Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

AWS re:Invent 2016: Elastic Load Balancing Deep Dive and Best Practices (NET403)

5.337 visualizaciones

Publicado el

Elastic Load Balancing automatically distributes incoming application traffic across multiple Amazon EC2 instances for fault tolerance and load distribution. In this session, we go into detail about Elastic Load Balancing configuration and day-to-day management, as well as its use in conjunction with Auto Scaling. We explain how to make decisions about the service and share best practices and useful tips for success.

Publicado en: Tecnología
  • Sé el primero en comentar

AWS re:Invent 2016: Elastic Load Balancing Deep Dive and Best Practices (NET403)

  1. 1. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. David Brown, General Manager, Elastic Load Balancing December 1, 2016 Elastic Load Balancing Deep Dive & Best Practices NET403
  2. 2. EC2 Instance
  3. 3. Load Balancer used to route incoming requests to multiple EC2 instances. ELB EC2 Instance EC2 Instance EC2 Instance
  4. 4. Elastic Load Balancing automatically distributes incoming application traffic across multiple applications, microservices and containers hosted on Amazon EC2 instances.
  5. 5. SecureElastic Integrated Cost Effective
  6. 6. Elastic Load Balancing provides high availability by utilizing multiple Availability Zones
  7. 7. Customer VPC EC2 Instance EC2 Instance us-west-1aus-west-1b Amazon Route 53 ELB VPC ELB ELB
  8. 8. Layer 7 (application)Layer 4 (network) Supports TCP and SSL Incoming client connection bound to server connection No header modification Proxy Protocol prepends source and destination IP and ports to request Supports HTTP and HTTPS Connection terminated at the load balancer and pooled to the server Headers may be modified X-Forwarded-For header contains client IP address
  9. 9. Application Load Balancer Advanced request routing with support for microservices and container-based applications.
  10. 10. Classic Application Protocol TCP, SSL, HTTP, HTTPS HTTP, HTTPS Platforms EC2-Classic, EC2-VPC EC2-VPC Health checks ✔ Improved CloudWatch metrics ✔ Improved Path-based routing ✔ Container support ✔ WebSockets & HTTP/2 ✔
  11. 11. New, feature rich, layer 7 load balancing platform Fully-managed, scalable and highly available load balancing platform Content-based routing allows requests to be routed to different applications behind a single load balancer Application Load Balancer
  12. 12. Application Load Balancer allows for multiple applications to be hosted behind a single load balancer
  13. 13. EC2 instances registered behind a Classic Load Balancer ELB EC2 Instance EC2 Instance EC2 Instance
  14. 14. Running two separate applications with Classic Load Balancer requires multiple load balancers ELB EC2 Instance EC2 Instance EC2 Instance EC2 Instance EC2 Instance ELB EC2 Instance orders.example.com images.example.com
  15. 15. ELB /orders example.com EC2 Instance EC2 Instance EC2 Instance EC2 Instance EC2 Instance EC2 Instance /images Application Load Balancer allows for multiple applications to be hosted behind a single load balancer
  16. 16. Multiple applications behind a single load balancer provides a significant cost saving
  17. 17. Consider blast radius and isolation when grouping applications behind a single load balancer
  18. 18. Application Load Balancer provides native support for microservice and container-based architectures
  19. 19. Instances can be registered with multiple ports, allowing for requests to be routed to multiple containers on a single instance Amazon ECS will automatically register tasks with the load balancer using a dynamic port mapping Can also be used with other container technologies Application Load Balancer
  20. 20. ELB /orders example.com EC2 Instance EC2 Instance EC2 Instance EC2 Instance EC2 Instance EC2 Instance /images Application Load Balancer allows for multiple applications to be hosted behind a single load balancer
  21. 21. ELB /orders example.com EC2 Instance EC2 Instance EC2 Instance /images Application Load Balancer allows containers to be registered with the load balancerECS Container ECS Container ECS Container
  22. 22. Microservice and container-based architectures provide further cost savings by improving resource utilization
  23. 23. New API version provided for creating, configuring and managing Application Load Balancers Follows latest AWS best practices for resource identifiers and API design Provides several new resource types, including target groups, targets and rules Application Load Balancer
  24. 24. Load Balancer Listener Listener
  25. 25. Define the protocol and port on which the load balancer listens for incoming connections Each load balancer needs at least one listener to accept incoming traffic, and can support up to 10 listeners Routing rules are defined on listeners Listeners
  26. 26. Load Balancer Listener Listener Target Group #1 Health Check Health Check Health Check Target Group #2 Target Group #3
  27. 27. Logical grouping of targets behind a load balancer Target groups can be exist independently from the load balancer, and be associated with a load balancer when needed Regional construct that can be associated with Auto Scaling group Target Groups
  28. 28. Load Balancer Target Group #1 Health Check Health Check Health Check EC2 EC2 EC2 EC2 EC2 EC2 ECS ECS ECS Listener Listener Target Group #2 Target Group #3
  29. 29. Logical load balancing target, which can be an EC2 instance, microservice, or container-based application EC2 instances can be registered with the same target group using multiple ports A single target can be registered with multiple target groups Targets
  30. 30. Load Balancer Target Group #1 Health Check Health Check Health Check EC2 EC2 EC2 EC2 EC2 EC2 ECS ECS ECS Listener Listener Target Group #2 Target Group #3 Rule (default) Rule (*/img/*) Rule (default)
  31. 31. Provide the link between listeners and target groups and consist of conditions and actions When a request meets the condition of the rule, the associated action is taken Today, rules can forward requests to a specified target group Rules
  32. 32. Conditions can be specified in path pattern format A path pattern is case sensitive, can be up to 128 characters in length, and can contain any of the following characters: • A-Z, a-z, 0-9 • _ - . $ / ~ " ' @ : + • & (using &) • * (matches 0 or more characters) • ? (matches exactly 1 character) Rules (continued)
  33. 33. Load Balancer Target Group #1 Health Check Health Check Health Check EC2 EC2 EC2 EC2 EC2 EC2 ECS ECS ECS Listener Rule (default) Rule (*/img/*) Listener Rule (default) Target Group #2 Target Group #3
  34. 34. Today, load balancers support up to 10 rules
  35. 35. Support for up to 100 rules coming soon to Application Load Balancers
  36. 36. Use API deletion protection to prevent a load balancer from being erroneously deleted
  37. 37. Application Load Balancer provides improved performance for Internet applications
  38. 38. Native support for WebSockets, supporting full-duplex communication channels over a single TCP connection Support for HTTP/2 provides improved page load times from most of today’s browsers Improved performance for real-time and streaming applications Application Load Balancer
  39. 39. No additional configuration is required to enable WebSockets or HTTP/2
  40. 40. Classic Load Balancers have offered IPv6 support for some time
  41. 41. Native support for IPv6 coming soon to Application Load Balancers
  42. 42. Improvements to application availability and scalability
  43. 43. EC2 Instance
  44. 44. Health checks allow for traffic to be shifted away from impaired or failed instances
  45. 45. ELB EC2 Instance EC2 Instance EC2 Instance Health checks ensure that request traffic is shifted away from a failed instance.
  46. 46. HTTP and HTTPS health checks Customize the frequency, failure thresholds, and list of successful response codes Detailed reasons for health check failures are now returned via the API and displayed in the AWS Management Console Health Checks
  47. 47. Application Load Balancer will fail open should all back-ends fail the health check
  48. 48. Always use multiple Availability Zones
  49. 49. ELB VPC Customer VPC EC2 InstanceELB ELB EC2 Instance us-west-1aus-west-1b Amazon Route 53
  50. 50. ELB VPC Customer VPC EC2 InstanceELB ELB us-west-1aus-west-1b Amazon Route 53
  51. 51. 6 1 Available Zone Risks Availability 2 Available Zones 6 6 100% Extra Capacity 3 Available Zones 3 3 3 50% Extra Capacity
  52. 52. Using multiple Availability Zones can bring a few challenges …
  53. 53. Imbalanced Instance Capacity ELB VPC Customer VPC EC2 InstanceELB ELB us-west-1aus-west-1b Amazon Route 53 EC2 Instances
  54. 54. Cross-Zone Load Balancing ELB VPC Customer VPC EC2 InstanceELB ELB us-west-1aus-west-1b Amazon Route 53 EC2 Instances
  55. 55. Distributes requests evenly across multiple Availability Zones Absorbs impact of DNS caching and eliminates imbalances in backend instance utilization No additional bandwidth charge for cross-zone traffic Cross-Zone Load Balancing
  56. 56. Cross Zone Load Balancing enabled by default on all Application Load Balancers
  57. 57. Auto Scaling now supports the scaling of applications at the target group level
  58. 58. Application Load Balancer integrates with Auto Scaling to manage the scaling of each target group independently ELB /orders example.com EC2 Instance EC2 Instance EC2 Instance EC2 Instance /images EC2 Instance
  59. 59. When using Auto Scaling, keep in mind that your application may be under load during quiet times
  60. 60. Continued support for advanced application security features
  61. 61. SSL Negotiation Policies provide selection of ciphers and protocols that adhere to the latest industry best practices Optimized for balance between security and client connectivity, as tested with Amazon.com traffic SSL Offloading
  62. 62. Application Load Balancer supports security groups to limit access to specified ranges
  63. 63. Web Application Firewall support coming soon to Application Load Balancers
  64. 64. Monitors requests and protects web applications from malicious activities at the load balancer level Block, allow, or count web requests based on WAF rules and conditions Preconfigured rules available for common protections: SQL-injection, cross-site scripting, bad-actor IPs, bad bots, and HTTP flood attacks Website Application Firewall
  65. 65. Improved load balancer and application monitoring
  66. 66. CloudWatch metrics provided for each load balancer Provide detailed insight into the health of the load balancer and application stack All metrics provided at 1-minute granularity Amazon CloudWatch Metrics
  67. 67. Metrics provided at both the load balancer and target group level CloudWatch alarms can be configured to notify or take action should any metric go outside of the acceptable range Auto Scaling can use these metrics for scaling of the back-end fleet Amazon CloudWatch Metrics
  68. 68. HealthyHostCount The count of the number of healthy instances in each Availability Zone Most common cause of unhealthy hosts is health check exceeding the allocated timeout Test by making repeated requests to the backend instance from another EC2 instance View at the zonal dimension
  69. 69. Latency Measures the elapsed time, in seconds, from when the request leaves the load balancer until the response is received Test by sending requests to the backend instance from another instance Using min, average, and max CloudWatch stats, provide upper and lower bounds for latency Debug individual requests using access logs
  70. 70. Rejected Connection Count The number of connections that were rejected because the load balancer could not establish a connection with a healthy target in order to route the request This replaces surge queue metrics which are used by the Classic Load Balancer Surge queues often impact client applications, which fast request rejection improves Normally a sign of an under-scaled application
  71. 71. Target Group Metrics The following metrics are now provided at the target group level, allowing for individual applications to be closely monitored: • RequestCount • HTTPCode_Target_2XX_Count • HTTPCode_Target_3XX_Count • HTTPCode_Target_4XX_Count • HTTPCode_Target_5XX_Count • TargetResponseTime (Latency) • UnHealthyHostCount • HealthyHostCount
  72. 72. Load balancer request response times are now provided with percentile dimensions Provides visibility into the 90th, 95th, 99th, or 99.9th percentile of response times Allows for more meaningful, and aggressive, performance targets for applications CloudWatch Percentiles
  73. 73. CloudWatch Percentiles
  74. 74. Provide detailed information on each request processed by the load balancer Includes request time, client IP address, latencies, request path, server responses, ciphers and protocols, and user-agents Delivered to an Amazon S3 bucket every 5 or 60 minutes Access Logs
  75. 75. Application Load Balancers insert a unique trace identifier into each request using a custom header: X-Amzn-Trace-ID Trace identifiers are preserved through the request chain to allow for request tracing Trace identifiers are included in access logs and can also be logged by applications themselves Request Tracing
  76. 76. When should I use Application Load Balancer?
  77. 77. Classic Application Protocol TCP, SSL, HTTP, HTTPS HTTP, HTTPS Platforms EC2-Classic, EC2-VPC EC2-VPC Health checks ✔ Improved CloudWatch metrics ✔ Improved Path-based routing ✔ Container support ✔ WebSockets & HTTP/2 ✔
  78. 78. For TCP/SSL or EC2-Classic, use Classic Load Balancer For all other use-cases, use Application Load Balancer
  79. 79. Thank you!
  80. 80. Remember to complete your evaluations!

×