Elastic Load Balancing

Similar documents
WHITEPAPER AMAZON ELB: Your Master Key to a Secure, Cost-Efficient and Scalable Cloud.

Overview. AWS networking services including: VPC Extend your network into a virtual private cloud. EIP Elastic IP

NGF0502 AWS Student Slides

Elastic Load Balance. User Guide. Issue 01 Date HUAWEI TECHNOLOGIES CO., LTD.

AWS Reference Architecture - CloudGen Firewall Auto Scaling Cluster

Advanced Techniques for DDoS Mitigation and Web Application Defense

PracticeDump. Free Practice Dumps - Unlimited Free Access of practice exam

#AWSSummit. Démarrer sur AWS. L élasticité et les outils de gestions

Elastic Load Balancing. User Guide. Date

Secure your Web Applications with AWS WAF & AWS Shield. James Chiang ( 蔣宗恩 ) AWS Solution Architect

Immersion Day. Creating an Elastic Load Balancer. September Rev

Elastic Load Balance. User Guide. Issue 14 Date

Securely Access Services Over AWS PrivateLink. January 2019

S U M M I T B e r l i n

Load Balancing Nginx Web Servers with OWASP Top 10 WAF in AWS

Elas%c Load Balancing, Amazon CloudWatch, and Auto Scaling Sco) Linder

Additional Security Services on AWS

Containers and the Evolution of Computing

CogniFit Technical Security Details

Building a Self-Defending Border. Shane Baldacchino, Solutions Architect, AWS Marcus Santos, Solutions Architect, AWS

Pulse Secure Application Delivery

How can you implement this through a script that a scheduling daemon runs daily on the application servers?

Oracle WebLogic Server 12c on AWS. December 2018

How to Configure Route 53 for F-Series Firewalls in AWS

Introduction to Cloud Computing

Monitoring Agent for AWS Elastic Load Balancer Version Reference IBM

Training on Amazon AWS Cloud Computing. Course Content

Load Balancing Web Servers with OWASP Top 10 WAF in AWS

Splunk & AWS. Gain real-time insights from your data at scale. Ray Zhu Product Manager, AWS Elias Haddad Product Manager, Splunk

Creating your Virtual Data Centre

Cloud Computing /AWS Course Content

A Cloud Gateway - A Large Scale Company s First Line of Defense. Mikey Cohen Manager - Edge Gateway Netflix

Getting Started with AWS. Computing Basics for Windows

Deploy and Secure an Internet Facing Application with the Barracuda Web Application Firewall in Amazon Web Services

TIBCO Cloud Integration Security Overview

ARCHITECTING WEB APPLICATIONS FOR THE CLOUD: DESIGN PRINCIPLES AND PRACTICAL GUIDANCE FOR AWS

What to expect from the session Technical recap VMware Cloud on AWS {Sample} Integration use case Services introduction & solution designs Solution su

Expert Reference Series of White Papers. Introduction to Amazon Auto Scaling

Wrapp. Powered by AWS EC2 Container Service. Jude D Souza Solutions Wrapp Phone:

Microsoft Networking Academy

PrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps

AWS Web Application Firewall. Darren Weiner Cloud Architect/Engineer

IoT Device Simulator

Pass4test Certification IT garanti, The Easy Way!

Getting Started with AWS Security

Principal Solutions Architect. Architecting in the Cloud

AWS Solution Architecture Patterns

SAA-C01. AWS Solutions Architect Associate. Exam Summary Syllabus Questions

Anti-DDoS. User Guide. Issue 05 Date

Zombie Apocalypse Workshop

Anti-DDoS. User Guide (Paris) Issue 01 Date HUAWEI TECHNOLOGIES CO., LTD.

AWS Solutions Architect Associate (SAA-C01) Sample Exam Questions

Automate best practices and operational health for your AWS resources with Trusted Advisor and AWS Health

Amazon Web Services Training. Training Topics:

AWS_SOA-C00 Exam. Volume: 758 Questions

How to host and manage enterprise customers on AWS: TOYOTA, Nippon Television, UNIQLO use cases

Getting started with AWS security

ALIENVAULT USM FOR AWS SOLUTION GUIDE

Network Security & Access Control in AWS

Amazon AppStream 2.0: SOLIDWORKS Deployment Guide

Amazon Web Services (AWS) Solutions Architect Intermediate Level Course Content

Document Sub Title. Yotpo. Technical Overview 07/18/ Yotpo

LINUX, WINDOWS(MCSE),

Cloud Computing ECPE 276. AWS Hosted Services

Amazon Virtual Private Cloud. Getting Started Guide

Immersion Day. Getting Started with AWS Lambda. August Rev

Unified Load Balance. User Guide. Issue 04 Date

Cloud Monitoring as a Service. Built On Machine Learning

Enroll Now to Take online Course Contact: Demo video By Chandra sir

Creating Your Virtual Data Center

Getting started with AWS security

Using AWS to Build a Large Scale Dockerized Microservices Architecture. Dr. Oliver Wahlen moovel Group GmbH Frankfurt, 30.

How the Cloud is Enabling the Disruption of the Construction Industry. AWS Case Study Construction Industry. Abstract

DISTRIBUTED SYSTEMS [COMP9243] Lecture 8a: Cloud Computing WHAT IS CLOUD COMPUTING? 2. Slide 3. Slide 1. Why is it called Cloud?

AWS Administration. Suggested Pre-requisites Basic IT Knowledge

Magento Commerce Architecture and Security Model Last updated: Aug 2017

Amazon Web Services (AWS) Training Course Content

Exam Questions AWS-Certified- Developer-Associate

Managing your microservices with Kubernetes and Istio. Craig Box

SECURITY ON AWS 8/3/17. AWS Security Standards MORE. By Max Ellsberry

Amazon AWS-Solutions-Architect-Professional Exam

AWS Networking Fundamentals

Getting Started with AWS Web Application Hosting for Microsoft Windows

Introduction to Amazon Web Services. Jeff Barr Senior AWS /

ThoughtSpot on AWS Quick Start Guide

Puppet on the AWS Cloud

Microservices Architekturen aufbauen, aber wie?

Load Balancing For Clustered Barracuda CloudGen WAF Instances in the New Microsoft Azure Management Portal

Building a Modular and Scalable Virtual Network Architecture with Amazon VPC

SaaS. Public Cloud. Co-located SaaS Containers. Cloud

WEBSCALE CONVERGED APPLICATION DELIVERY PLATFORM

Service Mesh and Microservices Networking

What is New in Cisco ACE 4710 Application Control Engine Software Release 3.1

Enterprise Overview. Benefits and features of Cloudflare s Enterprise plan FLARE

PARTLY CLOUDY DESIGN & DEVELOPMENT OF A HYBRID CLOUD SYSTEM

How to go serverless with AWS Lambda

CYBER SECURITY WHITEPAPER

Automating Elasticity. March 2018

ArcGIS 10.3 Server on Amazon Web Services

Anti-DDoS. FAQs. Issue 11 Date HUAWEI TECHNOLOGIES CO., LTD.

Transcription:

Elastic Load Balancing Deep Dive & Best Practices Mariano Vecchioli, Sr. Technical Account Manager AWS Michaela Kurkiewicz, Principal Service Manager Co-op Tina Howell, Platform Lead - Co-op June 28 th, 2017 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Elastic Load Balancing automatically distributes incoming application traffic across multiple applications, microservices and containers hosted on Amazon EC2 instances.

Elastic Secure Integrated Cost Effective

EC2

EC2 ELB EC2 Load Balancer used to route incoming requests to multiple EC2 instances. EC2

Elastic Load Balancing provides high availability by utilizing multiple Availability Zones

ELB VPC Customer VPC Amazon Route 53 ELB EC2 us-west-1a ELB EC2 us-west-1b

Layer 4 (network) Supports TCP and SSL Incoming client connection bound to server connection No header modification Proxy Protocol prepends source and destination IP and ports to request Layer 7 (application) Supports HTTP and HTTPS Connection terminated at the load balancer and pooled to the server Headers may be modified X-Forwarded-For header contains client IP address

Application Load Balancer Advanced request routing with support for microservices and container-based applications.

Classic Application Protocol TCP, SSL, HTTP, HTTPS HTTP, HTTPS Platforms EC2-Classic, EC2-VPC EC2-VPC Health checks Improved CloudWatch metrics Improved Path-based routing Container support WebSockets & HTTP/2

Application Load Balancer New, feature rich, layer 7 load balancing platform Fully-managed, scalable and highly available load balancing platform Content-based routing allows requests to be routed to different applications behind a single load balancer

Application Load Balancer allows for multiple applications to be hosted behind a single load balancer

EC2 ELB EC2 EC2 instances registered behind a Classic Load Balancer EC2

orders.example.com EC2 ELB EC2 EC2 EC2 Running two separate applications with Classic Load Balancer requires multiple load balancers ELB EC2 images.example.com EC2

EC2 EC2 example.com /orders ELB /images EC2 EC2 EC2 Application Load Balancer allows for multiple applications to be hosted behind a single load balancer EC2

Multiple applications behind a single load balancer provides a significant cost saving

Consider blast radius and isolation when grouping applications behind a single load balancer

Application Load Balancer provides native support for microservice and container-based architectures

Application Load Balancer s can be registered with multiple ports, allowing for requests to be routed to multiple containers on a single instance Amazon ECS will automatically register tasks with the load balancer using a dynamic port mapping Can also be used with other container technologies

EC2 EC2 example.com /orders ELB /images EC2 EC2 EC2 Application Load Balancer allows for multiple applications to be hosted behind a single load balancer EC2

EC2 EC2 example.com /orders ELB /images EC2 ECS Container Application Load Balancer allows containers to be registered with the load balancer ECS Container ECS Container

Microservice and container-based architectures provide further cost savings by improving resource utilization

Who are the Co-op? - Food, General Insurance, Legal Services, Electrical, Funeralcare - Digital team formed in 2016 - Membership - 4.5 million active members - 5% for you, 1% for your community - 12 months from vision to beta

Our challenges - Speed of making changes (6 weeks to do a port change) - Infrastructure monitoring controlled by another team - only found out something was wrong when it was no longer available - High availability, scalable, low cost per change

Templated Environment

Using one ALB for multiple products

What s next: Moving to latency-based DNS for multi-region applications

What this has given us - Resiliency - High availability - Security - Enabled faster rate of change What s next

Application Load Balancer New API version provided for creating, configuring and managing Application Load Balancers Follows latest AWS best practices for resource identifiers and API design Provides several new resource types, including target groups, targets and rules

Load Balancer Listener Listener

Listeners Define the protocol and port on which the load balancer listens for incoming connections Each load balancer needs at least one listener to accept incoming traffic, and can support up to 10 listeners Routing rules are defined on listeners

Load Balancer Listener Listener Health Check Health Check Health Check Target Group #1 Target Group #2 Target Group #3

Target Groups Logical grouping of targets behind a load balancer Target groups can exist independently from the load balancer, and be associated with a load balancer when needed Regional construct that can be associated with Auto Scaling group

Load Balancer Listener Listener EC2 EC2 EC2 EC2 EC2 EC2 ECS ECS ECS Health Check Health Check Health Check Target Group #1 Target Group #2 Target Group #3

Targets Logical load balancing target, which can be an EC2 instance, microservice, or container-based application EC2 instances can be registered with the same target group using multiple ports A single target can be registered with multiple target groups

Load Balancer Listener Listener Rule (default) Rule (*/img/*) Rule (default) EC2 EC2 EC2 EC2 EC2 EC2 ECS ECS ECS Health Check Health Check Health Check Target Group #1 Target Group #2 Target Group #3

Rules Provide the link between listeners and target groups, and consist of conditions and actions When a request meets the condition of the rule, the associated action is taken Today, rules can forward requests to a specified target group

Rules (continued) Conditions can be specified in path pattern format A path pattern is case sensitive, can be up to 128 characters in length, and can contain any of the following characters: A-Z, a-z, 0-9 _ -. $ / ~ " ' @ : + & (using &) * (matches 0 or more characters)? (matches exactly 1 character)

Load Balancer Listener Listener Rule (default) Rule (*/img/*) Rule (default) EC2 EC2 EC2 EC2 EC2 EC2 ECS ECS ECS Health Check Health Check Health Check Target Group #1 Target Group #2 Target Group #3

Use API deletion protection to prevent a load balancer from being erroneously deleted

Application Load Balancer provides improved performance for Internet applications

Application Load Balancer Native support for WebSockets, supporting full-duplex communication channels over a single TCP connection Support for HTTP/2 provides improved page load times from most of today s browsers Improved performance for real-time and streaming applications

Improvements to application availability and scalability

EC2

Health checks allow for traffic to be shifted away from impaired or failed instances

EC2 ELB EC2 Health checks ensure that request traffic is shifted away from a failed instance. EC2

Health Checks HTTP and HTTPS health checks Customize the frequency, failure thresholds, and list of successful response codes Detailed reasons for health check failures are now returned via the API and displayed in the AWS Management Console

Application Load Balancer will fail open should all back-ends fail the health check

Always use multiple Availability Zones

Amazon Route 53 ELB VPC Customer VPC ELB EC2 us-west-1a ELB EC2 us-west-1b

Amazon Route 53 ELB VPC Customer VPC ELB EC2 us-west-1a ELB us-west-1b

1 Available Zone 2 Available Zones 3 Available Zones 6 6 6 3 3 3 Risks Availability 100% Extra Capacity 50% Extra Capacity

Using multiple Availability Zones can bring a few challenges

Imbalanced Capacity Amazon Route 53 ELB VPC Customer VPC ELB EC2 us-west-1a ELB EC2 s us-west-1b

Cross-Zone Load Balancing Amazon Route 53 ELB VPC Customer VPC ELB EC2 us-west-1a ELB EC2 s us-west-1b

Cross-Zone Load Balancing Distributes requests evenly across multiple Availability Zones Absorbs impact of DNS caching and eliminates imbalances in backend instance utilization No additional bandwidth charge for cross-zone traffic

Cross Zone Load Balancing enabled by default on all Application Load Balancers

Auto Scaling now supports the scaling of applications at the target group level

EC2 example.com /orders ELB /images EC2 EC2 EC2 Application Load Balancer integrates with Auto Scaling to manage the scaling of each target group independently EC2

When using Auto Scaling, keep in mind that your application may be under load during quiet times

Continued support for advanced application security features

SSL Offloading SSL Negotiation Policies provide selection of ciphers and protocols that adhere to the latest industry best practices Optimized for balance between security and client connectivity, as tested with Amazon.com traffic ACM Integration

Application Load Balancer supports security groups to limit access to specified ranges

Web Application Firewall now supports Application Load Balancers

Website Application Firewall Monitors requests and protects web applications from malicious activities at the load balancer level Block, allow, or count web requests based on WAF rules and conditions Preconfigured rules available for common protections: SQL-injection, cross-site scripting, bad-actor IPs, bad bots, and HTTP flood attacks

Improved load balancer and application monitoring

Amazon CloudWatch Metrics CloudWatch metrics provided for each load balancer Provide detailed insight into the health of the load balancer and application stack All metrics provided at 1-minute granularity

Amazon CloudWatch Metrics Metrics provided at both the load balancer and target group level CloudWatch alarms can be configured to notify or take action should any metric go outside of the acceptable range Auto Scaling can use these metrics for scaling of the back-end fleet

HealthyHostCount The count of the number of healthy instances in each Availability Zone Most common cause of unhealthy hosts is health check exceeding the allocated timeout Test by making repeated requests to the backend instance from another EC2 instance View at the zonal dimension

Latency Measures the elapsed time, in seconds, from when the request leaves the load balancer until the response is received Test by sending requests to the backend instance from another instance Using min, average, and max CloudWatch stats, provide upper and lower bounds for latency Debug individual requests using access logs

Rejected Connection Count The number of connections that were rejected because the load balancer could not establish a connection with a healthy target in order to route the request This replaces surge queue metrics which are used by the Classic Load Balancer Surge queues often impact client applications, which fast request rejection improves Normally a sign of an under-scaled application

Target Group Metrics The following metrics are now provided at the target group level, allowing for individual applications to be closely monitored: RequestCount HTTPCode_Target_2XX_Count HTTPCode_Target_3XX_Count HTTPCode_Target_4XX_Count HTTPCode_Target_5XX_Count TargetResponseTime (Latency) UnHealthyHostCount HealthyHostCount

CloudWatch Percentiles Load balancer request response times are now provided with percentile dimensions Provides visibility into the 90 th, 95 th, 99 th, or 99.9 th percentile of response times Allows for more meaningful, and aggressive, performance targets for applications

CloudWatch Percentiles

Access Logs Provide detailed information on each request processed by the load balancer Includes request time, client IP address, latencies, request path, server responses, ciphers and protocols, and user-agents Delivered to an Amazon S3 bucket every 5 or 60 minutes

Request Tracing Application Load Balancers insert a unique trace identifier into each request using a custom header: X-Amzn-Trace-ID Trace identifiers are preserved through the request chain to allow for request tracing Trace identifiers are included in access logs and can also be logged by applications themselves

When should I use Application Load Balancer?

Classic Application Protocol TCP, SSL, HTTP, HTTPS HTTP, HTTPS Platforms EC2-Classic, EC2-VPC EC2-VPC Health checks Improved CloudWatch metrics Improved Path-based routing Container support WebSockets & HTTP/2

For TCP/SSL or EC2-Classic, use Classic Load Balancer For all other use-cases, use Application Load Balancer

Remember to complete your evaluations!

Thank you!

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback