aws elb tips & best practices

OpsStack · Operations-as-a-Service www.ChinaNetCloud.com Copyright © 2017 ChinaNetCloud

AWS ELB

Tips & Best Practices


By Steve Mushero


AGENDA I

Load testing

SSL

CNAMES

LB Within regions vs. across

L4 Issues

Internal LB - Don’t forget this

Logging


AGENDA II

X-Forwarded-For

Stickiness

In/Out & A/B Deploy

Draining

CLI use (role in CI/CD)

API use


ELBS ARE GREAT – USUALLY

• Very easy to use

• But some issues

• Limited Features

• Need extra work to work well

• Still need to manage & monitor it

• Good to know how it works

• We often use HAProxy with ELB


LOAD TESTING ELBS

• Can Load Test

• But Be Careful – Easy to Overload

• ELBs Automatically Managed

• ELBs Scaled Automatically

• Must Have Time to Adjust - Minutes

• Call Support For Pre-Warming for Scale


SSL IN ELB

• Supported !

• Many New Features

• Now in Console (was CLI only)

• Integrated with Cert Manager

• Use CLI / API for advanced stuff

• Careful of Cipher Options – Use latest


SECURITY GROUPS IN ELB

• Don’t forget these

• Especially for Dev/Test

• Front door of your system

• Name Clearly so ELB vs. EC2 VM


CNAMES

• Each ELB Cluster will have ONE

• You MUST use IT

• Do NOT use ELB’s IP

• It will change on failure or scale

• Remember, one ELB Instance per AZ


ELB WITHIN & ACROSS AVAIL ZONES

• One ELB instance per AZ

• Load Balancing is ACROSS ZONES

• NOT really across servers

• So use same # of VMs per Zone


ELB L4 SUPPORT

• Nice feature

• For non-HTTP

• APIs

• Web Sockets / Pollers

• Chat Systems

• Databases

• Games


INTERNAL ELB

• Between Subnets

• Useful for DB LB (read)

• Useful for internal HTTP

• Search, etc.

• Helps Separate Services

• Use with Docker / Micro-Services


ELB LOGGING

• Don’t forget this

• Disabled by Default

• Push HTTP Logs to S3

• Every 5 minutes

• Has response time / latency

• Need tools to read / analyze


X-FORWARDED-FOR HEADER

• Don’t forget this

• ELB will add this header

• Needed for Nginx/Apache to log real IP

• On by default, but you must use it

• You need to change your log format


STICKINESS

• How Existing Users are Distributed

• Required if no shared-session Cache

• Such as Java

• PHP doesn’t need if have Redis

• Even for same user

• ONLY on first time

• Sets Cookie with server ID

• Disabled by Default


IN/OUT & BLUE/GREEN DEPLOY

• DevOps Deployment

• Push to 1+ servers / containers

• Test them – Direct or Test ELB

• Cut-Over via ELB Target Pool

• Full or Partial Cut-Overs (Harder)

• Smoke Test Production

• Roll Back if Needed

• Simple with CLI/API

• Also Jenkins, etc. Integrations


CONNECTION DRAINING

• When VM Leaves Pool

• No New Conne tions

• But won’t break connections

• Better user experiences

• Remove a Server as Users Finish

• Used for Auto-Scale DOWN

• Also for Deployments

• Must Enable it on ELB


ELB CLI USE FOR CI/CD

• AWS CLI is your friend

• Great for testing

• Also calling BASH scripts

• Useful in Automation

• Useful in CI/CI

• Move VMs in/out of pools

• Can do on a control VM with Role


AUTO SCALING

• Add VMs with Load

• Uses ELB Metrics

• Many Metrics to use:

• Rejected Connections

• Healthy Host Count

• Latency (Scale on Rise)


CLOUD FRONT FOR ELB

• Can use

• Better Performance

• DDoS Protection

• Includes WAF


NEW ISSUES

• Micro-Service Hard – Port-to-Port Map

• Thus Poor Support for Docker

• New ALB Helps – Not in China

• Still Limited Features

OpsStack · Operations-as-a-Service www.ChinaNetCloud.com Copyright © 2017 ChinaNetCloudOpsStack · Operations-as-a-Service www.ChinaNetCloud.com Copyright © 2017 ChinaNetCloud

USE & LOVE YOUR ELBS

ELB ME

aws elb tips & best practices

Internet