Elastic Load Balancing automatically distributes incoming application traffic across multiple Amazon EC2 instances for fault tolerance and load distribution. In this session, we go into detail about Elastic Load Balancing's configuration and day-to-day management, as well as its use in conjunction with Auto Scaling. We explain how to make decisions about the service and share best practices and useful tips for success.
4. SSL/TLS SSL Security Policies
• Same-day mitigation for POODLE
• Same-day mitigation for LogJam
• Same-day mitigation for Heartbleed
• RC4 removed in advance of ratings and compliance
changes
7. SSL/TLS Cipher Suites
• Always prefer perfect forward secrecy.
• Prefer AES over 3DES over RC4.
• Prefer GCM over CBC + HMAC.
• Compare against billions of connections from real-world
clients.
8. SSL/TLS Cipher Suites
• Legacy clients can cause compatibility issues
• Old firmware in embedded systems
• TVs, controllers, web scrapers…
• ELB defaults strike a balance
• Access log gap analysis
• We recommend ELBSecurityPolicy-2015-05
32. ELB’s own scaling is a mix of pre-emptive, based
on the instance capacity you add, and reactive,
based on the load you receive.
33. CloudWatch and Auto Scaling
All load balancer metrics can be used for Auto Scaling.
Allow you to scale dynamically based on the load
balancers' view of the application.
Important to consider all metrics when using
Auto Scaling; may not be aware of resource
contention on another metric.
You may be at peak multiple times a day.
34. 13 CloudWatch metrics provided for each load
balancer.
Provide detailed insight into the health of the load
balancer and application stack.
CloudWatch alarms can be configured to notify or
take action, in case any metric goes outside of the
acceptable range.
All metrics provided at 1-minute granularity.
AmazonCloudWatch metrics
35. Latency
Measures the time elapsed in seconds after the request leaves the load
balancer until the response is received.
Test by sending requests to the back-end instance from another instance.
Using minimum, average, and maximum, CloudWatch
stats provide upper and lower bounds for latency.
Debug individual requests using access logs.
36. SurgeQueue and Spillovers
Count of the number of requests that could not be sent to back-end
instances.
Queue up to 1,024 requests per load balancer
node, after which 503 errors will be returned.
Often caused by not being able to open
connections to the back-end instance.
Normally a sign of an underscaled application.
38. Global Scalability
ELB integrates with Amazon Route 53 latency–based routing and geo-
based routing.
Useful for applications where latency is critical.
Online advertising bidding.
Trading 53
40. Ben Doyle
Senior Infrastructure Engineer
Digital analytics company with 2 types of products:
- Data collection and analysis of web traffic
- Website content (tag) management
Multiple global platforms for both
43. Health Checks
Support for TCP and HTTP health checks.
Customize frequency and failure thresholds.
Must return a 200 response.
Think hard about health check “depth”.
44. Idle timeouts allow for connections to be
closed by the load balancer when no
longer in use.
45. Length of time that an idle connection should be kept open
For both client and back-endconnections
Defaults to 60 seconds but can be set between 1 and 3,600
seconds
Timeouts should decrease as you go
up the stack
Idle Timeouts
48. Protected by Route 53 Health Checks
All load balancers scaled to handle the
loss of a singleAvailability Zone.
Amazon Route 53 health checks shift
traffic away from the failed Availability
Zone.
Completed within 150 seconds.
No other external or control plane
dependencies.
49. Health checkers and edge locations
perform the same volume of activity,
whether endpoints are healthy or
unhealthy.
Constant work
time
System activity
Time to react
When nothing is failing, the
volume of API calls is zero. When
failure occurs, the volume of API
calls spikes.
time
System activity
Time to react
Work on failure
53. DNS Caching and Spreading
DNS TTLs are generally honored.
But sometimes there simply are not enough DNS servers
to spread load around fairly.
Mobile networks typically have a dozen or so top-level
resolvers.
Enterprise networks may have as few as one.
57. Load balancer absorbs impact of DNS caching.
Eliminates imbalances in back-end instance utilization.
Requests distributedevenly across multiple
Availability Zones.
Check connection limits before enabling.
No additional bandwidth chargefor
cross-zonetraffic.
Cross-zone Load Balancing
58. Integrated with AWS CloudFormation,AWS OpsWorks,
AWS Elastic Beanstalk,Amazon ECS,AmazonAPI Gateway,
and Asgard.
Load balancers are a common gateway for blue/green
deployments.
Load balancers can be managed
programmatically for immutable
Deployments.
ELB and DevOps