ELB

Question 1

What is the difference between availability and scaleability?

Answer 1

Scalability implies a system/application that can handle greater loads by adapting.
Availability aims to survive a data center loss, normally by running your application/system in at least 2 data centers (== AZs)

Question 2

What is a load balancer?

Answer 2

A server that forwards traffic to multiple servers downstream.

Question 3

Why use a load balancer?

Answer 3

• Spread load across multiple downstream instances
• Expose a single point of access (DNS) to your application
• Seamlessly handle failures of downstream instances
• Do regular health checks to your instances
• Provide SSL termination (HTTPS) for your websites
• Enforce stickiness with cookies
• High availability across zones
• Separate public traffic from private traffic

Question 4

What layers does a CLB support?

Answer 4

Classic Load Balancer - supports TCP (layer 4), HTTP/S (layer 7)

Question 5

What layer does an ALB (v2) operate on?

Answer 5

Layer 7 - HTTP

Question 6

What does an ALB do?

Answer 6

Application Load Balancer - Load balancing to multiple HTTP applications across machines or across the same machine.
Support for HTTP/2 and WebSocket.
Support redirects (from HTTP to HTTPS for example).

Question 7

What routing does ALB support?

Answer 7

Routing based on path in URL, hostname in URL or Query String/Headers

Question 8

What is a good use-case for ALB and why?

Answer 8

Great fit for micro-services & container-based applications (Docker, ECS for example) - has a port mapping feature to redirect to a dynamic port in ECS.

Question 9

What makes ALB better than CLB in terms of fit for micro-services?

Answer 9

A CLB operates on one application, so we would need multiple CLBs per application in a micro-services system.

Question 10

What layer does an NLB operate on?

Answer 10

Network Load Balancer - Layer 4, TCP and UDP traffic to your instances

Question 11

Describe the properties of NLB operations

Answer 11

• Handles millions of requests per second.
• Less latency than ALB - approx. 100ms vs 400ms for ALB#
• One static IP per AZ - supports assigning Elastic IP (helpful for whitelisting specific IP)
• Not included in AWS free tier

Question 12

What are the possible target groups for NLB?

Answer 12

EC2 instances, IP addresses (must be private IPs), ALB

Question 13

What protocols do the NLB health checks support?

Answer 13

TCP, HTTP and HTTPS

Question 14

What is the purpose of the GLB?

Answer 14

Gateway load balancer - deploy, scale and manage a fleet of 3rd party network virtual appliances in AWS (e.g. firewalls, intrusion detection and prevention systems, deep packet inspection systems, payload manipulation etc.)

Question 15

What layer does GLB operate on?

Answer 15

Layer 3 - network layer

Question 16

What functions does the GLB combine?

Answer 16

• Transparent Network Gateway: single entry/exit for all traffic.
• Load balancer: distributes traffic to your virtual appliances

Question 17

What type of balancer uses the GENEVE protocol?

Answer 17

GLB

Question 18

A GLB uses a certain protocol - what is its name and the port it operates on?

Answer 18

GENEVE protocol, port 6081

Question 19

What are the possible target groups of GLB?

Answer 19

EC2 instances, private IPs

Question 20

What is session affinity?

Answer 20

Also known as stickiness/sticky sessions - the same client is always redirected to the same instance behind a load balancer

Question 21

How does session stickiness work, and on what load balancers is it available?

Answer 21

Use a cookie to direct to instance, with an expiration date. Available on CLB and ALB

Question 22

What is a use case for session stickiness?

Answer 22

Make sure a user doesn’t lose his session data

Question 23

What is a downside of session stickiness?

Answer 23

May imbalance load over backend EC2 instances

Question 24

What is Cross-Zone Load Balancing?

Answer 24

Each load balancer instance distributes evenly across all registered instances in all AZ

Question 25

What are the aws config and cost differences for Cross-Zone Load Balancing between ALB, NLB and CLB?

Answer 25

ALB - enabled by default (can disable at the target group level), no charges for inter AZ data NLB - disabled by default, you pay for inter AZ data if enabled (same with GWLB) CLB - disabled by default, no charges for inter AZ data

Question 26

What does an SSL certificate do?

Answer 26

Allows traffic between your clients and load balancer to be encrypted in transit (in-flight encryption)

Question 27

What does SSL stand for?

Answer 27

Secure Sockets Layer

Question 28

What does TLS stand for?

Answer 28

Transport Layer Security

Question 29

How does HTTPS differ from HTTP?

Answer 29

HTTPS uses SSL to provide secure, encrypted traffic

Question 30

What is ACM and how does it work?

Answer 30

AWS Certificate Manager - manages SSL certificates. Can upload your own certificates which can then be assigned to an HTTPS listener.

Question 31

What does SNI stand for?

Answer 31

Server Name Indication

Question 32

What is the purpose of SNI?

Answer 32

Allows loading of multiple SSL certificates to one web server in order to serve multiple websites

Question 33

How does SNI work?

Answer 33

- Requires the client to indicate the hostname of the target server in the initial SSL handshake - The server will then find the correct certificate or return the default one

Question 34

What load balancers support SNI?

Answer 34

ALB & NLB, or CloudFront

Question 35

How does CLB cope with multiple SSL certificates?

Answer 35

Must use multiple CLB with multiple hostnames for multiple SSL certificates

Question 36

What is Connection Draining?

Answer 36

- Time to complete 'in-flight requests' while the instance is de-registering or unhealthy - Stops sending new requests to the EC2 instance which is de-registering

Question 37

What is Connection Draining also known as?

Answer 37

Deregistration delay (for ALB and NLB)

Question 38

Why would you set a long time for connection draining to take place?

Answer 38

Instance requests may be long running - e.g. file uploads.

Question 39

What is the purpose of an Auto Scaling Group?

Answer 39

- Scale out (add EC2 instances) to match increased load - Scale in (remove) to match decreased load - Ensure we have min and max number of instances running - Automatically register new instances to a load balancer - Re-create an instance if the previous one is terminated (e.g. is unhealthy)

Question 40

What information is required for an ASG launch template?

Answer 40

- AMI + Instance type - EC2 user data - EBS volumes - Security groups - SSH key pair - IAM roles for the EC2 instance - Network and Subnets information - Load balancer information - Instance capacity information - Scaling policies

Question 41

What is an example of Target Tracking Scaling?

Answer 41

Scaling according to a metric - e.g. I want average ASG CPU to stay at around 40%

Question 42

What is an example of Simple / Step Scaling?

Answer 42

When a CloudWatch alarm is triggered (e.g. CPU > 70%) then add 2 units

Question 43

What is an example of Scheduled Action Scaling?

Answer 43

Anticipate a scaling based on known usage patterns - e.g. increase the min capacity to 10 at 5pm on Fridays

Question 44

What is mean by Predictive Scaling?

Answer 44

Continuously forecast load based on historical data and schedule scaling ahead

Question 45

What are some good metrics to scale on?

Answer 45

CPU utilization, Request count per target, Average Network In / Out

Question 46

What is Scaling Cooldown?

Answer 46

After a scaling activity, there is a cooldown period during which the ASG will not launch or terminate additional instances

Question 47

What is a good method of reducing a scaling cooldown period?

Answer 47

Using a ready-to-use AMI to reduce configuration time in order to be serving requests faster.