Tutorial / Cram Notes
AWS Elastic Load Balancing offers several types of load balancers that can be configured to suit a variety of use cases. Among the critical decisions one needs to make while setting up a load balancer on AWS is choosing the appropriate target group type. Target groups are used to route requests to one or more registered targets, such as EC2 instances, containers, or IP addresses, depending on the load balancer type.
When you create a target group, you must specify the protocol and port on which the targets receive traffic. The protocol of the target group must be compatible with the protocol of the load balancer. Here are some of the configuration options available for load balancer target groups:
TCP
TCP (Transmission Control Protocol) is a connection-oriented protocol that facilitates reliable, ordered, and error-checked delivery of bytes between applications communicating via an IP network. TCP target groups are employed when you need to maintain a persistent connection between the client and your server, which is critically important for certain types of applications.
- Protocol: TCP
- Port: 1-65535
- Health Checks: Supported (can specify a port and a path)
- AWS Load Balancer Types: Network Load Balancer (NLB)
GENEVE
GENEVE (Generic Network Virtualization Encapsulation) is a tunneling protocol similar to VXLAN used primarily in Software-Defined Networking (SDN) environments to encapsulate network layer protocols within virtual networks. AWS uses GENEVE with Network Load Balancers that are set up to work with AWS Gateway Load Balancer endpoints.
- Protocol: GENEVE
- Port: 6081
- Health Checks: Not applicable (handled by Gateway Load Balancer)
- AWS Load Balancer Types: Network Load Balancer (when used with Gateway Load Balancer endpoints)
IP Addresses
Specifying targets by their IP address is particularly useful when you have services that need to scale independently of each other and when these services may not be on AWS. This approach allows you to include targets that are located in on-premises data centers in the load balancing process.
- Protocol: TCP, TLS, UDP, TCP_UDP
- Port: 1-65535
- Health Checks: Supported (can specify a port and various protocol-specific settings)
- AWS Load Balancer Types: Both Network Load Balancer (NLB) and Application Load Balancer (ALB)
Instances
When you specify instances as your target, the load balancer sends traffic to the instances using the private IP addresses of the registered instances.
- Protocol: HTTP, HTTPS (for ALB); TCP, TLS, UDP, TCP_UDP (for NLB)
- Port: 1-65535
- Health Checks: Supported (can specify a port and a path for HTTP and HTTPS, or port for other protocols)
- AWS Load Balancer Types: Application Load Balancer (ALB) and Network Load Balancer (NLB)
Below is a comparison table to summarize the discussed configuration options:
| Target Specification | Supported Protocols | Supported Ports | Health Checks | Load Balancer Types |
|---|---|---|---|---|
| TCP | TCP | 1-65535 | Supported | NLB |
| GENEVE | GENEVE | 6081 | N/A | NLB (with GWLB) |
| IP Addresses | Varies | 1-65535 | Supported | ALB, NLB |
| Instances | HTTP/HTTPS, TCP, etc | 1-65535 | Supported | ALB, NLB |
It’s crucial to align your target group configuration with your application’s requirements. For instance, if you are running a web application requiring sticky sessions, you would typically opt for an ALB with HTTP/HTTPS protocols.
Here’s an example of how to define a target group using the AWS CLI for a TCP-based load balancer:
aws elbv2 create-target-group –name my-tcp-targets –protocol TCP –port 80 –vpc-id vpc-1234567890abcdef0
In this example, you specify the name of the target group, the protocol TCP, port 80, and the ID of the VPC where the target group is to be created.
Understanding these various configurations and correctly applying them to your load balance setup can have a significant impact on the efficiency, performance, and reliability of your distributed applications across your AWS infrastructure.
Practice Test with Explanation
True or False: Elastic Load Balancers can only route traffic to EC2 instances.
- A) True
- B) False
Answer: B) False
Explanation: Elastic Load Balancers can route traffic to multiple types of targets such as EC2 instances, containers, IP addresses, and Lambda functions, depending on the load balancer type.
A target group associated with a Network Load Balancer (NLB) can route traffic to targets identified by what means?
- A) Instance ID only
- B) IP address only
- C) Both instance ID and IP address
- D) Neither, NLBs do not use target groups
Answer: C) Both instance ID and IP address
Explanation: Network Load Balancers can route traffic to targets specified either by instance ID or by IP address.
True or False: A target group’s health check settings can be configured differently for each target within the group.
- A) True
- B) False
Answer: B) False
Explanation: Health check settings in a target group apply to all targets within the group and cannot be configured individually.
What protocols can be used by a target group when working with an Application Load Balancer (ALB)?
- A) TCP only
- B) HTTP and HTTPS only
- C) TCP, HTTP, and HTTPS
- D) TCP, UDP, HTTP, and HTTPS
Answer: B) HTTP and HTTPS only
Explanation: Application Load Balancers support routing HTTP and HTTPS traffic. TCP and UDP protocols are supported by Network Load Balancers.
True or False: Amazon ECS services can serve as a target for an Application Load Balancer.
- A) True
- B) False
Answer: A) True
Explanation: Application Load Balancers can route traffic to Amazon ECS services, allowing for containerized applications to be targeted.
When using an Application Load Balancer, what is the maximum timeout setting for idle connections?
- A) 60 seconds
- B) 300 seconds
- C) 4000 seconds
- D) 3600 seconds
Answer: C) 4000 seconds
Explanation: The maximum idle timeout setting for ALB connections is 4000 seconds, which can be configured to allow connections to remain open without data being sent.
True or False: Sticky sessions are a feature that can be enabled on Network Load Balancers.
- A) True
- B) False
Answer: B) False
Explanation: Sticky sessions, which bind a user’s session to a specific target, are a feature of Application Load Balancers and Classic Load Balancers, but not Network Load Balancers.
Which load balancing protocol and port can be used to receive encapsulated traffic using the GENEVE encapsulation protocol?
- A) TCP, port 80
- B) UDP, port 6081
- C) TCP, port 22
- D) TCP, port 6081
Answer: B) UDP, port 6081
Explanation: GENEVE encapsulated traffic is typically received over UDP on port
True or False: Deregistration delay in a target group defines the time AWS will wait before completely deregistering a target that has failed health checks.
- A) True
- B) False
Answer: A) True
Explanation: Deregistration delay is the period during which AWS waits after a target fails health checks before deregistering it. This can be useful for ensuring that in-flight requests are completed.
When configuring a target group with a load balancer, how can traffic be distributed to the registered targets?
- A) Based on the highest resource usage
- B) Round robin
- C) According to application-specific metrics
- D) Based on predefined session affinity rules
Answer: B) Round robin
Explanation: Load balancers, by default, distribute incoming traffic across registered targets using the round robin method. This can be modified with session affinity settings for an ALB.
True or False: It is possible to register a Lambda function as a target in a Network Load Balancer target group.
- A) True
- B) False
Answer: B) False
Explanation: Lambda functions can be registered as targets with an Application Load Balancer but not with a Network Load Balancer.
In the context of target health checks for an Application Load Balancer, what status code range is considered healthy by default?
- A) 200-299
- B) 200-399
- C) 200-499
- D) 100-199
Answer: B) 200-399
Explanation: By default, Application Load Balancer health checks consider the target healthy if it returns a 200-399 HTTP status code. This range indicates successful responses and client-side errors that may not necessarily indicate the target is unhealthy.
Interview Questions
What is the primary function of a target group in the context of AWS Elastic Load Balancing (ELB)?
The primary function of a target group in AWS ELB is to route requests to one or more registered targets, such as EC2 instances, IP addresses, or Lambda functions, based on the listener rules. It allows ELB to effectively distribute the incoming application traffic across multiple targets for scalability and fault tolerance.
Can you explain how health checks are used in configuring a target group for an AWS load balancer?
Health checks are used to monitor the health of the targets within a target group. AWS ELB periodically sends requests to each target to ensure it is healthy and able to handle requests. If a target fails a specified number of consecutive health checks, it is considered unhealthy, and the load balancer stops routing traffic to it until it passes health checks again.
What are the main differences between using IP addresses or instances as targets in an AWS load balancer target group?
When using instances as targets, the load balancer routes traffic to the primary private IP address of the EC2 instance. When using IP addresses as targets, the load balancer can route traffic to an arbitrary IP address, which can belong to an EC2 instance or a service hosted outside of AWS. IP targets offer more flexibility, allowing for the inclusion of on-premises servers or peered VPC resources.
How does the choice between TCP and HTTP(S) protocols impact the configuration of a target group?
Choosing TCP as the protocol for a target group configures the load balancer to function at the transport layer (layer 4) without considering the application layer content. It simply forwards request data to targets. In contrast, HTTP(S) operates at the application layer (layer 7), allowing the load balancer to inspect packets, modify requests, and use advanced routing based on the content, path, or headers.
Can you change the protocol of a target group after creating it in AWS?
No, you cannot change the protocol of a target group once it is created. To use a different protocol, you would need to create a new target group with the desired protocol and update the listener to use this new target group.
In the context of an AWS load balancer, what is GENEVE protocol, and when would you use it?
GENEVE (Generic Network Virtualization Encapsulation) is a tunneling protocol used by Gateway Load Balancer to deliver traffic to services. You’d use GENEVE when implementing service chaining and transparently inserting networking and security appliances, such as firewalls or intrusion detection systems, into the traffic flow without modifying the client or service.
Discuss how the concept of “stickiness” is applied in the target group configurations.
“Stickiness” refers to the ability of the load balancer to bind a user’s session to a specific target. This ensures that all requests from a particular client during the session are sent to the same target, which is important for maintaining session continuity in applications that do not handle sessions natively.
Is it possible to register targets by instance ID when using an Application Load Balancer (ALB) target group?
Yes, with an ALB, you can register targets either by instance ID or by IP address. Registering by instance ID allows the ALB to automatically handle the selection of the port and manage the targets as they scale up or down.
What are some considerations when registering Lambda functions as targets in an ALB target group?
When registering Lambda functions as targets in an ALB target group, it is important to consider the concurrency and execution limits of the Lambda functions since these will impact how well they can handle incoming traffic. Also, ensure that the Lambda function is configured to receive an event structure from the ALB and has the necessary permissions via execution role.
Explain the importance of target type in the configuration of a load balancer target group.
The target type determines how you specify targets in the target group and how traffic is routed to them. In AWS, there are three target types: instance, IP, and Lambda function. The choice affects scalability, management, and integration with other AWS services. For instance, IP as a target type allows integration with containers and on-premises servers.
How do you approach the process of modifying target group attributes, such as deregistration delay or stickiness, and what are the implications of such changes?
To modify target group attributes, you can use the AWS Management Console, AWS CLI, or SDKs. When changing the deregistration delay, you are altering the time it takes for the target to stop receiving traffic after deregistration, which can help in graceful shutdowns of targets. Changing stickiness attributes affects how the client sessions are maintained, impacting user experience and load distribution.
What role does port mapping play in target group configurations for different target types, and how does it affect traffic routing?
Port mapping is crucial when the instance or IP targets are used, as it defines to which port on the target the traffic should be forwarded. For instance-type targets and IP targets within an ECS cluster, you can use port mapping to enable multiple tasks from a single service to use the same listener port of a load balancer, allowing efficient use of resources. Traffic routing is affected as different ports can be used by different services or versions of an application hosted on the same target, providing service differentiation.
Great blog post! The comparison between TCP and GENEVE for load balancer target groups was really insightful.
I’m curious, can someone elaborate on the differences in performance when using IP versus instance target types?
The explanation about GENEVE was spot on! Thanks for shedding light on such a lesser-known protocol.
I think GENEVE is a bit overkill for most standard applications. Any opinions?
Can anyone provide examples of when to prefer TCP over IP for target groups?
Helpful post. The visual aids made the content clear and easy to understand.
Is there any performance benchmarking between these target types available?
Not sure if I agree with the preference for instance targets. Any counterarguments?