[SAA + SAP] 04 ALB + ASG
SAA
Load Balancer
- LBs can scale but not instantaneously -- contact AWS for a "warm-up"
- 4xx errors are client induced errors
- 5xx errors are application induced errors
- Load Balancer Errors 503 means at capacity or no registered target
- If the LB can't connect to your application, checkyour security groups!
- ELB access logs will log all access request for debugging
- CloudWatch etrics will give you aggregate statistics
- ELB Load Balancers provides a static DNS name
ALB
- Routing to different target group
- Health check at target group level
- ALB support HTTP / HTTPS and WebSocket as well
NLB
- Network Load balancers (Layer 4) allow to:
- Forward TCP & UDP traffic to your instances
- Handle millions of request per seconds
- Less altency 100ms (vs 400 ms for ALB)
- NLB has one static IP per AZ, and supports assigning Elastic IP (helpful for whitelisting specific IP)
- ALB has one static hostname
- NLB are used for extreme performance, TCP or UDP traffic
- For application load balancer
- For target group level settings
- With CZ Load Balancing: Each EC2 instances get even number of traffic
Gateway Load Balancer
-
Deploy, scale, and manage a fleet of 3th party network virtual appliances in AWS
- Example, Firewalls, intrusion Detection and Prevention Systems, Deep Packet Inspection Systems, payload manipulation...
- Operates at Layer 3 (Network Layer) - IP Packets
- Combines the following functions:
- Transparent Network Gateway - Single entry/exit for all traffic
- Load Balancer - distributes traffic to your virtual
- Use the GENEVE protocol on port 6081
In short, using Gateway Load balacner, will redirect the traffic transparently from Application to a 3th party Virtual appliances.
Access Log
Access Log is disabled by default.
It capture information relating to incoming requests to your Elastic Load Balancer.
Log are encrypted and stored in an S3 bucket and decrypted when you access them.
ASG
- Scaling policies can be on CPU, Networkm... nad can even be on custom metrics or based on a schedule (if you know the time patterns)
- ASGs use Launch configurations or Launch Teplates (newer)
- To update an ASG, you must provide a new launch confgiuration / launch template
- IAM role attached to an ASG will get assigned to EC2 instances
- ASG itself is free
- Having instnaces under an ASG means that if they got terminated for whatever reason, the ASG will automatically create new one as a replacement.
- Based on the Metrics to create CloudWatch alarms and send SNS topic
ASG Custom Metric
- We can auto scale based on a custom metric (ex. number of connected users)
- 1. Send Custom metric from application on EC2 to CloudWatch (PutMetric API)
- 2. Create CloudWatch alarm to react to low / high values
- 3. Use the CloudWatch alaram as the scaling policy for ASG
- After an Auto scaling action, there is a cooldown period to prevent further action
- Can create additional Cooldown for Simple scaling policy
- To achieve AZ balance
- Termiated older EC2 instanaces first in one AZ
- Choose Launch Template for better service
Application Load Balaner provide a static DNS name. Network load balancer provide IP address.
- Reason chose a wrong answer was because just thinking about detail monorning enables 1 mins intervel data collections; but there is no such metric about request pre minutes... so need to use Custom metric, so not everything is just abot time, content matters
SAP
ALB
- ALB are a great fit micro services & container-based application
- Has a port mapping feature to redirect to a dynamic port in ECS
NLB
- For NLB, you don't have Lambda as target group
- You don't need to have X-Forward-For in header, it send additional connection information such as source and destination
Stickness
- Alternative is to cache session data in ElasticCache, DynamoDB for example
ASG
- Health check should be simple
- If calling a route to communicate with DB, then it is a bad health check, because it might take too long time for waiting response, then ASG consider EC2 as unhealthy.
Auto Scaling - Updating an application
1. Same target group + Two Launch Template + Shared traffic
- Keep the ALB
- Create a new Launch Template
- Then it will double the EC2 size
- Still belong to same Target group
- All EC2 instances shared the traffic because in the same target group
- Shutdown V1 instances when V2 working fine
2. Two Target groups + split traffic
- Same the same ALB, so no cache issue on client side
- Create new Target groups
- Therefore, we can split the traffic on target group level
- Send 5% traffic to TG2 in order to test whether it is working
- Shift all traffic to V2 if confident
3. Two ALBs + Route 53
- Create new ALB
- In order to test ALB v2, we neeed to use Route 53 to split traffic
- Then it become Client based LB, it might happen that client still talks to V1, although we want it talks to V2.
- Mirgraion will be slow because of TTL, DNS, cache
- But since we have a new ALB, we can do separate manual testing against ALB2, to make sure it works fine.
F: Step scaling policy doesn't have cooldown period.
E: Launch configuration cannot be edit
C: Traffic is unpredicatable, scheduled scaling won't help
B: IGW has no bindwidth limit
What's the Source IP address the APP Sees?
- If you were using ALB, the application will see ALB's IP, NOT clinet IP
- If you were using NLB, depends on how you locate EC2 instances
- Instance specified by InstanceID: then application see Client IP
- Instance specified by IP Address: then application see NLB IP
SSL/TLS
相关文章
- 172. SAP UI5 两大表格控件 sap.ui.table.Table 和 sap.m.Table 的使用场景辨析
- SAP UI5 sap.ui.layout.Grid 控件宽度百分比的设置原理
- SAP UI5 sap.ui.layout.Grid 控件概述
- 关于 SAP UI5 所有控件的共同祖先 - sap.ui.base.ManagedObject
- SAP UI5 应用中的 sap.ui.require.toUrl 使用场景
- SAP UI5 应用 index.html 里定义的 data-sap-ui-theme 值的加载原理
- SAP UI5 DynamicPage 控件介绍
- SAP UI5 初学者教程之二十 - SAP UI5 的表达式绑定用法讲解
- SAP UI5 jQuery.sap.getModulePath 的工作原理
- 一个最简单的SAP UI5应用部署到SAP云平台CloudFoundry环境后,自动生成了哪些资源
- SAP UI5 return sap.ui.view的实现
- SAP UI5应用的一个调试参数 - sap-ds-debug=true
- SAP ui5 jQuery.sap.getModulePath(FioriTest)
- 什么是 SAP Core Data Service Annotation Propagation
- SAP WebClient UI的会话重启原理
- 在SAP Business Application Studio里创建Fiori应用的操作流程
- SAP 电商云 Spartacus UI 的 proxy facade 是如何调用实际实现类
- SAP Spartacus CmsComponentConnector
- SAP CRM产品主数据的附件信息在搜索时就已经从后台被读取了
- SAP S/4HANA Material Fiori应用的搜索实现原理
- SAP BTP 应用 mta.yaml 里的 sap-btp-project1-dest-content module
- SAP ABAP Fiori Launchpad role based page - cached_sap_menu - 基于角色的页面显示原理
- 30. 如何使用 SEGW 的 redefine 功能对 SAP 标准 OData 服务进行扩展
- 25. 答疑 - SAP OData 框架处理 Metadata 元数据请求的实现细节,前后端组件部署在同一台物理服务器