Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

AWS ELB Tips & Best Practices

479 views

Published on

AWS & ChinaNet Cloud Event 3/30/17 by Steve Mushero - about Elastic Load Balancer on AWS

Published in: Internet
  • Login to see the comments

AWS ELB Tips & Best Practices

  1. 1. OpsStack · Operations-as-a-Service www.ChinaNetCloud.com Copyright © 2017 ChinaNetCloud AWS ELB Tips & Best Practices OpsStack · Operations-as-a-Service www.ChinaNetCloud.com Copyright © 2017 ChinaNetCloud By Steve Mushero
  2. 2. OpsStack · Operations-as-a-Service www.ChinaNetCloud.com Copyright © 2017 ChinaNetCloud AGENDA I Load testing SSL CNAMES LB Within regions vs. across L4 Issues Internal LB - Don’t forget this Logging
  3. 3. OpsStack · Operations-as-a-Service www.ChinaNetCloud.com Copyright © 2017 ChinaNetCloud AGENDA II X-Forwarded-For Stickiness In/Out & A/B Deploy Draining CLI use (role in CI/CD) API use
  4. 4. OpsStack · Operations-as-a-Service www.ChinaNetCloud.com Copyright © 2017 ChinaNetCloud ELBS ARE GREAT – USUALLY • Very easy to use • But some issues • Limited Features • Need extra work to work well • Still need to manage & monitor it • Good to know how it works • We often use HAProxy with ELB
  5. 5. OpsStack · Operations-as-a-Service www.ChinaNetCloud.com Copyright © 2017 ChinaNetCloud LOAD TESTING ELBS • Can Load Test • But Be Careful – Easy to Overload • ELBs Automatically Managed • ELBs Scaled Automatically • Must Have Time to Adjust - Minutes • Call Support For Pre-Warming for Scale
  6. 6. OpsStack · Operations-as-a-Service www.ChinaNetCloud.com Copyright © 2017 ChinaNetCloud SSL IN ELB • Supported ! • Many New Features • Now in Console (was CLI only) • Integrated with Cert Manager • Use CLI / API for advanced stuff • Careful of Cipher Options – Use latest
  7. 7. OpsStack · Operations-as-a-Service www.ChinaNetCloud.com Copyright © 2017 ChinaNetCloud SECURITY GROUPS IN ELB • Don’t forget these • Especially for Dev/Test • Front door of your system • Name Clearly so ELB vs. EC2 VM
  8. 8. OpsStack · Operations-as-a-Service www.ChinaNetCloud.com Copyright © 2017 ChinaNetCloud CNAMES • Each ELB Cluster will have ONE • You MUST use IT • Do NOT use ELB’s IP • It will change on failure or scale • Remember, one ELB Instance per AZ
  9. 9. OpsStack · Operations-as-a-Service www.ChinaNetCloud.com Copyright © 2017 ChinaNetCloud ELB WITHIN & ACROSS AVAIL ZONES • One ELB instance per AZ • Load Balancing is ACROSS ZONES • NOT really across servers • So use same # of VMs per Zone
  10. 10. OpsStack · Operations-as-a-Service www.ChinaNetCloud.com Copyright © 2017 ChinaNetCloud ELB L4 SUPPORT • Nice feature • For non-HTTP • APIs • Web Sockets / Pollers • Chat Systems • Databases • Games
  11. 11. OpsStack · Operations-as-a-Service www.ChinaNetCloud.com Copyright © 2017 ChinaNetCloud INTERNAL ELB • Between Subnets • Useful for DB LB (read) • Useful for internal HTTP • Search, etc. • Helps Separate Services • Use with Docker / Micro-Services
  12. 12. OpsStack · Operations-as-a-Service www.ChinaNetCloud.com Copyright © 2017 ChinaNetCloud ELB LOGGING • Don’t forget this • Disabled by Default • Push HTTP Logs to S3 • Every 5 minutes • Has response time / latency • Need tools to read / analyze
  13. 13. OpsStack · Operations-as-a-Service www.ChinaNetCloud.com Copyright © 2017 ChinaNetCloud X-FORWARDED-FOR HEADER • Don’t forget this • ELB will add this header • Needed for Nginx/Apache to log real IP • On by default, but you must use it • You need to change your log format
  14. 14. OpsStack · Operations-as-a-Service www.ChinaNetCloud.com Copyright © 2017 ChinaNetCloud STICKINESS • How Existing Users are Distributed • Required if no shared-session Cache • Such as Java • PHP doesn’t need if have Redis • Even for same user • ONLY on first time • Sets Cookie with server ID • Disabled by Default
  15. 15. OpsStack · Operations-as-a-Service www.ChinaNetCloud.com Copyright © 2017 ChinaNetCloud IN/OUT & BLUE/GREEN DEPLOY • DevOps Deployment • Push to 1+ servers / containers • Test them – Direct or Test ELB • Cut-Over via ELB Target Pool • Full or Partial Cut-Overs (Harder) • Smoke Test Production • Roll Back if Needed • Simple with CLI/API • Also Jenkins, etc. Integrations
  16. 16. OpsStack · Operations-as-a-Service www.ChinaNetCloud.com Copyright © 2017 ChinaNetCloud CONNECTION DRAINING • When VM Leaves Pool • No New Conne tions • But won’t break connections • Better user experiences • Remove a Server as Users Finish • Used for Auto-Scale DOWN • Also for Deployments • Must Enable it on ELB
  17. 17. OpsStack · Operations-as-a-Service www.ChinaNetCloud.com Copyright © 2017 ChinaNetCloud ELB CLI USE FOR CI/CD • AWS CLI is your friend • Great for testing • Also calling BASH scripts • Useful in Automation • Useful in CI/CI • Move VMs in/out of pools • Can do on a control VM with Role
  18. 18. OpsStack · Operations-as-a-Service www.ChinaNetCloud.com Copyright © 2017 ChinaNetCloud AUTO SCALING • Add VMs with Load • Uses ELB Metrics • Many Metrics to use: • Rejected Connections • Healthy Host Count • Latency (Scale on Rise)
  19. 19. OpsStack · Operations-as-a-Service www.ChinaNetCloud.com Copyright © 2017 ChinaNetCloud CLOUD FRONT FOR ELB • Can use • Better Performance • DDoS Protection • Includes WAF
  20. 20. OpsStack · Operations-as-a-Service www.ChinaNetCloud.com Copyright © 2017 ChinaNetCloud NEW ISSUES • Micro-Service Hard – Port-to-Port Map • Thus Poor Support for Docker • New ALB Helps – Not in China • Still Limited Features
  21. 21. OpsStack · Operations-as-a-Service www.ChinaNetCloud.com Copyright © 2017 ChinaNetCloudOpsStack · Operations-as-a-Service www.ChinaNetCloud.com Copyright © 2017 ChinaNetCloud USE & LOVE YOUR ELBS ELB ME

×