Load Balancers in AWS

Post Views: 204

Table of Content

Introduction
Health Checks
Types of Load Balancers on AWS
- Classic Load Balancers (CLB)
- Application Load Balancer (ALB)
- Network Load Balancer (NLB)
- Gateway Load Balancer
Sticky Sessions
Cross Zone Load Balancing
SSL – Server Name Indication (SNI)
Connection Draining

Load balancers serve as essential components that distribute incoming traffic across multiple servers downstream.
They effectively spread the load among various downstream instances.
Load balancers provide a single point of access (DNS) to your application.
They adeptly manage failures of downstream instances, ensuring seamless operation.
Health checks are conducted on instances to ascertain their availability.
Load balancers offer SSL termination for your websites.
They support stickiness through cookies.
High availability across different zones is ensured.
Managed load balancers come with AWS guarantees, handling upgrades, maintenance, and high availability.
While cost-effective, setting up your own load balancer requires more management effort and integrates with many AWS offerings:
1. EC2, EC2 Autoscaling groups, Amazon ECS
2. AWS Certificate Manager, CloudWatch
3. Route 53, AWS WAF, AWS Global Accelerator

Health checks are pivotal for load balancers to determine instance availability.
They enable load balancers to know whether the instances they forward traffic to are functional.
Typically, health checks are conducted on a port with a common route like /health.
If the response is not satisfactory (e.g., not 200 OK), the instance is marked as unhealthy.

AWS provides four types of managed load balancers:
1. Classic Load Balancers (CLB, v1 – old generation) – Supports HTTP, HTTPS, TCP, SSL (since 2009).
2. Application Load Balancers (ALB, v2 – new generation) – Supports HTTP, HTTPS, WebSocket (since 2016).
3. Network Load Balancers (NLB, v2 – new generation) – Supports TCP, UDP, TLS (since 2017).
4. Gateway Load Balancers (since 2020) – Operates at Layer 3 (Network Layer).
It’s recommended to use newer generation load balancers due to enhanced features.
Load balancers can be set up as internal or external.

ALB operates at Layer 7 (HTTP) and balances traffic across multiple applications on the same machine.
It supports HTTP/2 and WebSocket.
ALB offers features like redirects and routing tables based on URL, hostname, query string, or headers.
ALB is ideal for microservices and container-based applications.
It supports routing to various target groups, including EC2 instances, ECS tasks, Lambda functions, and IP addresses.
Health checks are conducted at the target group level.
ALB ensures client IPs are not directly visible to applications, using the X-Forwarded-For header for the true client IP.

NLB operates at Layer 4 and forwards TCP and UDP traffic to instances.
It handles millions of requests per second with low latency (around 100ms).
NLB has a static IP per Availability Zone and supports Elastic IP assignment.
It excels in extreme performance for TCP or UDP traffic.
NLB can route traffic to EC2 instances, IP addresses, Application Load Balancers, and more.
Health checks support TCP, HTTP, and HTTPS protocols.

Gateway Load Balancer manages third-party network virtual appliances in AWS.
Examples include firewalls, intrusion detection/prevention systems, and deep packet inspection systems.
It operates at Layer 3 (Network Layer) with IP packets.
Gateway Load Balancer combines transport network gateway and load balancing functionalities.
It uses the geneve protocol and supports EC2 instances and IPs.

Sticky sessions ensure that the same client is consistently routed to the same instance behind a load balancer.
Supported by CLB, ALB, and NLB.
Stickiness is implemented using cookies, which have configurable expiration.
Commonly used for maintaining session data, but may lead to load imbalance.

Cross Zone Load Balancing evenly distributes traffic across all registered instances in all Availability Zones.
Enabled by default for Application Load Balancers.
No charges apply for inter-AZ data transfer.
Network and Gateway Load Balancers must be explicitly enabled.
Charges may apply for inter-AZ data transfer in these cases.

SSL certificates encrypt traffic between clients and load balancers during transit.
SSL refers to Secure Socket Layer, often replaced with TLS (Transport Layer Security).
SSL certificates have expiration dates and can be renewed.
AWS offers ACM (AWS Certificate Manager) for certificate management.
HTTPS listeners require a default certificate, and multiple certificates can be added to support various domains.

SNI resolves the challenge of accommodating multiple SSL certificates on a single server.
It’s a modern protocol that mandates the client to specify the target server’s hostname during the initial SSL handshake.
Consequently, the server can identify the appropriate certificate or revert to the default one.
Important Considerations:
1. SNI functionality is exclusive to ALB and NLB.
2. It’s not compatible with CLB.
In the case of Classic Load Balancer (CLB):
1. CLB supports only one SSL certificate.
For ALB and NLB:
1. They support multiple listeners, each with numerous SSL certificates.
2. SNI is utilized to enable this functionality.

Connection Draining, also known as Deregistration Delay in ALB and NLB, serves a vital role.
ELB (Elastic Load Balancer) grants sufficient time for in-flight requests to conclude when an instance is deregistered or unhealthy.
During this period, ELB refrains from directing new requests to the EC2 instance undergoing deregistration.
You can configure this time interval within the range of 1 to 3600 seconds, with a default value of 300 seconds.
Disabling connection draining is feasible by setting the value to 0.
For shorter requests, it’s advisable to opt for a lower connection draining duration.