Download - AWS ELB Tips & Best Practices
OpsStack · Operations-as-a-Service www.ChinaNetCloud.com Copyright © 2017 ChinaNetCloud
AWS ELB
Tips & Best Practices
OpsStack · Operations-as-a-Service www.ChinaNetCloud.com Copyright © 2017 ChinaNetCloud
By Steve Mushero
OpsStack · Operations-as-a-Service www.ChinaNetCloud.com Copyright © 2017 ChinaNetCloud
AGENDA I
Load testing
SSL
CNAMES
LB Within regions vs. across
L4 Issues
Internal LB - Don’t forget this
Logging
OpsStack · Operations-as-a-Service www.ChinaNetCloud.com Copyright © 2017 ChinaNetCloud
AGENDA II
X-Forwarded-For
Stickiness
In/Out & A/B Deploy
Draining
CLI use (role in CI/CD)
API use
OpsStack · Operations-as-a-Service www.ChinaNetCloud.com Copyright © 2017 ChinaNetCloud
ELBS ARE GREAT – USUALLY
• Very easy to use
• But some issues
• Limited Features
• Need extra work to work well
• Still need to manage & monitor it
• Good to know how it works
• We often use HAProxy with ELB
OpsStack · Operations-as-a-Service www.ChinaNetCloud.com Copyright © 2017 ChinaNetCloud
LOAD TESTING ELBS
• Can Load Test
• But Be Careful – Easy to Overload
• ELBs Automatically Managed
• ELBs Scaled Automatically
• Must Have Time to Adjust - Minutes
• Call Support For Pre-Warming for Scale
OpsStack · Operations-as-a-Service www.ChinaNetCloud.com Copyright © 2017 ChinaNetCloud
SSL IN ELB
• Supported !
• Many New Features
• Now in Console (was CLI only)
• Integrated with Cert Manager
• Use CLI / API for advanced stuff
• Careful of Cipher Options – Use latest
OpsStack · Operations-as-a-Service www.ChinaNetCloud.com Copyright © 2017 ChinaNetCloud
SECURITY GROUPS IN ELB
• Don’t forget these
• Especially for Dev/Test
• Front door of your system
• Name Clearly so ELB vs. EC2 VM
OpsStack · Operations-as-a-Service www.ChinaNetCloud.com Copyright © 2017 ChinaNetCloud
CNAMES
• Each ELB Cluster will have ONE
• You MUST use IT
• Do NOT use ELB’s IP
• It will change on failure or scale
• Remember, one ELB Instance per AZ
OpsStack · Operations-as-a-Service www.ChinaNetCloud.com Copyright © 2017 ChinaNetCloud
ELB WITHIN & ACROSS AVAIL ZONES
• One ELB instance per AZ
• Load Balancing is ACROSS ZONES
• NOT really across servers
• So use same # of VMs per Zone
OpsStack · Operations-as-a-Service www.ChinaNetCloud.com Copyright © 2017 ChinaNetCloud
ELB L4 SUPPORT
• Nice feature
• For non-HTTP
• APIs
• Web Sockets / Pollers
• Chat Systems
• Databases
• Games
OpsStack · Operations-as-a-Service www.ChinaNetCloud.com Copyright © 2017 ChinaNetCloud
INTERNAL ELB
• Between Subnets
• Useful for DB LB (read)
• Useful for internal HTTP
• Search, etc.
• Helps Separate Services
• Use with Docker / Micro-Services
OpsStack · Operations-as-a-Service www.ChinaNetCloud.com Copyright © 2017 ChinaNetCloud
ELB LOGGING
• Don’t forget this
• Disabled by Default
• Push HTTP Logs to S3
• Every 5 minutes
• Has response time / latency
• Need tools to read / analyze
OpsStack · Operations-as-a-Service www.ChinaNetCloud.com Copyright © 2017 ChinaNetCloud
X-FORWARDED-FOR HEADER
• Don’t forget this
• ELB will add this header
• Needed for Nginx/Apache to log real IP
• On by default, but you must use it
• You need to change your log format
OpsStack · Operations-as-a-Service www.ChinaNetCloud.com Copyright © 2017 ChinaNetCloud
STICKINESS
• How Existing Users are Distributed
• Required if no shared-session Cache
• Such as Java
• PHP doesn’t need if have Redis
• Even for same user
• ONLY on first time
• Sets Cookie with server ID
• Disabled by Default
OpsStack · Operations-as-a-Service www.ChinaNetCloud.com Copyright © 2017 ChinaNetCloud
IN/OUT & BLUE/GREEN DEPLOY
• DevOps Deployment
• Push to 1+ servers / containers
• Test them – Direct or Test ELB
• Cut-Over via ELB Target Pool
• Full or Partial Cut-Overs (Harder)
• Smoke Test Production
• Roll Back if Needed
• Simple with CLI/API
• Also Jenkins, etc. Integrations
OpsStack · Operations-as-a-Service www.ChinaNetCloud.com Copyright © 2017 ChinaNetCloud
CONNECTION DRAINING
• When VM Leaves Pool
• No New Conne tions
• But won’t break connections
• Better user experiences
• Remove a Server as Users Finish
• Used for Auto-Scale DOWN
• Also for Deployments
• Must Enable it on ELB
OpsStack · Operations-as-a-Service www.ChinaNetCloud.com Copyright © 2017 ChinaNetCloud
ELB CLI USE FOR CI/CD
• AWS CLI is your friend
• Great for testing
• Also calling BASH scripts
• Useful in Automation
• Useful in CI/CI
• Move VMs in/out of pools
• Can do on a control VM with Role
OpsStack · Operations-as-a-Service www.ChinaNetCloud.com Copyright © 2017 ChinaNetCloud
AUTO SCALING
• Add VMs with Load
• Uses ELB Metrics
• Many Metrics to use:
• Rejected Connections
• Healthy Host Count
• Latency (Scale on Rise)
OpsStack · Operations-as-a-Service www.ChinaNetCloud.com Copyright © 2017 ChinaNetCloud
CLOUD FRONT FOR ELB
• Can use
• Better Performance
• DDoS Protection
• Includes WAF
OpsStack · Operations-as-a-Service www.ChinaNetCloud.com Copyright © 2017 ChinaNetCloud
NEW ISSUES
• Micro-Service Hard – Port-to-Port Map
• Thus Poor Support for Docker
• New ALB Helps – Not in China
• Still Limited Features