracking policy.

Question 40

A company hosted a web application in an Auto Scaling group of EC2 instances. The IT manager is concerned about the over-provisioning of the resources that can cause higher operating costs. A Solutions Architect has been instructed to create a cost-effective solution without affecting the performance of the application.

Which dynamic scaling policy should be used to satisfy this requirement?

Answer 40

Target Tracking

Question 41

A company needs to deploy at least 2 EC2 instances to support the normal workloads of its application and automatically scale up to 6 EC2 instances to handle the peak load. The architecture must be highly available and fault-tolerant as it is processing mission-critical workloads.

As the Solutions Architect of the company, what should you do to meet the above requirement?

Answer 41

Create an Auto Scaling policy
Set min capacity = 4*
Set max capacity = 6
Deploy 2 instances in each Zone (A&B)

*you should have 2 instances running all the time even if an AZ outage occurred. If each AZ has 2 instances running, even if an AZ fails, your system will still run a minimum of 2 instances.

If you had min capacity = 2 and an AZ outage happened, ASG will launch a new instance on the unaffected AZ. This provisioning does not happen instantly, which means that for a certain period of time, there will only be 1 running instance left.

Question 42

What options for Auto Scaling monitoring are there?

Answer 42

Group metrics: 
     • must be enabled
     • 1-minute granularity 
     • free
Basic monitoring: 
     • 5-minute granularity 
     • free
Detailed monitoring: 
     • 1-minute granularity 
     • \$\$

Question 43

What is ASG termination protection?

Answer 43

Prevent Auto Scaling from terminating specific instances.

Question 44

What is a standby state?

Answer 44

If you need to update or troubleshoot an instance, you can put it in this state.

Question 45

How can you store session state data? E.g. login

Answer 45

1) Store in DynamoDB, ElastiCache (or S3).
2) Sticky sessions

You could use them together

Question 46

An application on EC2 in an ASG requires disaster recovery across regions. How do you do this?

Answer 46

You can’t do ASGs across regions. You have to be tricky.

Creat an ASG in the 2nd region with the capacity set to 0. Take snapshots of your instances and copy them from Region 1 to Region 2.

Question 47

A launch configuration is created using the command-line interface (CLI). Which type of monitoring will be enabled?

Answer 47

CloudWatch DETAILED monitoring is enabled by default when creating launch configurations through the CLI.

Question 48

A reporting application runs on Amazon EC2 instances behind an Application Load Balancer. The instances run in an Amazon EC2 Auto Scaling group across multiple Availability Zones. For complex reports, the application can take up to 15 minutes to respond to a request. A solutions architect is concerned that users will receive HTTP 5xx errors if a report request is in process during a scale-in event.

What should the solutions architect do to ensure that user requests will be completed before instances are terminated?

Answer 48

Increase the deregistration delay timeout. Default is 5 minutes (300 seconds), so must be 900 seconds.