Tutorial / Cram Notes
Internal load balancers distribute traffic among resources within a private network. They are not accessible from the public internet which makes them suitable for load balancing of backend operations such as database queries, internal API calls, or internal web services.
Connectivity Patterns:
- Private IP Addressing: An internal load balancer will typically be configured with a private IP address, and it will route traffic to EC2 instances also configured with private IP addresses.
- Subnetting: Internal load balancers are placed inside a Virtual Private Cloud (VPC) and can be configured in specific subnets making them accessible only from within the VPC or through a VPN connection or Direct Connect.
- High Availability: They can be deployed across multiple Availability Zones to ensure high availability and fault tolerance within the AWS environment.
- Security: Since internal load balancers route only internal traffic, they are often paired with security measures like Network Access Control Lists (NACLs) and security groups that are more restrictive compared to those for external-facing services.
Use Case Example:
An enterprise application hosted on AWS with a microservices architecture may use an internal load balancer to distribute traffic among its internal services that do not require direct internet access. For example, an internal application dashboard could fetch data from a microservice that processes data, which in turn communicates with a database cluster—all within a private network.
External Load Balancers
In contrast, external load balancers are used to manage incoming internet traffic; they are typically placed at the edge of your network and serve as the entry point for users accessing your applications over the internet.
Connectivity Patterns:
- Public IP Addressing: External load balancers are assigned public IP addresses and can route traffic to EC2 instances using either public or private IP addresses.
- DNS and Hostname Management: External load balancers work with the Domain Name System (DNS), where a domain name can be mapped to the load balancer’s public IP address.
- SSL Termination: External load balancers can handle SSL termination, taking on the overhead of encrypting and decrypting traffic before passing it to backend servers.
- Auto Scaling: They are often integrated with auto-scaling groups to dynamically adjust the number of EC2 instances being used based on the demand.
Use Case Example:
A high-traffic e-commerce website might use an external load balancer to distribute incoming user traffic across a fleet of EC2 instances that serve the website’s content. This load balancer performs SSL termination for secure HTTP traffic and interacts with the auto-scaling group to accommodate traffic spikes during sales or peak shopping hours.
Comparison Table: Internal vs. External Load Balancers
| Feature/Scenario | Internal Load Balancer | External Load Balancer |
|---|---|---|
| IP Address Type | Private | Public |
| Access | Within private network/VPC | From the Internet |
| SSL Termination | Possible, but less common as traffic is internal | Commonly used |
| Integration with Auto Scaling | Yes | Yes |
| High Availability | Multi-AZ deployment within VPC | Multi-AZ deployment with public access |
| Security Groups | More restrictive rules | Needs to allow inbound internet traffic |
Conclusion
Choosing the right load balancer connectivity pattern depends heavily on the specific architecture and requirements of the application or system. In AWS, Amazon Elastic Load Balancing (ELB) offers different types of load balancers like the Application Load Balancer (ALB) for both internal and external use cases, Network Load Balancer (NLB), and Classic Load Balancer (CLB), each catering to different scenarios and providing various features.
By understanding these patterns and deploying the appropriate load balancing strategy, you can optimize your system’s performance, reliability, and security in line with industry best practices, aligning with AWS Certified Advanced Networking – Specialty (ANS-C01) exam principles.
Practice Test with Explanation
True or False: An internal load balancer is used to balance traffic between application layers within a private network.
- True
- False
Answer: True
Explanation: An internal load balancer is intended to distribute traffic within a private network, often used to balance load between different application layers, such as web servers and database servers, without exposing them directly to the internet.
For which scenario is an external load balancer most appropriate?
- Routing traffic among internal microservices
- Balancing traffic coming from the internet to your web applications
- Only balancing loads on-premises
- Distributing database read replicas traffic
Answer: Balancing traffic coming from the internet to your web applications
Explanation: An external load balancer is designed to handle incoming internet traffic and distribute it across multiple servers, such as web servers, ensuring that the user-facing services can scale and handle varying loads.
True or False: Load balancers can only distribute traffic based on simple round-robin algorithms.
- True
- False
Answer: False
Explanation: Load balancers can use various algorithms to distribute traffic, including round-robin, least connections, and IP hash, among others, depending on the use case and requirements.
When should you consider implementing cross-zone load balancing?
- When the workload is within a single availability zone
- When you want to restrict your load balancing to a single data center
- When you want even distribution across multiple availability zones
- To decrease overall performance
Answer: When you want even distribution across multiple availability zones
Explanation: Cross-zone load balancing allows traffic to be evenly distributed across all registered instances in all availability zones, providing better fault tolerance and utilization.
Which of the following is NOT a common use case for a load balancer?
- SSL termination
- Static IP assignment for each backend instance
- Health checks for automatic traffic rerouting
- Distributing incoming traffic across multiple servers
Answer: Static IP assignment for each backend instance
Explanation: Load balancers typically do not assign static IPs to backend instances; instead, they manage incoming requests and distribute them across instances, which may use dynamic IP addressing.
True or False: Application Load Balancers (ALBs) support path-based routing.
- True
- False
Answer: True
Explanation: Application Load Balancers support path-based routing, which allows routing requests to different backend services based on the URL path specified in the request.
Which type of load balancer is best suited for purely TCP traffic?
- Application Load Balancer (ALB)
- Network Load Balancer (NLB)
- Classic Load Balancer (CLB)
- Gateway Load Balancer (GLB)
Answer: Network Load Balancer (NLB)
Explanation: Network Load Balancers are optimized to handle millions of requests per second while maintaining ultra-low latencies and are best suited for TCP, UDP, and TLS traffic.
True or False: Network Load Balancers (NLBs) preserve the source IP address of the clients.
- True
- False
Answer: True
Explanation: Network Load Balancers, unlike some other types, preserve the client’s source IP, which can be important for applications that need the IP for client IP-based communication or logging.
When hosting a multi-tier application, which load balancer feature is critical for routing user requests to the correct tier?
- Sticky sessions
- Host-based routing
- Path pattern
- Health checks
Answer: Path pattern
Explanation: Path patterns allow you to route traffic to different services in a multi-tier application, ensuring that requests are directed to the correct application tier (e.g., web tier, application tier, or database tier).
True or False: You need to provision a separate load balancer for each service in a microservices architecture.
- True
- False
Answer: False
Explanation: A single load balancer can handle multiple services in a microservices architecture, especially if it supports path-based or host-based routing, which can route requests to different services based on URLs or domain names.
For an application that experiences large, unpredictable spikes in traffic, which feature of load balancers is important?
- Predefined performance
- Static number of instances
- Auto-scaling support
- Fixed bandwidth capacity
Answer: Auto-scaling support
Explanation: Auto-scaling automatically adjusts the number of instances in response to incoming application traffic, which is essential for handling large, unpredictable spikes in demand.
Which AWS service provides a managed load balancing solution?
- Amazon EC2
- Amazon VPC
- AWS Elastic Load Balancing (ELB)
- AWS Auto Scaling
Answer: AWS Elastic Load Balancing (ELB)
Explanation: AWS Elastic Load Balancing offers a managed load balancing service that automatically distributes incoming application traffic across multiple targets, such as Amazon EC2 instances, containers, and IP addresses.
Interview Questions
Can you explain the difference between internal and external load balancers, and when you would typically use each within AWS?
Internal load balancers are used to balance traffic within a private network, such as within a VPC, distributing requests to EC2 instances or services that do not need to be exposed directly to the internet. External load balancers are used to distribute incoming internet traffic to multiple EC2 instances or services to ensure high availability and fault tolerance. Use internal load balancers for backend processing or within a microservice architecture, and external load balancers when you need to serve content to users over the internet.
What are some common algorithms used for load balancing and how do they differ in their approach to traffic distribution?
The most common algorithms used for load balancing include round robin, least connections, and IP hash. Round robin distributes requests evenly across all servers, least connections send new requests to the server with the fewest active connections, and IP hash determines the server based on the IP address of the client. The choice of algorithm depends on the use case; round robin can be used for stateless applications, least connections can be useful when the load varies, and IP hash is good for maintaining client-to-server sessions.
In AWS, how does the Elastic Load Balancing service ensure high availability and fault tolerance across multiple Availability Zones?
AWS Elastic Load Balancing automatically distributes incoming traffic across multiple EC2 instances in different Availability Zones, reducing the risk of failure. If one Availability Zone fails, it can route traffic to instances in other zones, ensuring high availability. Additionally, it performs health checks and only routes traffic to healthy instances.
How do sticky sessions work in the context of load balancing, and what is a potential downside of using them?
Sticky sessions allow you to bind a user’s session to a specific instance so that all requests from the user during the session are sent to the same instance. This is useful when you need to maintain session state. A potential downside is that it can lead to uneven distribution of traffic, as incoming requests are not spread evenly but rather directed to an instance based on session information.
When configuring an AWS Load Balancer, what role do security groups play?
Security groups act as virtual firewalls for your instances to control inbound and outbound traffic. When configuring an AWS Load Balancer, you assign security groups to your load balancer that specify which ports and protocols are allowed to pass through to the EC2 instances. They help define the level of access to the load balancer from the internet or internal networks.
What would be a scenario where you would use a Network Load Balancer (NLB) over an Application Load Balancer (ALB) in AWS, and why?
You would use a Network Load Balancer when you need ultra-low latency or TCP traffic routing based on IP protocol data. NLBs are capable of handling millions of requests per second while maintaining low latencies, making them suitable for high-performance, real-time applications. On the other hand, ALBs are Layer 7 load balancers designed for HTTP/HTTPS traffic with advanced routing features and are used when you need to make routing decisions based on content path or host field.
Describe a use case where a classic load balancer (CLB) would be the most appropriate choice in an AWS architecture.
A Classic Load Balancer would be appropriate if your application is built within the EC2-Classic network or if you require simple load balancing of traffic across multiple EC2 instances. It is suitable for applications that were built within the older EC2-Classic network or if you need to maintain existing CLB configurations, but AWS generally recommends using ALB or NLB for newer applications due to their advanced features and better performance.
How can you ensure that an application remains responsive during a traffic spike?
To ensure that an application remains responsive during a traffic spike, use Auto Scaling in conjunction with Elastic Load Balancing. Auto Scaling automatically adjusts the number of EC2 instances based on the traffic demand, while the load balancer distributes incoming traffic to prevent any single instance from being overwhelmed. Furthermore, set up CloudWatch alarms to monitor traffic and trigger scaling actions.
Can you discuss how Amazon Route 53 can work with Elastic Load Balancing to improve the traffic distribution?
Amazon Route 53 can be used to route user requests to various endpoints, such as Elastic Load Balancers, based on criteria like geographic location, latency, health checks, and weighted round-robin. This enables more granular traffic distribution control, leading to improved load balancing and optimized performance for end-users.
What are connection draining and its significance in the management of load-balanced environments?
Connection draining, also known as deregistration delay, is the process of allowing existing in-flight requests to complete before an instance is deregistered or taken out of service. This feature is significant as it helps avoid abrupt termination of connections to an instance, ensuring a smooth transition and maintaining a good user experience while the load balancer shifts traffic to other instances.
In a load-balanced setup, what is cross-zone load balancing and why might you enable it?
Cross-zone load balancing distributes traffic evenly across all registered instances in all enabled Availability Zones, not just the zone that received the request. This is useful because it can prevent uneven load distribution when the number of instances is unequal in each zone or when certain zones receive more traffic, thus optimizing resource utilization and improving the application’s overall responsiveness.
How does AWS ensure the security and isolation of network traffic handled by its load balancing services?
AWS ensures the security and isolation of network traffic by utilizing Virtual Private Cloud (VPC) for network isolation, offering built-in security features such as SSL/TLS decryption, integration with AWS WAF for application-level protection, and facility to attach security groups and access control lists (ACLs) to your load balancers. Additionally, AWS is compliant with multiple industry standards and regulations to provide secure services.
Great post! I have a question about internal load balancers. Are they more suitable for microservices architectures?
I appreciate the mention of different connectivity patterns, very useful.
Can someone explain the main difference between ALB and NLB in the context of external load balancing?
Thanks for the detailed insights on load balancing, very helpful!
How would you typically ensure high availability when using internal load balancers?
Does anyone have experience with AWS Global Accelerator for improving performance of external load balancers?
Appreciate the clear explanations about the different load balancing techniques!
Are there cost implications between choosing ALB, NLB, or CLB?