SAA-C03 Certification: All About Elastic Load Balancer Explained
I am a dedicated software engineer with a deep passion for security and a commitment to developing robust and scalable solutions. With over three years of hands-on experience in the .NET ecosystem, I have built, maintained, and optimized various software applications, demonstrating my ability to adapt to diverse project needs. In addition to my expertise in .NET, I have six months of specialized experience working with Spring Boot and ReactJS, further broadening my skill set to include full-stack development and modern web technologies. My professional journey includes deploying small to medium-sized systems to cloud platforms and on-premises environments, where I have ensured reliability, scalability, and efficient resource utilization. This combination of skills and experience reflects my versatility and commitment to staying at the forefront of the ever-evolving tech landscape.
ELB - Elastic Load Balancer
Types of Load Balancers on AWS
AWS has 4 kinds of managed Load Balancer
Classic Load Balancer - 2009 (deprecated)
- HTTP, HTTPS, TCP, SSL
Application Load Balancer - 2016
- HTTP, HTTPS, WebSocket
Network Load Balancer - 2017
- TCP, TLS, UDP
Gateway Load Balancer - 2020
- Operators at layer 3 (Network layer) - IP Protocol
Some load balancers can be set as private or public ELBs
1. Application Load Balancer
Layer 7 (HTTP)
Support for HTTP/2 and WebSocket
Support redirects (from HTTP to HTTPS)
Use-cases:
Micro Services
Container-bases application (Docker & Amazon ECS)
Has a port mapping feature to redirect to a dynamic port in ECS
2. Network Load Balancer
- Layer 4 (Forward TCP & UDP traffic to instances)
- Handle millions of requests per second
- Ultra-low latency
- NLB has one static IP per AZ and supports assigning Elastic IP
- Not included in the AWS free tier
- Supports HTTP health checks as well as TCP and HTTPS
3. Gateway Load Balancer
- Deploy, scale, and manage a fleet of 3rd party network appliances in AWS
- Example: firewalls,...
- Operates at Layer 3 (Network Layer) - IP Packets
- Uses the GENEVE protocol on port 6081
- Combines the following functions:
- Transparent Network Gateway - single entry/exit for all traffic
- Load Balancer: distributes traffic to your EC2 instances
Sticky Sessions (Session Affinity)
- It is possible to implement stickiness so that the same client is always redirected to the same instance behind a load balancer
- This works for Class, Application, Network Load Balancer
- The "cookie" used for stickiness has an expiration date you control
Cross-AZ Load Balancing
- Application Load Balancer
- Enable by default (can be disabled at the Target Group level)
- No charges for inter-AZ data
- Network & Gateway Load Balancer
- Disable by default
- You pay charges for inter-AZ data if enable
ELB - SSL Certificates
- The load balancer uses an X.509 certificate (SSL/TLS server certificate)
- You can manage certificates by using ACM (AWS Certificate Manager)
- You can upload your certificate alternatively
- HTTPS listener:
- You must specify a default certificate
- You can add an optional list of certs for multiple domains
- Clients can use SNI (Server Name Indication) to specify the hostname they reach
Server Name Indication
- SNI solves the problem of loading multiple SSL certificates onto one web server (to serve multiple websites)
- It is a newer protocol and requires the client to indicate the hostname of the target server in the initial SSL handshake.
- The server will then find the correct certificate, or return the default one.
- Note:
- Only works for ALB & NLB, and CloudFront
- Does not work for CLB (older gen)
Auto Scaling Groups (ASG)
Scaling Policies
- Dynamic Scaling
- Target Tracking Scaling, ex: I want the average ASG CPU to stay at around 40%
- Simple / Step Scaling, ex: When a CloudWatch alarm is triggered
- Scheduled Scaling, ex: increase the minimum capacity to 10 at 5 pm on Fridays
- Predictive scaling: forecast load and schedule scaling ahead