Please enable JavaScript.
Coggle requires JavaScript to display documents.
ELB - Elastic Load Balancer, Load Balancing - Coggle Diagram
ELB - Elastic Load Balancer
AWS managed
load balancer
guaranteed to be working
upgrades, maintenance
HA is taken care of
Few configuration knobs
are provided
Health Checks
crucial for LBs
Determines if instances
are available to reply to
requests
done on a port and a route
e.g. yoursite.com:4567/health
200 = Healthy
Types
Classic Load Balancer
HTTP, HTTPS(Layer 7), TCP(Layer 4)
TCP/HTTP Health-checks
Fixed hostname:
xxx.region.elb.amazonaws.com
Application Load Balancer
HTTP, HTTPS, WebSocket(Layer 7)
many apps to many machines(via target groups)
many apps on one machine(containers)
port mapping feature to
redirect to a dynamic port
in ECS
Routing
based on path in URL
e.g. example.com/users
based on hostname in URL
e.g. one.example.com &
other.example.com
based on Query String, Headers
example.com/users?id=123&order=false
Target Groups
EC2 instances
via ASG
ECS tasks
Lambda functions
HTTP Request > JSON event
IP Addresses
must be private
Health checks are done
on target group level
fixed hostname
App servers do not
see IP of client
(Connection termination)
Details are on HTTP headers
IP is at X-Forwarded-For
Port: X-Forwarded-Port
Protocol: X-Forwarded-Proto
https://imgur.com/a/nkZU75K
Network Load Balancer
TCP, TLS, UDP(Layer 4)
Handle millions of
requests per second
~100ms vs 400ms for ALB
for extreme performance
One static IP per AZ
supports Elastic IPs
not included in free tier
https://imgur.com/a/5xexjKK
Underlying EC2 must allow
traffic from outside
Load Balancer Security Groups
https://imgur.com/a/er18To8
ALB: Only allow ALB
NLB: Allow everything
GtK
non-instantaneous scaling
Contact AWS for
warmup
Troubleshooting
400: Client induced
500: Application induced
503: at capacity
no registered target
If LB can't connect
to app, check SG
Monitoring
ELB logs all access
requests
CloudWatch Metrics
will give you aggregate
statistics (ex. connections
count)
Stickiness
clients are always
redirected on the same
instance behind a load
balancer
uses cookies
to achieve this
Only for CLB/ALB
Use cases: for users
not to lose session data
May bring imbalance to
load of backend EC2 instances
Cross-Zone
Load Balancing
each LB distributes evenly
across all registered
EC2 in all AZs
otherwise, LBs will only
distribute load in its AZ only
https://imgur.com/a/srkxkj5
On different types of LB
CLB
Disabled by default
no charges for
inter-AZ data
ALB
Always on
no charges for
inter-AZ data
NLB
Disabled by default
Pay charges for
inter AZ
SSL/TLS
Certificates
Allows encryption in
transit between client
and LB
Issued by Certificate Authorities
Has expiration and
must be renewed
LBs use X.509 certs
Managed via AWS
Certificate Manager(ACM)
SSL- Secure Sockets Layer
TLS - Transport Layer Security
HTTPS Listener
must specify a
default certificate
can add optional
list of certs to
support multiple
domains
SNI to specify
hostname they reach
Can specify a security
policy to support
old versions of SSL
https://imgur.com/a/24Xx0LT
SNI - Server Name
Indication
loading multiples certs onto one
web server to serve multiple
websites
requires client to indicate the
hostname of the target server
in the initial handshake
server will then find correct cert
Only for ALB/NLB
CLB can only use one cert
Connection Draining
Time to complete
in flight requests
before EC2 is
deregistered
Stops sending new
requests
Default: 300
1-3600
Should set to a low
value if requests
are short
Load Balancing
Capabilities
spread load to EC2
instances downstream
Expose a single
point of access(DNS)
to your application
Handle failures of
EC2 via health checks
SSL termination
decrypts and verifies
data on the load balancer
instead of the application server
Enforce stickiness with
cookies
HA across AZs
Separate public
from private traffic
https://imgur.com/a/Mq49CoC