ELB

  1. Types of ELB
    1. Classic - Works along with Classic VPC.  
    2.  Classic Load Balancer does not support SNI.
    3. For EC2 instances, always use a Type A Record without an Alias. For ELB, Cloudfront and S3, always use a Type A Record with an Alias and finally, for RDS, always use the CNAME Record with no Alias.
    4. Application
      1. Works on Layer 4 and 7 
      2. Supports SNI - multiple domains can be mapped to the ALB and ALB would serve them by automatically tagging the write certificates for those domains
      3. When the domain is resolved in Route53 it is mapped to the IP provided by ALB. uses ENI.
      4. When the traffic load increase ELB automatically allows more connections by scaling.
      5. The IP connections are held for a period of time to ensure if there are subsequent requests which hit that IP.
      6. When the IP is not available, the R53 tries the second IP. Even if that is not working then DNS refresh is required so R53 can get access to new set of IPs from ALB.
      7. ALB can support path and text based routing based on http parameters.
      8. Supports http2 protocols, websockets
      9. Automatically choose the right kind cert ciphers to be used.
      10. The traffic can be routed to the backend targets - which could be EC2, Containers or even Lambda functions
      11. Target groups can be created to facilitate the routing to the group. 
      12. Weighted targeting can be set to divide traffic flow to 2 different target groups say 90/10 - best suited for Blue Green deployment or A/B testing use cases.
      13. We can have the setup route to Lambda as one target and containers in another target.
      14. Elastic Load Balancing can be pre-warmed to scale up in advance for any launch event. To pre-warm Elastic Load Balancing, submit an AWS support request with the anticipated load.
      15. Handles SSL termination.
      16. When Connection Draining is enabled and configured, the process of deregistering an instance from an Elastic Load Balancer gains an additional step. For the duration of the configured timeout, the load balancer will allow existing, in-flight requests made to an instance to complete, but it will not send any new requests to the instance. During this time, the API will report the status of the instance as InService, along with a message stating that “Instance deregistration currently in progress.” Once the timeout is reached, any remaining connections will be forcibly closed.

      17. With Application Load Balancers, cross-zone load balancing is always enabled.With Network Load Balancers and Gateway Load Balancers, cross-zone load balancing is disabled by default. 

    5. Network 
      1. Best suited for long lived connections
      2. Home automation with IoT use case
      3. Hyperplane concept - need to understand this
      4. High performance 
      5. UDP connections 
      6. Using along with Private link for TCP traffic alone
      7. Preserve source IP to targets
      8. Have static IPs - Elastic Load Balancing creates a network interface for each Availability Zone you enable. Each load balancer node in the Availability Zone uses this network interface to get a static IP address.
      9. Before you start using your Network Load Balancer, you must add one or more listeners. A listener is a process that checks for connection requests, using the protocol (TCP, TLS or UDP) and port that you configure. The rules that you define for a listener determine how the load balancer routes requests to the targets in one or more target groups.
      10. Each target group is used to route requests to one or more registered targets. When you create a listener, you specify a target group for its default action. Traffic is forwarded to the target group specified in the listener rule. You can create different target groups for different types of requests. The Target group may consist of instances (upto 1000) or even application load balancer (only 1). The targets may be outside of VPC also.
    6. Load balancer configuration
      1. Proxy protocol is an internet protocol used to carry connection information from the source requesting the connection to the destination for which the connection was requested.  When enabled a proxy protocol header is passed along with the request which helps you identify the IP address of a client.
      2. To ensure that a Classic Load Balancer stops sending requests to instances that are de-registering or unhealthy, while keeping the existing connections open, use connection draining. This enables the load balancer to complete in-flight requests made to instances that are de-registering or unhealthy.
      3. With cross-zone load balancing, each load balancer node for your Classic Load Balancer distributes requests evenly across the registered instances in all enabled Availability Zones. If cross-zone load balancing is disabled, each load balancer node distributes requests evenly across the registered instances in its Availability Zone only. 
      4. If your application has its own session cookie, then you can configure Elastic Load Balancing so that the session cookie follows the duration specified by the application's session cookie. If your application does not have its own session cookie, then you can configure Elastic Load Balancing to create a session cookie (AWSELB) by specifying your own stickiness duration.
      5. If you use Route 53 to route DNS queries to your load balancer, you can also configure DNS failover for your load balancer using Route 53. In a failover configuration, Route 53 checks the health of the registered EC2 instances for the load balancer to determine whether they are available. If there are no healthy EC2 instances registered with the load balancer, or if the load balancer itself is unhealthy, Route 53 routes traffic to another available resource, such as a healthy load balancer or a static website in Amazon S3.
    7. Gateway Load Balancer endpoint is an elastic network interface with a private IP address from the IP address range of your subnet. It serves as an entry point to intercept traffic and route it to a network or security service that you've configured using a Gateway Load Balancer. You specify a Gateway Load Balancer endpoint as a target for a route in a route table. 
    8. Load balancers are regional resource - need Route 53 for global level.
    9. target group tells a load balancer where to direct traffic to : EC2 instances, fixed IP addresses; or AWS Lambda functions, amongst others. When creating a load balancer, you create one or more listeners and configure listener rules to direct the traffic to one target group. You can now add more than one target group to the forward action of a listener rule, and specify a weight for each group.
    10. In addition to blue/green deployments, AWS customers can use weighted target groups for two other use cases: cloud migration, or migration between different AWS compute resources.
    11. When you migrate an on-premises application to the cloud, you may want to do it progressively, with a period where the application is running both on the on-premises data center and in the cloud. Eventually, when you have verified that the cloud version performs satisfactorily, you may completely deprecate the on-premises application.
    12. Similarly, when you migrate a workload from EC2 instances to Docker containers running on AWS Fargate for example, you can easily bring up your new application stack on a new target group and gradually move the traffic by changing the target group weights, with no downtime for end users.
    13. When target group stickiness is enabled, the requests from a client are all sent to the same target group for the specified time duration. At the expiry of the duration, the requests are distributed to a target group according to the weight. ALB issues a cookie to maintain target group stickiness.
    14. Note - Sticky Sessions makes sure that the requests from a client are always sticking to a particular target within a target group. Target group stickiness only ensures the requests are sent to a particular target group. Sticky sessions can be used in conjunction with the target group level stickiness.

Comments

Post a Comment

Popular posts from this blog

Serverless - Lambda functions

 Lambda All operational activities of applying patch, capacity provisioning, monitoring fleet health, code deployment etc is taken care by Lamda. Best suited for use cases which are event based, such as changes to S3 buckets,  serverless processing of streaming data, updates to Dynamo DB table or custom event generated by apps/devices. All code uploaded to Lambda is encrypted. Each Lambda has built-in ephemeral storage of 512 MB. In-bound network connections are blocked by Lambda. Total Metrics, Account and Function level concurrency usage, latency and throttled requests are metrics shared by Lambda through Cloud Watch. Each Lambda function has a log group which can be traced in Cloudwatch logs. We can define the memory to be set for the function. Lambda function max execution time is 15 mins. Lambda can do polling of resources that do not publish events. Or it can be triggered basis events. S3 Integration - The S3 Bucket notifications can be sent to Lambda functions. Lambda c...
Read more

Cloudwatch, CloudTrail, X-Ray

A  namespace  is a container for CloudWatch metrics. Metrics in different namespaces are isolated from each other, so that metrics from different applications are not mistakenly aggregated into the same statistics. There is no default namespace. You must specify a namespace for each data point you publish to CloudWatch. You can specify a namespace name when you create a metric.  Metrics  are the fundamental concept in CloudWatch. A metric represents a time-ordered set of data points that are published to CloudWatch.  Metrics exist only in the Region in which they are created. Metrics cannot be deleted, but they automatically expire after 15 months if no new data is published to them.  A  dimension  is a name/value pair that is part of the identity of a metric. You can assign up to 10 dimensions to a metric. CloudWatch treats each unique combination of dimensions as a separate metric, even if the metrics have the same metric name.  Each metric...
Read more

AWS Storage Services

Storage Gateway Hybrid cloud storage Caches frequently used data for low latency access from on-premises Supports NFS, SMS, iSCSI, iSCSI-VTL  HIPAA and PCI-DSS compatible Use cases Backup and Archiving Disaster recovery Transfer data for cloud workflows Tiered storage Types File - Store in S3 (Object storage) using SMB and NFS protocols. Backing up at object level. Supports POSIX style file metadata on objects. Max file size of 5TB - same as S3. S3 Classes supported - Standard, Standard IA and One Zone IA. Uses multi-part uploads to speed up upload process. Objects managed through the gateway should not be modified outside the gateway. Volume - Uses block storage with iSCSI and stores in S3 as well.  Integrates with AWS Backup S3 Bucket is managed by gateway and we don't have control. Data cannot be accessed through the S3 API unlike File gateway. Supports upto 32 volumes. Cache mode - Primary data is in S3 with a local cache. 32TB per volume and max of 1 PB. Stored mode - Sto...
Read more