[AWS Architect] (11) Load Balancing

Load balancing is a method used to distribute incoming connections across a group of servers or services.

  • Elastic Load Balancing (ELB) automates distributing traffic evenly to all instances in multiple AZs within a region.
    • Cross Zone Load Balancing allows load balancers to cross multiple AZs.
  • SSL can be directly applied to ELB – can help reduce the compute power on an EC2 instance.

Features

  • ELB has its own DNS record, which allows access to outside.
    • ELBs can be paired with Auto Scaling Groups to enhance high availability and fault tolerance.
    • ELB uses the health check – direct requests to only healthy instances.
    • Cross-zone LB can be enabled.
  • X-Forwarded-For” header is used to obtain the IP of an end-user in an EC2 instance.
  • Sticky Sessions with ELB: EC2 instances need to keep the session info.
    • Load Balancer generated cookie
    • Application generated cookie
    • Non-ELB Option (Recommended)
      • ElastiCache or DynamoDB to find the session
  • 504 error (Gateway timed out) is reported when applications do not respond within the idle timeout period.

Types of ELB

Elastic Load Balancing (ELB) provides 3 types: Application (ALB), Network (NLB), and Classic (CLB).

CLB is an old type and should be avoided. It can only be used with EC2-Classic.

  • No granular routing rules. All instances get routed evenly
  • Good when all instances contain the same data.
  • Operates at Layer 3 & 4 (TCP & SSL) + Some Layer 7 features (X-Forwarded-For header).
  • 504 error (Gateway timed out) was reported when applications do not respond.
  • DNA A Record is connected to the CLB – 1 SSL Certificate per CLB.
  • Offload SSL connection – HTTPS to the load balancer and HTTP to instances

ALB operates at Layer 7 (Application): the default LB for VPCs.

  • Supports EC2, ECS, EKS, Lambda, HTTP, HTTPS, and Web Sockets
  • Can be integrated with AWS Web Application Firewall (WAF)
  • Content-based Rules (Host-based or Path-based) -> Target Groups -> Targets (Instances)
    • Host-based: based on the host field of the HTTP header
    • Path-based: based on the URL path of the HTTP header
  • By using rules (conditions and target groups), you can redirect requests to multiple target groups.
  • ALB needs to be deployed into at least 2 subnets.

NLB operates at Layer 4 (Transport)

  • Low latency, source IP address preservation (packets unchanged), best performance
  • Capable of handling millions of requests per second – used for extreme performance but expensive
  • Targets can be addressed using IP addresses (static IP address or Elastic IP).

ELB Dynamic Ports

  • Classic Load Balancer must statically map port numbers on a container instance.
  • The second-generation LBs (ALB and NLB) supports dynamic ports.
  • A single EC2 instance can run multiple containers that use randomly assigned ports – these port numbers are not static and may change when the instance restarts.
    • Dynamic ports are controlled by target groups, which track the list of ports.
  • Ideal for containerized services (docker, Elastic Container Services (ECS))

ELB Access Logs

ELB Access Logs is an optional feature that captures detailed information about requests.

  • Each log contains information such as the time the request was received, the client’s IP address, latencies, request paths, and server responses.
  • Captures the logs are stored in the Amazon S3 bucket.
  • Each access log file is automatically encrypted using SSE-S3 before it is stored in your S3 bucket and decrypted when you access it. No user action is required.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s