High Availability and Scalability: ELB & ASG Flashcards
1
Q
What is scalability?
A
Means your application can adapt to accommodate for greater loads
2
Q
What are the 2 kinds of scalability
A
Vertical
Horizontal (elasticity)
3
Q
Vertical Scalability
A
Increasing the Size of the instance
4
Q
Common use case of Vertical scalability?
A
Non distributed systems such as database
RDS, Elasticache
5
Q
What is the limit of Vertical Scalability?
A
Hardware limit
6
Q
Horizontal Scalability
A
Increase the number of instances/systems for your app
7
Q
What does horizontal scaling implies?
A
That you have distributed systems
8
Q
What is horizontal scalability most common for?
A
Web apps / modern apps
9
Q
What is High Availability?
A
Means running your app / system in at leas 2 data centres (AZ)
10
Q
Goal of HA?
A
Survive a data centre loss
11
Q
HA can be passive and also active. Give 2 examples
A
Passive - RDS Multi AZ
Active - Horizontal Scaling
12
Q
What type of scalability is Auto Scaling Group & Load balancer part of?
A
Horizontal Scaling
13
Q
What is Auto Scaling Group multi AZ & Load Balancer multi AZ part of?
A
High Availability
14
Q
What is a Load Balancer (ELB)
A
servers forward traffic to multiple servers (EC2 instances) down stream
15
Q
What can provide Spreading of load across multiple downstream instances?
A
ELB
16
Q
What can expose single point of access (DNS) to your app?
A
ELB
17
Q
What can seamlessly handle failures of downstream instances?
A
ELB
18
Q
What can do regular health checks to your instances?
A
ELB
19
Q
What can provide SSL termination (HTTPS) for your websites?
A
ELB
20
Q
What can enforce stickiness with cookies?
A
ELB
21
Q
What can provide HA across zones?
A
ELB
22
Q
What can separate public traffic from private traffic?
A
ELB
23
Q
ELB is integrated with
A
EC2, EC2 Auto Scaling Groups, Amazon ECS
AWS Certificate Manager (ACM), CloudWatch
Route 53, AWS WAF, AWS Global Accelerator
24
Q
How do ELB do health checks of EC2 instances?
A
Have a dedicated port and a route. Its important to know when to not send traffic to an instance if its down
25
What does the instance response need to be to be healthy?
200 OK
26
How many types of ELB are there on AWS?
4
27
What are the types of ELB?
1. Classic Load Balancer (HTTP, HTTPS, TCP, SSL (Secure TCP)
2. Application Load Balancer (HTTP, HTTPS, WebSocket)
3. Network Load Balancer (TCP, TLS (secure TCP), UDP)
4. Gateway Load Balancer (layer 3 (Network Layer)) - IP protocol
28
Load Balancer Security Groups Architecture
Users use HTTPS/HTTP From anywhere to connect to Load Balancer. The SG on LB allows 80 (HTTP) and 443 (HTTPS).
The SG of the EC2 instance ONLY allows the SG from the LB to connect via HTTP (80). So the source will not be an IP, but the SG name. And allow traffic only.
29
Which OSI Layer is Application LB?
7 - ONLY HTTP
30
What does Application LB have support for?
HTTP/2 & WebSocket
31
Does Application LB support redirects?
Yes from HTTP to HTTPS
32
What are ALB great for?
Micro services & container-based applications
(Docker & Amazon ECS)
33
ALB can route, to different target groups. Give an ex.
example.com/users & example.com/posts
34
Benefit of ALB
You can have just 1 for multiple applications
35
ALB Architecture example
1 App Load Balancer routing www.example.com/user to HTTP target group for Users (2 EC2) and also routing example.com/search to another target group for Search applications that have 2 different EC2 instancesd
36
What are Target Groups?
Can be
1. EC2 instances (managed by ASG) HTTP
2. ECS tasks (ECS managed) HTTP
3. Lambda Functions - HTTP req is translated into a JSON event
4. IP Addr - must be private IP
37
Can ALB route to multiple target groups?
Yes
38
Where are the health checks done with an ALB?
Target Group Level
39
What can you do with an ALB to redirect 2 different types of traffic to 2different target groups?
Write Query Strings/Parameters
40
How does the Client IP talk to EC2 instance with an ALB in the middle?
ALB uses Connection Termination which takes the client public IP and then uses the Load Balancers Private IP to talk to the EC2 instance
41
What layer is Network Load Balancer in?
Layer 4 - Transport Layer
42
What does Network Load Balancer allow?
Forward TCP & UDP traffic to instances
43
Benefit of having NLB vs ALB?
Less latency ~100 ms
44
How many static IP does NLB have per AZ?
Only 1
45
Does support Elastic IP?
Yes
46
What can you connect with an NLB?
Target Groups with:
1. EC2 instances
2. IP of EC2 instances/servers
3. Target Group that has an ALB inside
47
Can you put an NLB in front of an ALB?
Yes
48
What health checks does NLB support?
TCP
HTTP
HTTPS protocols
49
When would you use a Gateway Load Balancer for?
Firewalls, IDS/IPS, Deep Packet Inspection Systems, Payload manipulation..
Basically you can redirect all traffic into one of the above using the GLB
50
Gateway Load Balancer Architecture Scenario
User traffic goes to routing table, which goes to GLB, then GLB distributes traffic to Target groups (firewall EC2, IDS, etc) then they get checked, go back to the GLB, then get sent to the application
51
Which OSI layer does Gateway Load Balancer operate at?
Layer 3 - Network layer (IP packets)
52
What are the two functions of a Gateway Load Balancer?
1. Transparent Network Gateway
2. Load Balancer
53
What does a Transparent Network Gateway function of a Gateway Load Balancer do?
Single entry/exit for all traffic
54
What does Load Balancing of GLB does?
Distributes traffic to your virtual appliances
55
Which Load Balancer uses GENEVE protocol on port 6081?
Gateway Load Balancer
56
What are GLB Target Groups?
EC2 Instances & IP Addresses (private)
57
What are Sticky Sessions (Session Affinity)
When you have 3 clients, 1 Load Balancer, and 2 EC2 instances and you redirect client 1 ALWAYS to the same EC2 instance. You can do the same with the other 2 clients for example.
58
Which Load Balancers can have Sticky Sessions?
Network / App load balancers
59
How does a sticky session work? (technical)
Cookie is used and has an expiration date you control
60
Why would you use a sticky session?
For the user so they do not lose their session data
61
What are the 2 session cookies you can have for Sticky Sessions?
Application (custom & application) & duration
62
Who creates the Duration cookie?
The load balancer
63
Who creates the custom cookie in App base cookies?
The target
64
Who creates the application cookie in app based cookies?
Load balancer
65
Cross Zone Load Balancing
2 AZ and 2 LB. 1 AZ has 2 instances, the other has 8. Regardless of which LB the traffic goes to, it will be distributed 50/50 on each AZ. This means that all 10 EC2 get 10% traffic, so it is even
66
Which LB is Cross Load Balancing enabled by default?
Application Load Balancer
67
Which LB is Cross Load Balancing disabled by default?
Network & Gateway
68
What is an SSL certificate?
Allows traffic between clients & load balancer to be encrypted in transit
69
SSL meaning
Secure Sockets Layer
70
TLS meaning
Transport Layer Security (newer version of SSL)
71
Who issues public SSL certificates?
Certificate Authorities (CA)
72
How doe SSL Certs work?
Users contact Load balancer using HTTPS over public internet, then ssl termination happens inside load balancer, and then HTTP is used over VPC to reach EC2 instance
73
What is an X.509 certificate?
SSL/TLS Server cert
74
What is an HTTPS listener?
It is a socket that is established between server and client. This is how you connect
75
What is SNI?
Server Name Indication
76
What does SNI solve?
How to load multiple SSL certs onto one web server (for multiple websites)
77
What does SNI require the client to indicate?
Host name of the target server in the initial SSL handshake. Then the server knows which certificate to use
78
SNI only works for which LB?
App & Network & CloudFront
79
What is Connection Draining? (Deregistration Delay)
Sets the time to complete the "in-flight requests" while the instance is de-registering or unhealthy
80
What happens when you de-register an EC2 instance?
Load Balancer stops sending new requests to that "unhealthy" instance
81
What does an Auto Scaling Group (ASG) do when load increases/decreases
Allows to scale in/out to match load
82
What can you ensure with an ASG?
That you have minimum / maximum number of EC2 instances running
83
What can an ASG do automatically?
Register new instances to a Load Balancer
84
What happens if an EC2 instance is terminated (unhealthy) and is in an ASG?
It automatically creates a new one in its place
85
What do you set in an ASG?
Minimum
Desired
Maximum capacity
86
What is an ASG Launch Template?
It contains information on how to launch EC2 instances within your ASG - contains all the info you need (parameters)
87
ASG can be triggered by which AWS service?
CloudWatch Alarm
88
What can trigger a CloudWatch Alarm?
Metrics such as Average CPU usage etc
89
What are the 2 kinds of Auto Scaling Policies?
Dynamic & Predictive
90
How does Target Tracking Scaling Work (dynamic)
E.g. I want ASG CPU usage to stay at around 40%
91
How does the Simple / Step Scaling work (dynamic)
Cloud watch alarm, when CPU goes over 70% add 2 units.
When CPU goes under 30% remove one unit
92
How do Scheduled Actions work in ASG (dynamic)
Based on known usage patterns
e.g. Increase min capacity to 10 at 5pm on Fridays
93
How does Predictive Scaling work?
Continuously forecast load and schedule scaling ahead
1. Analyse historical load
2. Generate forecast
3. Schedule scaling actions
94
What are some good metrics to scale on?
1. CPU Utilisation
2. Request Count Per Target
3. Average Network In/Out
4. Any custom metric (cloud watch)
95
What are Scaling Cooldowns?
After scaling activity you are in a cool down period (300 sec)
96
What is an ASG not allowed to do during a cooldown period?
Terminate, or launch instances
97
How can you reduce cooldown period of ASG?
Use ready-to-use AMI
98
An Elastic Load Balancer provides
Stati DNS name
99
What do you do if your website only sees your Load Balancers private address instead of your users?
Modify websites back end to get the client IP address from the X-Forwarded-For header
100
What protocols do ALBs support?
HTTP/HTTPS/WebSocket
