Tutorial / Cram Notes
Within AWS, Elastic Load Balancing (ELB) provides a range of configuration options to optimize traffic distribution, ensure security, and maintain session integrity. Here are some configuration options available in AWS ELB that are commonly reviewed for the AWS Certified Advanced Networking – Specialty exam:
Proxy Protocol
The proxy protocol is used to pass the original client’s IP address and port information to the destination server through the load balancer. This is useful when you need to capture client information for logging, audit, or communication purposes.
To enable the Proxy Protocol in an AWS ELB, you can use the following AWS CLI command:
aws elb create-load-balancer-policy –load-balancer-name my-loadbalancer –policy-name EnableProxyProtocol –policy-type-name ProxyProtocolPolicyType –policy-attributes AttributeName=ProxyProtocol,AttributeValue=true
Once the policy is created, you must associate it with the load balancer’s instance port using a command similar to:
aws elb set-load-balancer-policies-for-backend-server –load-balancer-name my-loadbalancer –instance-port 80 –policy-names EnableProxyProtocol
Cross-Zone Load Balancing
Cross-zone load balancing allows the load balancer to distribute incoming requests evenly across all registered instances in all Availability Zones, rather than limiting it to the same Availability Zone where the request enters the ELB. This can prevent uneven load distribution that could result if one Availability Zone receives more traffic than others.
You can enable cross-zone load balancing through the AWS Management Console or using the AWS CLI:
aws elb modify-load-balancer-attributes –load-balancer-name my-loadbalancer –load-balancer-attributes “{\”CrossZoneLoadBalancing\”:{\”Enabled\”:true}}”
Session Affinity (Sticky Sessions)
Sticky sessions, also known as session affinity, enable the load balancer to bind a user’s session to a specific instance. This ensures that all requests from a user during the session are sent to the same instance.
You can enable sticky sessions for your ELB through the AWS Management Console or by using the AWS CLI:
aws elb create-lb-cookie-stickiness-policy –load-balancer-name my-loadbalancer –policy-name my-stickiness-policy –cookie-expiration-period 60
aws elb set-load-balancer-policies-of-listener –load-balancer-name my-loadbalancer –load-balancer-port 80 –policy-names my-stickiness-policy
Routing Algorithms
AWS ELB supports several routing algorithms to determine how incoming traffic is directed to registered instances:
- Round Robin: Distributes requests sequentially around the pool of available servers.
- Least Outstanding Requests: For Application Load Balancers, directs traffic to the target with the fewest concurrent requests.
The routing algorithm is automatically managed by AWS and does not necessarily require user configuration. However, for more advanced routing features, Application Load Balancers provide support for content-based routing rules. These rules allow you to route traffic based on factors such as URL path, hostname, HTTP headers, HTTP method, query parameters, and source IP address ranges.
Here is an example of how you can create a rule to route traffic with the AWS CLI:
aws elb create-rule –listener-arn my-listener-arn –conditions Field=path-pattern,Values=’/api/*’ –actions Type=forward,TargetGroupArn=my-target-group-arn –priority 10
Summary
| Configuration Option | Description | AWS CLI Example Command / Usage |
|---|---|---|
| Proxy Protocol | Passes client’s IP address and port to the server. | aws elb create-load-balancer-policy … |
| Cross-Zone Load Balancing | Distributes requests evenly across all instances in all Availability Zones. | aws elb modify-load-balancer-attributes … |
| Session Affinity (Sticky Sessions) | Binds a user’s session to a specific instance for the duration of the session. | aws elb create-lb-cookie-stickiness-policy … |
| Routing Algorithms | Determines how requests are directed to instances; supports Round Robin and Least Outstanding Requests. | Managed by AWS ELB, with advanced rules for ALB configured with aws elb create-rule … |
When preparing for the AWS Certified Advanced Networking – Specialty exam, a deep understanding of these load balancer configuration options will be essential. It is important to be familiar with their implications, limitations, and the CLI commands used to manage them.
Practice Test with Explanation
True/False: The Proxy Protocol can be enabled on an AWS load balancer to preserve the original client IP address.
- True
- False
Answer: True
Explanation: The Proxy Protocol is used to pass the client’s IP address and port information to the backend through the load balancer.
Multiple Select: Which of the following are valid routing algorithms used by load balancers?
- Round Robin
- Least Outstanding Requests
- IP Hash
- Source/Destination Check
Answer: Round Robin, Least Outstanding Requests
Explanation: Round Robin and Least Outstanding Requests are commonly used routing algorithms. IP Hash could be a valid method for some systems, but it’s not specified as an AWS load balancer routing algorithm. Source/Destination Check relates to routing in AWS, not load balancing.
True/False: Cross-zone load balancing incurs additional inter-zone data transfer charges on AWS.
- True
- False
Answer: True
Explanation: When cross-zone load balancing is enabled, it allows for an even distribution across all registered instances in all AZs, potentially incurring inter-zone data transfer charges.
Single Select: Which of the following is NOT an option for the session stickiness (session affinity) feature on AWS load balancers?
- Always
- Duration-based
- Application-controlled
- Disabled
Answer: Always
Explanation: Session stickiness on AWS load balancers can be duration-based or application-controlled. ‘Always’ is not a setting for session affinity in AWS load balancers. It can be enabled or disabled.
True/False: Sticky sessions are recommended for highly cacheable content.
- True
- False
Answer: False
Explanation: Sticky sessions are not recommended for highly cacheable content because the content is not user-specific and does not benefit from session stickiness.
Single Select: What parameter specifies the maximum time that a connection can be idle before the load balancer closes it, in the context of AWS load balancers?
- IdleTimeout
- ConnectionDraining
- KeepAliveTimeout
- SessionDuration
Answer: IdleTimeout
Explanation: IdleTimeout parameter determines the maximum time a connection can be idle (no data sent over the connection) before the load balancer closes it.
Single Select: How can you ensure that requests from a user during a session are routed to the same EC2 instance behind an Application Load Balancer?
- Security groups
- Stickiness enabled on target group
- Network Access Control List (NACL)
- Route 53 health checks
Answer: Stickiness enabled on target group
Explanation: Enabling stickiness on the target group of an Application Load Balancer will ensure that requests from a user during a session are consistently routed to the same EC2 instance.
True/False: Cross-zone load balancing automatically distributes incoming traffic evenly across all servers in all availability zones.
- True
- False
Answer: True
Explanation: When cross-zone load balancing is enabled, the load balancer distributes traffic evenly across all registered instances in all Availability Zones.
Single Select: Which of the following load balancers does NOT support the Proxy Protocol?
- Network Load Balancer
- Application Load Balancer
- Classic Load Balancer
Answer: Application Load Balancer
Explanation: The Proxy Protocol is supported on both Classic Load Balancers and Network Load Balancers, but it is not supported on Application Load Balancers.
True/False: Session stickiness is a feature that can be enabled on Network Load Balancers (NLBs) in AWS.
- True
- False
Answer: False
Explanation: Session stickiness, or sticky sessions, is not a feature of Network Load Balancers (NLBs). It is, however, available for Application Load Balancers (ALBs) and Classic Load Balancers (CLBs).
True/False: When using an AWS load balancer, you can configure a specific cipher suite to be used for SSL/TLS negotiations.
- True
- False
Answer: True
Explanation: AWS allows you to configure security policies on your load balancer, including specifying the cipher suite to be used for SSL/TLS negotiations.
Single Select: Which AWS service is primarily used for distributing traffic among different AWS services like EC2 instances, Lambda functions, and containers?
- AWS Route 53
- AWS Direct Connect
- AWS Application Load Balancer
- AWS Transit Gateway
Answer: AWS Application Load Balancer
Explanation: AWS Application Load Balancer is primarily used for distributing incoming application traffic among different AWS services like EC2 instances, Lambda functions, and containers.
Interview Questions
Can you explain what the Proxy Protocol is and why it’s useful in a load balancing context?
The Proxy Protocol is used to pass the original client’s IP address and port as well as the destination IP address and port to an EC2 instance behind a load balancer. This is useful because it allows the instance to obtain the original client’s IP, which can be necessary for client IP-based access control, logging, or other security purposes. Without it, the instance only sees the load balancer’s IP.
What is cross-zone load balancing in AWS, and how does it benefit a multi-AZ application deployment?
Cross-zone load balancing evenly distributes traffic across all registered instances in all Availability Zones, rather than just within the same zone. This ensures that no single zone becomes a bottleneck, which enhances fault tolerance and performance for applications deployed across multiple zones.
What are sticky sessions and when would you use them in a load balancing scenario?
Sticky sessions, also known as session affinity, allow requests from the same client to be directed to the same target instance. This is useful for applications that need to maintain state between requests, such as shopping carts in e-commerce sites or user sessions in web applications.
Describe at least two routing algorithms that are commonly used by load balancers, and explain the scenarios where you would prefer one over the other.
The two common routing algorithms are round robin and least outstanding requests. Round robin distributes incoming requests uniformly across all available instances, which may be appropriate for instances with similar performance characteristics. Least outstanding requests, on the other hand, route traffic to the instance with the fewest active connections, which is better for when instances have varied performance profiles or request handling times.
In what scenarios would you disable cross-zone load balancing?
You might disable cross-zone load balancing to optimize for cost when data transfer costs between zones are a concern or when deploying a tightly controlled environment where you want to ensure requests are handled within the same zone to minimize inter-zone latencies.
How does AWS’s Elastic Load Balancing handle SSL/TLS termination, and what are the implications for this configuration with respect to backend instances?
AWS Elastic Load Balancing supports SSL/TLS termination, which means the load balancer handles the SSL/TLS connection from the client. Back-end instances can then focus on serving requests without the overhead of encryption and decryption, which can optimize performance. However, this also means that traffic between the load balancer and the instances is not encrypted unless backend encryption is also configured.
How does enabling the Proxy Protocol impact health checks performed by a load balancer?
Enabling the Proxy Protocol does not directly impact the way health checks are performed; health checks will continue to operate as normal, evaluating the health of your instances and routing traffic accordingly. The main effect of enabling Proxy Protocol is that additional information about the client’s connection, such as the client’s IP address and port, becomes available to the application.
What are the benefits of using a Layer 7 (application layer) load balancer over a Layer 4 (transport layer) load balancer?
A Layer 7 load balancer can make routing decisions based on content at the application layer, such as HTTP headers, cookies, or data within the messages. This enables more advanced routing rules, content-based routing, and application-specific load balancing. Layer 4 load balancers operate at the transport layer and route traffic based on IP address and port, which is less flexible but potentially faster due to less computation.
How can session affinity impact the scalability of a web application when using a load balancer?
Session affinity might negatively impact the scalability of a web application as it can create an uneven distribution of traffic, causing some instances to carry a heavier load than others. This can lead to potential hotspots and might not fully take advantage of the distributed nature of the system. However, for certain applications that rely on stateful information, session affinity is necessary despite the potential impact on scalability.
Can you apply different routing algorithms to specific types of traffic or content in AWS ELB?
AWS Elastic Load Balancer, particularly Application Load Balancer (ALB), allows you to create routing rules based on content, such as path-based routing or host-based routing. However, the choice of routing algorithm is generally applied to the load balancer as a whole rather than to specific content types. For fine-grained control over routing, you would use content-based routing rules along with target groups to direct traffic according to your application needs.
What mechanism would you use to ensure that a newly deployed instance behind a load balancer does not start receiving traffic until it is fully configured and ready to handle requests?
You would use health checks to ensure that a new instance is not placed into service until it passes the configured health check criteria. The load balancer will only route traffic to instances that have passed the health checks, ensuring that new instances are fully operational before they start receiving client requests.
When configuring an Application Load Balancer, how can you ensure that clients connecting over IPv6 are managed correctly?
To manage clients connecting over IPv6, you can enable dual-stack support on your Application Load Balancer. This allows the load balancer to accept both IPv4 and IPv6 connections, ensuring compatibility with clients using either IP version. Furthermore, you can configure your listener rules and target groups to handle IPv6 traffic appropriately.
Great post! Can someone explain how session affinity (sticky sessions) works with load balancers in AWS?
Great blog post! Configuration options for load balancers are crucial for optimizing performance.
I am particularly interested in learning more about sticky sessions. Can anyone explain how it works and when to use it?
Is cross-zone load balancing necessary if I have a single availability zone setup?
Routing algorithms—like round robin and least connections—play a big role in load balancing. Which algorithm is better for high traffic scenarios?
Thanks for the useful information!
Does enabling the proxy protocol impact latency significantly?
Appreciate the details on session affinity!