Please enable JavaScript.
Coggle requires JavaScript to display documents.
ELB - Coggle Diagram
ELB
Types of LB
Classic Load Balancer
Features:
- Supports HTTP (Layer 7), HTTPS (Layer 7), TCP (Layer 4)
- Health Checks are TCP or HTTP based (image)
- Fixed hostname
-
Network Load Balancer
Features:
- TCP, TLS (secure TCP) & UDP
- Forward TCP & UDP to my instances
- High performance (millions of request per second)
- Low latency (~100ms)
- 1 static IP per AZ or using assigned Elastic IP
- Layer 4
-
Cross-Zone LB (image)
ALB:
- Always on and cannot be disabled
- No charges for cross AZ data
NLB:
- Disabled by default
- I pay charges ($) for cross AZ data if enabled
CLB:
- Enable by default through Console
- Disabled by default through CLI/ API
- No charges for cross AZ data
SSL/ TLS
Set HTTPS listener
Features:
- Must specify a default certificate
- Can add optional list of certificates to support multiple domains
- Server Name Indication SNI (image)
- Client to indicate the website in the initial SSL handshake, then the server will find the correct certificate or return the default one
- Only works for ALB, NLB or CloudFront
- Allows the server to safely host multiple TLS Certificates for multiple sites, all under a single IP address
Types of LB
ALB:
- Support SNI for multiple listeners with multiple SSL certificates
CLB:
- Support only 1 SSL certificate
- Must use multiple CLB for multiple hostname with multiple SSL certificates
NLB:
- Support SNI for multiple listeners with multiple SSL certificates
Features:
- SSL Certificate allows in-flight encryption between clients and LB
- Public SSL certificates are issued by CA
- LB uses an X.509 certificate (SSL/ TLS server certificate)
- Can manage certificates using AWS Certificate Manager (ACM)
Connection Draining
Naming by LB types:
- CLB: Connection Draining
- ALB, NLB: Deregistration Delay
Features:
- Time to complete in-flight requests while the instance is de-registering or unhealthy
- LB stops sending new requests to that instance which is de-registering
- Between 1 to 3600 seconds, default is 300 seconds
- Can be disabled (set value to 0)
Health Checks
Features:
- Check whether Instances are able to reply requests that the LB forwards traffic to
- Done on a port and a route (/health)
- Instance deem unhealthy when Response <> 200 (OK)
LB
Pros:
- Spread load across downstream instances
- Expose single point of access (DNS) to application
- Do Health Checks to downstream instances
- Provide SSL termination (HTTPS) for websites -> the process of decrypting encrypted traffic before passing it along to a web server
- Enforce stickiness with cookies
- Maintain High Availability across zones
- Separate public traffic from private traffic
Pros:
- Managed LB
- AWS takes care of upgrades, maintenance, high availability
- AWS provides configuration knobs for optimization
- Cost less than setup on my own
- Integrated with other AWS officering/ services
Troubleshooting:
- 4xx errors: Client induced errors
- 5xx errors: Application induced errors
- Error 503: At capacity or no registered target
- Check security group if LB does not connect to application
Monitoring:
- ELB access logs will log all access request
- CloudWatch Metrics give my aggregate statistics
Cross-zone load balancing:
- When cross-zone load balancing is enabled, each load balancer node distributes traffic across the registered targets in all enabled Availability Zones
- When cross-zone load balancing is disabled, each load balancer node distributes traffic only across the registered targets in its Availability Zone