{"id":2805,"date":"2019-06-12T00:39:42","date_gmt":"2019-06-11T22:39:42","guid":{"rendered":"http:\/\/miro.borodziuk.eu\/?p=2805"},"modified":"2019-09-02T22:07:08","modified_gmt":"2019-09-02T20:07:08","slug":"elastic-load-balancer","status":"publish","type":"post","link":"http:\/\/miro.borodziuk.eu\/index.php\/2019\/06\/12\/elastic-load-balancer\/","title":{"rendered":"Elastic Load Balancer"},"content":{"rendered":"<ul>\n<li>Load balancing is a method used to distribute incoming connections across a group of servers or services.<\/li>\n<li>Incoming connections are made to the load balancer, which distributes them to associated services.<\/li>\n<\/ul>\n<p><!--more--><\/p>\n<ul>\n<li>Elastic Load Balancing (ELB) is a service that provides a set of highly available and scalable load balancers in one of three versions:\n<ul>\n<li><strong>Classic<\/strong> (CLB),<\/li>\n<li><strong>Application<\/strong> (ALB)<\/li>\n<li><strong>Network<\/strong> (NLB)<\/li>\n<\/ul>\n<\/li>\n<li>ELBs can be paired with Auto Scaling groups to enhance high availability and fault tolerance \u2014 automating scaling\/elasticity.<\/li>\n<li>An elastic load balancer has a DNS record, which allows access at the external side.<\/li>\n<\/ul>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2976 aligncenter\" src=\"http:\/\/miro.borodziuk.eu\/wp-content\/uploads\/LoadBalancing.jpg\" alt=\"\" width=\"760\" height=\"331\" srcset=\"http:\/\/miro.borodziuk.eu\/wp-content\/uploads\/LoadBalancing.jpg 760w, http:\/\/miro.borodziuk.eu\/wp-content\/uploads\/LoadBalancing-300x131.jpg 300w\" sizes=\"(max-width: 706px) 89vw, (max-width: 767px) 82vw, 740px\" \/><\/p>\n<p>A node is placed in each AZ the load balancer is active in. Each node gets 1\/N of the traffic, where N is the number of nodes. Historically, each node could only load balance to instances in the same AZ. This results in uneven traffic distribution. Cross-zone load balancing allows each node to distribute traffic to all instances.<\/p>\n<p>An elastic load balancer can be public facing, meaning it accepts traffic from the public Internet, or internal, which is only accessible from inside a VPC and is often used between application tiers.<\/p>\n<p>An elastic load balancer accepts traffic via listeners using protocol and ports. It can strip HTTPS at this point, meaning it handles encryption\/decryption, reducing CPU usage on instances.<\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"color: #3366ff;\">Application Load Balancer<\/span><\/p>\n<ul>\n<li>Application Load Balancers (ALBs) operate at Layer 7 of the OSI model. They understand HTTP and HTTPS and can load balance based on this protocol layer.<\/li>\n<li>ALBs are now recommended as the default LB for VPCs. They perform better than CLBs and are almost always cheaper.<\/li>\n<li>Content rules can direct certain traffic to specific target groups.\n<ul>\n<li>Host-based rules: Route traffic based on the host used ,<\/li>\n<li>Path-based rules: Route traffic based on URL path<\/li>\n<\/ul>\n<\/li>\n<li>ALBs support EC2, ECS, EKS, Lambda, HTTPS, HTTP\/2 and WebSockets, and they can be integrated with AWS Web Application Firewall (WAF).<\/li>\n<li>Use an ALB if you need to use containers or microservices.<\/li>\n<li>Targets -&gt; Target Groups -&gt; Content Rules<\/li>\n<li>An ALB can host multiple SSL certificates using SNI.<\/li>\n<\/ul>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2981 aligncenter\" src=\"http:\/\/miro.borodziuk.eu\/wp-content\/uploads\/ALB.jpg\" alt=\"\" width=\"699\" height=\"460\" srcset=\"http:\/\/miro.borodziuk.eu\/wp-content\/uploads\/ALB.jpg 699w, http:\/\/miro.borodziuk.eu\/wp-content\/uploads\/ALB-300x197.jpg 300w\" sizes=\"(max-width: 699px) 100vw, 699px\" \/><\/p>\n<p>1. Three components<\/p>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li><span style=\"color: #999999;\">Load Balancer<\/span>\n<ul>\n<li>Receives client requests (HTTP, HTTPS)<\/li>\n<\/ul>\n<\/li>\n<li><span style=\"color: #999999;\">Listeners\u00a0<\/span>\n<ul>\n<li>Reads the requests from clients<\/li>\n<li>Compares the request to rules, then forwards to a target group<\/li>\n<\/ul>\n<\/li>\n<li><span style=\"color: #999999;\">Target Group<\/span>\n<ul>\n<li>Receives forwards from listeners<\/li>\n<li>Health checks are configured per target group<\/li>\n<li>Targets can be in multiple target groups<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>2. Works at the Application layer (7)<\/p>\n<p>3. Content-based routing<\/p>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li><strong>Path-based<\/strong> routing:\u00a0 Forwards based on the URL in the request;\u00a0 \/dev and \/prod can route to different target groups<\/li>\n<li><strong>Host-based<\/strong> routing: Forwards based on the host field of the HTTP header; <em>dev.mysite.com<\/em> and <em>prod.mysite.com<\/em> can route to different target groups<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>4. Routes to IP addresses, including outside the VPC (on-premises)<\/p>\n<p>5. Routes to microservices (allows dynamic port mapping)<\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"color: #999999;\">Monitoring<\/span><\/p>\n<ul>\n<li>CloudWatch metrics: <code>ActiveConnectionCount<\/code>, <code>HealthyHostCount<\/code>,\u00a0 <code>HTTP code totals<\/code>, and more<\/li>\n<li>Access logs:\u00a0 Sends detailed request information to S3<\/li>\n<li>Request tracing: A header is added that includes a trace identifier for requests<\/li>\n<li>CloudTrail logs: Records API activity<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><span style=\"color: #3366ff;\">Network Load Balancer<\/span><\/p>\n<p>Network Load Balancers (NLBs) are the newest type of load balancer and operate at Layer 4 of the OSI network model. There are a few scenarios and benefits to using an NLB versus an ALB:<\/p>\n<ul>\n<li>Can support protocols other than HTTP\/S because it forwards upper layers unchanged<\/li>\n<li>Less latency because no processing above Layer 4 is required<\/li>\n<li>IP addressable \u2014 static address<\/li>\n<li>Best load balancing performance within AWS<\/li>\n<li>Source IP address preservation \u2014 packets unchanged<\/li>\n<li>Targets can be addressed using IP address<\/li>\n<\/ul>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2982 aligncenter\" src=\"http:\/\/miro.borodziuk.eu\/wp-content\/uploads\/NLB.jpg\" alt=\"\" width=\"701\" height=\"479\" srcset=\"http:\/\/miro.borodziuk.eu\/wp-content\/uploads\/NLB.jpg 701w, http:\/\/miro.borodziuk.eu\/wp-content\/uploads\/NLB-300x205.jpg 300w\" sizes=\"(max-width: 701px) 100vw, 701px\" \/><\/p>\n<p>1. Same three components (as ALB)<\/p>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li>Load Balancer\n<ul>\n<li>Receives client requests<\/li>\n<\/ul>\n<\/li>\n<li>Listeners\n<ul>\n<li>Reads the requests from clients<\/li>\n<li>Compares the request to rules, then forwards to a target group<\/li>\n<\/ul>\n<\/li>\n<li>Target Group\n<ul>\n<li>Uses TCP protocol and port to route requests to targets (EC2, on-premises)<\/li>\n<li>Health checks are configured per target group<\/li>\n<li>Targets can be in multiple target groups<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>2. Functions at the Transport layer (4)<\/p>\n<p>3. Millions of connections capability (no pre-warming needed) Each<\/p>\n<p>4. Availability Zone assigned gets a node created in it with a static IP (or EIP)<\/p>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li>Reduces latency<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>5. Register targets by:<\/p>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li>Instance ID: Source addresses of clients are preserved<\/li>\n<li>IP address: Source addresses of clients are the private IP of NLB node<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>6. Client TCP connections have different source port and sequence numbers<\/p>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li>Route traffic to different targets<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>7. Change targets anytime<\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"color: #999999;\">Monitoring<\/span><\/p>\n<ul>\n<li>CloudWatch metrics:\u00a0 <code>ActiveFlowCount<\/code>, <code>HealthyHostCount<\/code>, <code>UnhealthyHostCount<\/code>, and more<\/li>\n<li>VPC Flow Logs: Detailed log of traffic going to and from your NLB<\/li>\n<li>CloudTrail logs: Records API activity<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><span style=\"color: #3366ff;\">Classic Load Balancer<\/span><\/p>\n<p>Classic Load Balancers are the oldest type of load balancer and generally should be avoided for new projects.<\/p>\n<ul>\n<li>Support Layer 3 &amp; 4 (TCP and SSL) and some HTTP\/S features<\/li>\n<li>It isn&#8217;t a Layer 7 device, so no real HTTP\/S<\/li>\n<li>One SSL certificate per CLB \u2014 can get expensive for complex projects<\/li>\n<li>Can offload SSL connections \u2014 HTTPS to the load balancer and HTTP to the instance (lower CPU and admin overhead on instances)<\/li>\n<li>Can be associated with Auto Scaling groups<\/li>\n<li>DNS A Record is used to connect to the CLB<\/li>\n<\/ul>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2979 aligncenter\" src=\"http:\/\/miro.borodziuk.eu\/wp-content\/uploads\/CLB.jpg\" alt=\"\" width=\"700\" height=\"589\" srcset=\"http:\/\/miro.borodziuk.eu\/wp-content\/uploads\/CLB.jpg 700w, http:\/\/miro.borodziuk.eu\/wp-content\/uploads\/CLB-300x252.jpg 300w\" sizes=\"(max-width: 700px) 100vw, 700px\" \/><\/p>\n<p>1. A simple, no-frills load balancer<\/p>\n<p>2. Supports EC2-Classic<\/p>\n<p>3. Supports HTTP, HTTPS, TCP, and SSL listeners<\/p>\n<p>4. Cross-zone load balancing<\/p>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li>Enable to evenly distribute traffic to all registered instances<\/li>\n<li>Recommended to keep roughly the same number in each AZ<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><span style=\"color: #999999;\">LB Health Checks<\/span><br \/>\nHealth checks can be configured to check the health of any attached services. If a problem is detected, incoming connections won&#8217;t be routed to instances until it returns to health.<br \/>\nCLB health checks can be TCP, HTTP, HTTPS, and SSL based on ports 1-65535. With HTTP\/S checks, a HTTP\/S path can be tested.<\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"color: #999999;\">Monitoring<\/span><\/p>\n<ul>\n<li>CloudWatch metrics:\u00a0<code> HealthyHostCount<\/code>,<code> RequestCount<\/code>, <code>Latency<\/code>, <code>HTTP<\/code> codes, and more<\/li>\n<li>Access logs: Sends request information to S3<\/li>\n<li>CloudTrail logs: Records API activity<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><span style=\"color: #3366ff;\">High Availability<\/span><\/p>\n<p>We can have both external and internal load balancers.<\/p>\n<p><span style=\"color: #999999;\">External load balancers <\/span>are public facing:<\/p>\n<ul>\n<li>Often used to distribute load between web servers<\/li>\n<li>Provide a public DNS hostname<\/li>\n<\/ul>\n<p><span style=\"color: #999999;\">Internal load balancers<\/span> are not customer facing:<\/p>\n<ul>\n<li>Often used to distribute load between private back-end servers<\/li>\n<li>Provide an internal DNS hostname<\/li>\n<\/ul>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2813 aligncenter\" src=\"http:\/\/miro.borodziuk.eu\/wp-content\/uploads\/ELBHA.jpg\" alt=\"\" width=\"634\" height=\"245\" srcset=\"http:\/\/miro.borodziuk.eu\/wp-content\/uploads\/ELBHA.jpg 634w, http:\/\/miro.borodziuk.eu\/wp-content\/uploads\/ELBHA-300x116.jpg 300w\" sizes=\"(max-width: 634px) 100vw, 634px\" \/><\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"color: #999999;\">Sticky Sessions<\/span><\/p>\n<ul>\n<li>Maintains a user&#8217;s session state by ensuring they are routed to the same target<\/li>\n<li>Uses cookies to identify sessions. Clients must support them.<\/li>\n<li>Enabled on the target group (Application and Network Load Balancers)<\/li>\n<li>Enabled on the Classic Load Balancer itself after creation<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><span style=\"color: #3366ff;\">SSL Offloading<\/span><\/p>\n<ul>\n<li>In a highly available web application, we use load balancers to distribute traffic.<\/li>\n<li>We can also use their elasticity and scalability in the HTTPS\/SSL process.<\/li>\n<li>Encryption and decryption require processing: We can save processing on our instances by transferring the SSL process to the load balancer.<\/li>\n<li>There is no need for every EC2 instance to need a certificate and process encryption and decryption: Application performance should increase.<\/li>\n<li><strong> Certificate Manager<\/strong> also integrates for certificate generation and management.<\/li>\n<\/ul>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2814 aligncenter\" src=\"http:\/\/miro.borodziuk.eu\/wp-content\/uploads\/SSLOffloading.jpg\" alt=\"\" width=\"539\" height=\"341\" srcset=\"http:\/\/miro.borodziuk.eu\/wp-content\/uploads\/SSLOffloading.jpg 539w, http:\/\/miro.borodziuk.eu\/wp-content\/uploads\/SSLOffloading-300x190.jpg 300w\" sizes=\"(max-width: 539px) 100vw, 539px\" \/><\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"color: #3366ff;\">Launch templates<\/span> and<span style=\"color: #3366ff;\"> launch configurations<\/span> allow you to configure various configuration attributes that can be used to launch EC2 instances. Typical configurations that can be set include:<\/p>\n<ul>\n<li>AMI to use for EC2 launch<\/li>\n<li>Instance type<\/li>\n<li>Storage<\/li>\n<li>Key pair IAM role<\/li>\n<li>User data<\/li>\n<li>Purchase options<\/li>\n<li>Network configuration<\/li>\n<li>Security group(s)<\/li>\n<\/ul>\n<p>Launch templates address some of the weaknesses of the legacy launch configurations and add the following features:<\/p>\n<ul>\n<li>Versioning and inheritance<\/li>\n<li>Tagging<\/li>\n<li>More advanced purchasing options<\/li>\n<li>New instance features, including:\n<ul>\n<li>Elastic graphics<\/li>\n<li>T2\/T3 unlimited settings<\/li>\n<li>Placement groups<\/li>\n<li>Capacity reservations<\/li>\n<li>Tenancy options<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>Launch templates should be used over launch configurations where possible. <strong>Neither can be edited after creation<\/strong> \u2014 a new version of the template or a new launch configuration should be created.<\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"color: #3366ff;\">Auto Scaling<\/span> groups use launch configurations or launch templates and allow automatic scale-out or scale-in based on configurable metrics. Auto Scaling groups are often paired with elastic load balancers.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2984 aligncenter\" src=\"http:\/\/miro.borodziuk.eu\/wp-content\/uploads\/AutoScaling.jpg\" alt=\"\" width=\"713\" height=\"513\" srcset=\"http:\/\/miro.borodziuk.eu\/wp-content\/uploads\/AutoScaling.jpg 713w, http:\/\/miro.borodziuk.eu\/wp-content\/uploads\/AutoScaling-300x216.jpg 300w\" sizes=\"(max-width: 713px) 100vw, 713px\" \/><br \/>\nMetrics such as CPU utilization or network transfer can be used either to scale out or scale in using scaling policies. Scaling can be manual, scheduled, or dynamic. Cooldowns can be defined to ensure rapid in\/out events don&#8217;t occur.<\/p>\n<p>Scaling policies can be simple, step scaling, or target tracking.<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Load balancing is a method used to distribute incoming connections across a group of servers or services. Incoming connections are made to the load balancer, which distributes them to associated services.<\/p>\n","protected":false},"author":1,"featured_media":2860,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[78],"tags":[],"_links":{"self":[{"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/posts\/2805"}],"collection":[{"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/comments?post=2805"}],"version-history":[{"count":14,"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/posts\/2805\/revisions"}],"predecessor-version":[{"id":2985,"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/posts\/2805\/revisions\/2985"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/media\/2860"}],"wp:attachment":[{"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/media?parent=2805"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/categories?post=2805"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/tags?post=2805"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}