DevOps Tour
AWS Load Balancing { Part - II }

AWS Load Balancing { Part - II }

Using AWS Load Balancing to Optimize Traffic and Ensure Availability

Chandra Prakash Reddy's photo
Chandra Prakash Reddy
·

5 min read

Table of contents

Target groups

  • Target Groups use the protocol and port number you provide to route requests to registered targets, like EC2 instances.

  • A target can be assigned to more than one target group.

  • Every target group can have a health check set up.

  • All targets in a target group designated by a listener rule for your load balancer perform health checks.

  • Requests are sent to one or more targets by each target group.

  • When you create a listener rule, you provide conditions and pick a target group.

  • Traffic flows to the relevant target group when a rule's requirements are fulfilled.

  • Different target groups might be made for various kinds of requests. For instance:

    • One target group for general requests.

    • Other target groups for requests to microservices in your app.

  • Settings for health checks are specific to each target group.

  • You can modify the usual health check settings that are used by default for each target group.

  • The load balancer verifies the health of each registered target in the target group after placing it in a listener rule.

  • Only healthy targets in Availability Zones that have been activated receive requests from the load balancer.

Route Configuration

  • By default, a load balancer uses the port and protocol you specify when you create the target group to transmit requests to its targets.

  • When you register a target in the target group, you can modify the port that is used to route traffic to that target.

HTTPS Settings:

  • If a target group uses HTTPS or HTTPS health checks:

    • The ELBSecurityPolicy-TLS13-1-0-2021-06 policy is utilized if the listener is using the TLS 1.3 security policy.

    • The ELBSecurityPolicy-2016-08 policy is applied in all other cases.

  • The load balancer uses the certificates that are installed on the targets to establish TLS connections with them.

  • These certificates are not validated by the load balancer, which means:

    • Both expired and self-signed certificates are acceptable.

  • Traffic between the load balancer and targets is authenticated at the packet level in the VPC, so it is safe from man-in-the-middle attacks or spoofing even with invalid certificates.

Note:

  • You might need to take extra precautions to secure traffic leaving AWS because it might not be as protected.

Load Balancer and Target Registration

  • Your load balancer routes incoming traffic to healthy registered targets and serves as the primary point of contact for customers.

  • Each target can be registered with one or more target groups.

Handling Increased Traffic:

  • You can add more objectives to meet demand if your application's traffic increases.

  • Traffic will be routed to newly registered targets by the load balancer as soon as:

    • The registration procedure is finished.

    • The initial health check is passed by the target.

Handling Decreased Traffic or Maintenance:

  • You can deregister targets from the target groups if traffic drops or if you need to keep targets.

  • Deregistering a target:

    • eliminates it from the target group without influencing it.

    • Traffic to the target is instantly stopped by the load balancer.

    • The target goes into a state of draining until all ongoing requests are completed.

  • When you're ready to resume receiving traffic, you can re-register the target with the target group.

Using with Auto Scaling:

  • You can utilize the load balancer with an Auto Scaling group if you register targets by instance ID.

  • The new targets are immediately registered as they are launched when you attach a target group to an Auto Scaling group.

Restrictions on Target Registration:

  • Another Application Load Balancer's IP address cannot be registered within the same VPC.

  • You can, however, register the IP addresses of the other application load balancer if it is located in a VPC that is peering with your load balancer's VPC.

Instance Registration and VPC Peering:

  • Instances in a VPC peering the load balancer's VPC (whether in the same region or a different one) cannot be registered by instance ID.

  • Instead, you can register such instances using their IP address.

Monitoring and Troubleshooting Load Balancers

To keep an eye on your load balancers, examine traffic, and resolve problems, you can utilize a number of features:

CloudWatch Metrics

  • To obtain information about your targets and load balancers, use Amazon CloudWatch.

  • You can determine whether your system is operating efficiently by looking at this data as time-series measurements.

Access Logs

  • The specifics of the requests made to your load balancer are recorded in your access logs.

  • Amazon S3 stores these logs as files.

  • Access logs can be used to solve issues with your targets and examine traffic trends.

Connection Logs

  • Information about requests made to your load balancer is recorded in connection logs.

  • Information such as the client's IP address, port, client certificate details, connection outcomes, and TLS ciphers are all included in these logs.

  • You can monitor request trends and other patterns with the use of connection logs.

Request Tracing

  • You can monitor HTTP requests as they move through the load balancer by using request tracing.

  • Every request is given a unique trace identity by the load balancer.

CloudTrail Logs

  • To record complete information on calls made to the Elastic Load Balancing API, use AWS CloudTrail.

  • Amazon S3 is where these logs are kept.

  • You can see which API calls were made, where they started from, who made them, and when by looking at CloudTrail logs.

Conclusion

  • Target Groups use the specified protocol and port to route traffic to registered targets (such as EC2 instances). A target can be registered with more than one group, and you can set up health checks for each group.

  • The load balancer Sending requests to targets according to the protocol and port specified in the target group is how routing operates. To guarantee secure traffic, you can modify configurations such as HTTPS and TLS certificates.

  • You can eliminate objectives when demand declines or add extra targets to manage spikes in traffic. Until active requests are completed, deregistered targets go into a draining condition.

  • An Auto Scaling group enables the load balancer to automatically register new targets, improving traffic management as it increases.

  • Use tools like as CloudTrail, request tracing, access logs, connection logs, and CloudWatch to troubleshoot any issues with targets, monitor load balancers, and analyze traffic trends.

References

Did you find this article valuable?

Support DevOps Tour by becoming a sponsor. Any amount is appreciated!

AWSAWS Certified Solutions Architect AssociateCloud ComputingCloudDevopsDevOps JourneyDevops articles#DevopscommunityAWS Elastic Load Balancerec2EC2 instanceaws target groups