Elastic Load Balancer (ELB) - Comprehensive Guide
⚖️ Tổng quan về ELB
ELB là gì?
- Load balancing service: Distribute traffic across multiple targets
- High availability: Automatically scale to handle traffic
- Health monitoring: Monitor và route to healthy targets only
- SSL termination: Handle SSL/TLS encryption/decryption
- Integration: Deep integration với AWS services
🏗️ ELB Types
Application Load Balancer (ALB)
Layer 7 Load Balancer:
Features:
- HTTP/HTTPS traffic
- Content-based routing
- Host-based routing
- Path-based routing
- WebSocket support
- HTTP/2 support
Targets:
- EC2 instances
- IP addresses
- Lambda functions
- Containers (ECS)
Network Load Balancer (NLB)
Layer 4 Load Balancer:
Features:
- TCP/UDP/TLS traffic
- Ultra-high performance
- Static IP addresses
- Preserve source IP
- Millions of requests/second
Targets:
- EC2 instances
- IP addresses
- Application Load Balancers
- Containers (ECS)
Classic Load Balancer (CLB)
Legacy Load Balancer:
Features:
- Layer 4 và Layer 7
- Basic load balancing
- Limited features
- Not recommended for new applications
Migration Path:
- Migrate to ALB for HTTP/HTTPS
- Migrate to NLB for TCP/UDP
🎯 Application Load Balancer Deep Dive
Routing Rules
Host-based Routing:
api.example.com → API Target Group
web.example.com → Web Target Group
admin.example.com → Admin Target Group
Path-based Routing:
/api/* → API servers
/images/* → Image servers
/static/* → Static content servers
Header-based Routing:
User-Agent: Mobile → Mobile Target Group
X-Forwarded-For: Corporate IP → Internal Target Group
ALB Configuration
{
"LoadBalancerName": "my-alb",
"Scheme": "internet-facing",
"IpAddressType": "ipv4",
"Subnets": ["subnet-12345", "subnet-67890"],
"SecurityGroups": ["sg-12345"],
"Listeners": [
{
"Port": 443,
"Protocol": "HTTPS",
"SslPolicy": "ELBSecurityPolicy-TLS-1-2-2017-01",
"DefaultActions": [
{
"Type": "forward",
"TargetGroupArn": "arn:aws:elasticloadbalancing:..."
}
]
}
]
}
Target Groups
Target Group Configuration:
Protocol: HTTP/HTTPS
Port: 80/443
VPC: vpc-12345
Health Check:
Path: /health
Interval: 30 seconds
Timeout: 5 seconds
Healthy threshold: 2
Unhealthy threshold: 5
Targets:
- Instance ID: i-1234567890abcdef0
- IP Address: 10.0.1.100
- Lambda Function: my-function
🌐 Network Load Balancer Deep Dive
NLB Features
Performance:
- Ultra-low latency
- Millions of requests per second
- Handle volatile traffic patterns
- 25% of ALB latency
Static IP:
- One static IP per AZ
- Elastic IP address support
- Whitelist friendly
- DNS pointing to static IPs
Source IP Preservation:
- Client IP preserved
- No X-Forwarded-For needed
- Direct server return (DSR)
- True client IP visibility
NLB Configuration
{
"LoadBalancerName": "my-nlb",
"Type": "network",
"Scheme": "internet-facing",
"IpAddressType": "ipv4",
"SubnetMappings": [
{
"SubnetId": "subnet-12345",
"AllocationId": "eipalloc-12345"
}
],
"Listeners": [
{
"Port": 80,
"Protocol": "TCP",
"DefaultActions": [
{
"Type": "forward",
"TargetGroupArn": "arn:aws:elasticloadbalancing:..."
}
]
}
]
}
🔒 SSL/TLS Termination
SSL Configuration
SSL Termination Options:
1. Load Balancer Termination:
Client → [HTTPS] → LB → [HTTP] → Targets
- SSL processing on LB
- Reduced backend load
- Certificate management centralized
2. End-to-End Encryption:
Client → [HTTPS] → LB → [HTTPS] → Targets
- Full encryption path
- Higher security
- More backend processing
3. SSL Passthrough (NLB):
Client → [HTTPS] → LB → [HTTPS] → Targets
- LB forwards encrypted traffic
- Backend handles SSL
- Certificate on backend servers
Certificate Management
AWS Certificate Manager (ACM):
Benefits:
- Free SSL certificates
- Automatic renewal
- Easy integration với ELB
- Wildcard certificates
Custom Certificates:
- Upload to IAM
- Import to ACM
- Third-party certificates
- Self-signed certificates (not recommended)
📊 Health Checks
Health Check Types
HTTP Health Checks:
- GET request to specified path
- Expected response code (200, 200-299)
- Response body matching (optional)
- Most common type
TCP Health Checks:
- Connection establishment
- No application-level check
- Faster than HTTP
- Used for non-HTTP services
HTTPS Health Checks:
- SSL handshake required
- Certificate validation
- Overhead of encryption
- Secure health checking
Health Check Configuration
Health Check Settings:
Protocol: HTTP/HTTPS/TCP
Port: Traffic port hoặc override
Path: /health (for HTTP/HTTPS)
Timing:
Interval: 10-300 seconds
Timeout: 2-120 seconds
Healthy threshold: 2-10 checks
Unhealthy threshold: 2-10 checks
Advanced:
Grace period: Initial delay
Drain time: Remove traffic gradually
Stickiness: Session affinity
🎛️ Load Balancing Algorithms
ALB Algorithms
Round Robin:
- Default algorithm
- Equal distribution
- Simple và effective
- No consideration of server load
Least Outstanding Requests:
- Route to server with fewest pending requests
- Better for varying response times
- More intelligent distribution
- Available in ALB only
Session Stickiness
Duration-based Stickiness:
- Cookie-based session affinity
- ELB generates cookie
- Configurable duration
- Good for stateful applications
Application-based Stickiness:
- Application generates cookie
- Custom cookie name
- Application controls duration
- More flexible approach
📈 Monitoring & Logging
CloudWatch Metrics
Key Metrics:
- RequestCount: Total requests
- TargetResponseTime: Backend response time
- HTTPCode_Target_2XX_Count: Successful responses
- HTTPCode_Target_4XX_Count: Client errors
- HTTPCode_Target_5XX_Count: Server errors
- HealthyHostCount: Healthy targets
- UnHealthyHostCount: Unhealthy targets
NLB Specific:
- ActiveFlowCount: Concurrent connections
- NewFlowCount: New connections per second
- ProcessedBytes: Data processed
Access Logs
Access Log Configuration:
S3 Bucket: Store logs
Prefix: Organize logs by date/time
Log Format (ALB):
timestamp, client_ip, target_ip, request_processing_time,
target_processing_time, response_processing_time,
elb_status_code, target_status_code, received_bytes,
sent_bytes, request, user_agent, ssl_cipher, ssl_protocol
Use Cases:
- Security analysis
- Performance troubleshooting
- Compliance auditing
- Traffic pattern analysis
🔧 Cross-Zone Load Balancing
Cross-Zone Behavior
Application Load Balancer:
Default: Enabled
Charges: No additional cost
Benefit: Even distribution across AZs
Network Load Balancer:
Default: Disabled
Charges: Cross-AZ data transfer costs
Option: Can be enabled
Classic Load Balancer:
Default: Disabled
Charges: Cross-AZ data transfer costs
Recommendation: Enable for better distribution
💰 Pricing & Cost Optimization
Pricing Models
Application Load Balancer:
- $0.0225 per hour
- $0.008 per LCU-hour
- LCU = Load Balancer Capacity Unit
Network Load Balancer:
- $0.0225 per hour
- $0.006 per NLCU-hour
- NLCU = Network Load Balancer Capacity Unit
Data Transfer:
- Same AZ: Free
- Cross AZ: $0.01 per GB
- Internet: Standard rates
Cost Optimization
Right-sizing:
- Monitor capacity units usage
- Consolidate load balancers where possible
- Use appropriate LB type for workload
Cross-Zone Considerations:
- ALB: Free cross-zone
- NLB: Consider costs vs benefits
- CLB: Evaluate enabling cross-zone
🚀 Best Practices
Security
Security Groups:
Load Balancer SG:
- Allow inbound from internet (80, 443)
- Allow all outbound
Target SG:
- Allow inbound from LB security group
- Specific ports only
- No direct internet access
WAF Integration:
- Application layer protection
- DDoS mitigation
- Custom rules for threats
- Real-time monitoring
Performance
Pre-warming:
- Contact AWS for expected traffic spikes
- Gradual traffic increase preferred
- Load testing best practices
Connection Draining:
- Graceful instance removal
- Complete existing requests
- Configurable timeout
- Zero-downtime deployments
📝 Exam Tips cho AWS SAA
Key Differences
ALB vs NLB:
ALB: Layer 7, content-based routing, HTTP/HTTPS
NLB: Layer 4, static IP, TCP/UDP, ultra-high performance
Use Cases:
ALB: Web applications, microservices, content routing
NLB: Gaming, IoT, financial services, static IP requirements
Features:
ALB: WAF, Lambda targets, HTTP/2
NLB: Source IP preservation, PrivateLink support
Common Scenarios
- Multi-tier applications: ALB với path-based routing
- Microservices: ALB với service discovery
- High-performance applications: NLB cho low latency
- Legacy applications: CLB migration planning
📖 Tóm tắt
ELB provides comprehensive load balancing solutions: - Multiple types cho different use cases và performance requirements - High availability với automatic scaling và health monitoring - Security features với SSL termination và WAF integration - Deep monitoring với CloudWatch metrics và access logs - Cost-effective pricing models với optimization opportunities
Understanding ELB types và their appropriate use cases là critical cho AWS SAA exam.