AWS - Elastic Load Balancer
Balancers work with Auto Scaling and CloudWatch to create highly available clusters of servers (EC2 or containers) across multiple Availability Zones.
AWS Elastic Load Balancer (ELB) offers three types of load balancers:
- Classic Load Balancer (CLB): operates on request and connection level, used with legacy EC2-Classic networks.
- Application Load Balancer (ALB): operates on request level to balance HTTP(S) traffic, used with AWS VPC networks.
- Network Load Balancer (NLB): operates on connection level to balance TCP traffic, used with AWS VPC networks.
ELB can map incoming ports to different outgoing ports.
ELB has a security group, just like EC2 instances.
ELB can be public, thus accessible from the public Internet.
ELB should check the health of the instances. If an instance becomes unresponsive, all traffic to it is blocked. Avoid too aggressive health checks as if a server misses a couple of health check responses because the server is busy, ELB will stop routing traffic to it, thus potentially making the whole situation even worse.
- ELB checks application level health by default
- Auto scaling group checks hardware level health by default ASG can be configured to utilize ELB health checks instead.
Load balancer can be cross-zone. The the balancer creates balancer node to each availability zone. Balancer will not route traffic if the zone has no healthy instances.
Keep zones balanced. Requests are divided evenly between multiple availability zones so it's essential that you have around the same number of instances in each availability zone. Requests go to instances with the fewest outstanding requests and has not been marked unhealthy.
ELB can turn SSL traffic to plain traffic. This means that you can have your SSL key on the ELB while your web server doesn't have to know anything about SSL certificates. Remember to use the latest security policy.
ELB allows logging requests to S3. Access log format is not configurable and look like default Apache output.
Network Load Balancers
NLBs assign one static IP address per subnet. This improves performance. But you can still use the NLB DNS address to have single address for your Route 53 A records.
NLBs preserve the original source address. No need to use
X-Forwarded-For headers to perserve this infromation and normal firewall rules can be used on targets.
NLBs can handle long running connections. Built-in fault tolerance for connections that are open for years; great for IoT, gaming and messaging.
- AWS in Action, Michael Wittig and Andreas Wittig