Load Balancing & Scaling Flashcards by Lauren Shindo

What is a load balancer?

A service that distributes incoming application traffic across multiple targets, such as EC2 instances, in multiple Availability Zones to increase the availability of your application.

How well did you know this?

Not at all

Perfectly

How does a load balancer work?

By using one or more listeners. It checks for connection requests, then forwards the request based on your rules. A listener has a default rule and you can add more.

How well did you know this?

Not at all

Perfectly

What are the features of a load balancer rule?

Target group,
Condition,
Priority.

Forwarding happens when the condition is met.

How well did you know this?

Not at all

Perfectly

Can a target for a load balancer belong to more than one target group?

Yes.

How well did you know this?

Not at all

Perfectly

What is ELB? What are the features?

Elastic Load Balancing. It automatically distributes incoming application traffic across multiple targets and virtual appliances in one or more Availability Zones (AZs).

Single point of access (DNS)
Handles failures of downstream instances
Does health checks
Provides HTTPS
Enforce stickiness with cookies
High availability across zones
Separates private and public traffic
Security (use with security groups)
Monitoring (integrates with CloudWatch, request tracing)

How well did you know this?

Not at all

Perfectly

What are the 4 types of load balancers?

Classic CLB
Application ALB
Network NLB
Gateway GWLB

How well did you know this?

Not at all

Perfectly

I have some third-party virtual appliances. Which load balancer should I choose?

Gateway Load Balancer.

How well did you know this?

Not at all

Perfectly

I need flexible application management, using Lambda functions and redirects. Which load balancer should I choose?

Application Load Balancer.

How well did you know this?

Not at all

Perfectly

I need extreme performance and a static IP address. Which load balancer should I choose?

Network Load Balancer.

How well did you know this?

Not at all

Perfectly

What does it mean to scale vertically? What kind of application would do that?

Make your instance bigger, like micro to large.

Non-distributed applications like databases would scale vertically.

How well did you know this?

Not at all

Perfectly

Describe an Application Load Balancer.

Works at the application layer (layer 7).
• HTTP
• Supports HTTP/2, WebSocket
• Supports content-based routing (e.g. IP address, the path or hostname in the URL, or query string/headers in request)
• Can route to targets on the same instance: good for applications that run in containers
• Supports redirects (e.g. HTTP -> HTTPS)
• 1 ALB can support many applications
• Fixed hostname

Good for:
• Microservices
• Containers

How well did you know this?

Not at all

Perfectly

Describe a Classic Load Balancer.

Previous-generation load balancer; no longer recommended.
     • TCP (layer 4)
     • HTTP/HTTPS (layer 7)
     • fixed hostname
     • one application = 1 load balancer

How well did you know this?

Not at all

Perfectly

Describe a Network Load Balancer.

Works at layer 4
• TCP/UDP
• Ultra-low latency, extreme performance

Has 1 Static IP per AZ
Supports Elastic IP (good for white-listing)
Supports VPC endpoint services

Different listener on unique ports
Target can be outside your VPC like on-prem

How well did you know this?

Not at all

Perfectly

What can be in a target group of an NLB?

EC2 instances

Private IP addresses
• specify fixed static IP address
• e.g. if you have a server in your own datacenter

ALB
• you can chain NLB to ALB
• e.g. you want to use the static IPs of the NLB but also the HTTP features of the ALB

How well did you know this?

Not at all

Perfectly

Describe a Gateway Load Balancer

Operates at Level 3 (Network Layer - IP packets)

Works as Load Balancer
ALSO works as Transparent Network Gateway (single entry/exit point for all traffic)

Allows you to deploy/manage/scale a fleet of 3rd party network virtual appliances in AWS. These appliances sit between your users and the targets.

Users -> GLB -> appliances -> GLB -> target

E.g. You want all traffic to be inspected for security

How well did you know this?

Not at all

Perfectly

I need to use the GENEVE protocol on port 6081.

Gateway Load Balancer.

How well did you know this?

Not at all

Perfectly

What can be in a target group of the Gateway Load Balancer?

EC2.

Private IP addresses

How well did you know this?

Not at all

Perfectly

What is a sticky session? How does it work? What are the pros and cons?

Aka Affinity Session.

An optional feature for CLB & ALB
Uses a cookie with an expiration date
Allows user to always communicate with the same EC2

Pros: keep session data like login ID
Cons: unbalanced load

How well did you know this?

Not at all

Perfectly

What are the 2 types of cookie used for sticky sessions?

Application Based:
a) Custom
• generated by target (application)
• can include custom attributes required by the app
• must have a different name for each target group
• name is anything except AWSALB, AWSALBAPP, AWSALBTG
b) Application cookie:
• generated by load balancer
• name is AWSALBAPP

Duration Based:
• generated by load balancer
• name is AWSALB or AWSELB (for classic)

How well did you know this?

Not at all

Perfectly

What are the potential target groups for an ALB?

EC2 instances
ECS tasks
Lambda functions
Private IP addresses

ALB can route to multiple target groups

What is Cross-Zone Load Balancing? When can you use it and when do you pay?

Allows you to distribute traffic evenly ACROSS AZs, regardless of where the load balancer is.

ALB: always on (can’t turn it off), free inter-AZ data
NLB: off by default, pay for inter-AZ data
CLB: off by default, free inter-AZ data

Describe SSL and TLS

Ways to encrypt your data in transit.

Secure Sockets Layer
Transport Layer Security (newer version but people still say SSL)

Certificates are issued by CA and have expiration date.

How does SSL/TLS work with a Load Balancer?

Traffic comes in to ELB encrypted
ELB uses x.509 cert (SSL/TLS cert)
You can manage certs in AWS Certificate Manager

For the ELB listener (HTTPS listener):
• you must specify a default cert
• you can optionally add certs to support multiple domains
• clients can use SNI (Server Name Indication) to specify the hostname they want
• you can specify a security policy for older versions of SSL/TLS

What is SNI and how does it work?

Server Name Indication.
• Solves the problem of loading multiple certs onto 1 webserver
• Newer protocol, the client has to indicate the hostname of the target in the initial handshake, then the server finds the correct cert (or default one)

Only works for ALB, NLB, CloudFront.

I want to use CLB but also multiple hostnames that have different certificates. How do I do this?

CLB can only have one SSL cert. You have to use multiple CLBs in this case.

What is it called when an EC2 needs to go offline? How does the ELB handle it?

CLB: Connection Draining ALB/NLB: Deregistration Delay When the EC2 goes into "draining", the ELB stops sending new requests to it. It will allow existing connections to complete for a time period you specify. • set to a longer time if you have long requests like uploads • this can be disabled

How does an Auto Scaling Group (ASG) work?

You specify a plan for each group in response to demand. Plan includes: • min/max instances • desired (actual) # of instances Auto Scaling will launch or terminate instances as needed. New instances can be automatically added to the ELB.

What are the attributes of an ASG? What do you need to set it up?

``` "Let Me Now Eat Snacks" • Launch template (or config) • Min/Max/Desired capacity • Network/Subnet • ELB • Scaling policy ```

How does Auto Scaling get triggered?

CloudWatch alarms • metrics e.g. average CPU for all instances • custom metrics EC2 managed rules (easier) Scheduled (if demand is predictable) Health Checks (EC2 and optionally ELB checks) SQS queues

What happens if you attach an IAM role to an ASG?

Any new instances that are launched will be assigned the IAM role

How much does an ASG cost?

It's free. You are charged by the instance.

What kinds of scaling policies are there?

Dynamic/Scheduled/Predictive Dynamic - Target tracking (easiest), e.g. CPU must stay around 40% Dynamic - Simple/Step Scaling: CloudWatch alarms Scheduled, e.g. demand is high on Friday at 5PM Predictive: ML prediction based on history. Good for apps that take a long time to initialize

What are some common metrics to scale on?

CPU utilization Request Count per Target Average Network In/Out Custom

What is a scaling cooldown? How can I change it?

After a scaling event (in or out), it waits for metrics to stabilize for 5 minutes by default. For Simple scaling policies. If you use a prebuilt AMI there is less config time and you can reduce the cooldown period.

How does Auto Scaling terminate instances by default?

1) Find the AZ with the most instances | 2) Terminate the one with the oldest launch config/template

What are ASG lifecycle hooks?

You can set up a hook in the Pending or Terminating state to do extra stuff before going into service or terminating. E.g. run security checks. install extra software, extract logs or files before termination.

What is the difference between Launch Template and Launch Configuration?

Both have: AMI ID, instance type, key pair, security groups, launch params like tags, user data.... Config: older, must be re-created every time. Not recommended. Template: • Can have versions • Supports parameter subsets for re-use and inheritance • You can provision On-Demand and Spot instances (or a mix) • Can use T2 Unlimited Burst • Recommended

You are using an Application Load Balancer to distribute traffic to your website hosted on EC2 instances. It turns out that your website only sees traffic coming from private IPv4 addresses which are in fact your Application Load Balancer's IP addresses. How do you get the client IP?

Get it from the header under X-Forwarded-For

An application is deployed with an Application Load Balancer and an Auto Scaling Group. Currently, you manually scale the ASG and you would like to define a Scaling Policy that will ensure the average number of connections to your EC2 instances is around 1000. Which Scaling Policy should you use?

Target tracking policy.

A company hosted a web application in an Auto Scaling group of EC2 instances. The IT manager is concerned about the over-provisioning of the resources that can cause higher operating costs. A Solutions Architect has been instructed to create a cost-effective solution without affecting the performance of the application. Which dynamic scaling policy should be used to satisfy this requirement?

Target Tracking

A company needs to deploy at least 2 EC2 instances to support the normal workloads of its application and automatically scale up to 6 EC2 instances to handle the peak load. The architecture must be highly available and fault-tolerant as it is processing mission-critical workloads. As the Solutions Architect of the company, what should you do to meet the above requirement?

Create an Auto Scaling policy Set min capacity = 4* Set max capacity = 6 Deploy 2 instances in each Zone (A&B) *you should have 2 instances running all the time even if an AZ outage occurred. If each AZ has 2 instances running, even if an AZ fails, your system will still run a minimum of 2 instances. If you had min capacity = 2 and an AZ outage happened, ASG will launch a new instance on the unaffected AZ. This provisioning does not happen instantly, which means that for a certain period of time, there will only be 1 running instance left.

What options for Auto Scaling monitoring are there?

``` Group metrics: • must be enabled • 1-minute granularity • free Basic monitoring: • 5-minute granularity • free Detailed monitoring: • 1-minute granularity • $$ ```

What is ASG termination protection?

Prevent Auto Scaling from terminating specific instances.

What is a standby state?

If you need to update or troubleshoot an instance, you can put it in this state.

How can you store session state data? E.g. login

1) Store in DynamoDB, ElastiCache (or S3). 2) Sticky sessions You could use them together

An application on EC2 in an ASG requires disaster recovery across regions. How do you do this?

You can't do ASGs across regions. You have to be tricky. Creat an ASG in the 2nd region with the capacity set to 0. Take snapshots of your instances and copy them from Region 1 to Region 2.

A launch configuration is created using the command-line interface (CLI). Which type of monitoring will be enabled?

CloudWatch DETAILED monitoring is enabled by default when creating launch configurations through the CLI.

A reporting application runs on Amazon EC2 instances behind an Application Load Balancer. The instances run in an Amazon EC2 Auto Scaling group across multiple Availability Zones. For complex reports, the application can take up to 15 minutes to respond to a request. A solutions architect is concerned that users will receive HTTP 5xx errors if a report request is in process during a scale-in event. What should the solutions architect do to ensure that user requests will be completed before instances are terminated?

Increase the deregistration delay timeout. Default is 5 minutes (300 seconds), so must be 900 seconds.