Amazon AWS Certified Advanced Networking Specialty – Load Balancer Section Part 3

  • By
  • January 16, 2023
0 Comment

7. Understanding Network Load Balancer

Hey everyone, and welcome back to the Kplabs course. So in today’s lecture, we’ll be looking into network load balancers. So again, network load balancers are one of the new generation load balancers which AWS has introduced. So let’s look into what they are all about. Now, network load balancer, basically they work on the fourth layer of the OSI model. So if you look into the OSI model, so you have the physical, you have the data link, you have the network and you have the transport. So transport is the fourth layer of the OSI model. And if you look into the protocols supported in the fourth layer, which is TCP, UDP and various others. So since the network load balancer, which is also referred as NLB, is in the fourth layer, it only supports the protocols over here. So it does not support all the protocol, it supports the TCP protocol. However, one thing that you should also remember is that since it is working on the fourth layer, it will not be able to work based on the upper layer. So it cannot look into the Http request, something similar to what we were looking into, the application load balancer.

So application Load balancer can look into the Http request headers also, which the network load balancer cannot do. Now, the network load balancer, basically it has a different algorithm. So it works based on the flow hash algorithm, which is based on the combination of IP addresses, destination port, and the TCP sequence number. So this might be a little confusing. Let me show you one example. So when it comes to the classic load balancers, so classic load balancers, they generally work based on round robin algorithm. So when it comes to load balancing, there are various ways in which the load balancing actually works. So there are a lot of algorithms based on which the load balancing happens. So classic load balancer, generally they work based on round robin. So the first request went to the KP labs, second request went to the My Kplabs. Again, if I refresh, it goes to the KP labs. Again. If I refresh, it goes to the My Kplabs. So you see, one time it goes to the first server, second times it goes to the second server. So this is the round robin algorithm.

Network load balancer, on the other hand, they do not work based on round robin. So each individual TCP connection is routed to a single target for the lifetime of the connection. So we discussed that flow hash algorithm works based on IP address, destination and TCP sequence numbers. So I’ll give you one of the examples. So I’ll open up one of the wireshack packets. Perfect. So if I’ll just open up any random packet over here and go to the transmission control protocol. So this is where the NLP operates. Now, within this there is a port, a port number, there is a sequence number. So if you will see you also have the sequence number and on the Internet protocol is where the IP addresses are defined. So this is the IP address. So the network load balancer works based on IP address, the destination port and the TCP sequence number and then it will choose the appropriate target. So let me quickly give you an example. So I have a KP labs network.

So this is basically the network load balancer. So you see the type is network. So when I open up the DNS name, it is routed to my Kplabs internal. Now there is a target group which is associated with the Kplabs network. I’ll also show you the target group. So this is the target group and within the target group there are two instances. So now if I refresh, you see it went to the same server again, I refresh, it went to the same server again, I refresh, it went to the same server and this is because this is the same connection. So this is an individual same TCP connection and this is the reason why it is going to the same target group service. So this does not really work based on Round Robin. So AWS has not really documented the exact steps which are part of the flow hash algorithm. They have only said that this is how it works and thus that’s it. So this is like a black box, kind of a scenario which they have given out. So there are a few advantages of a network load balancer.

Specifically when it comes to the application load balancer. First, it has the ability to handle a very volatile workload and it can actually scale to millions of requests per second. It can handle millions of requests per second. This is one of the very big advantage of the network load balancer. So if you have a volatile workload which changes and you expect the load balancer to scale millions of requests per second, network load balancer is for you. So one important thing to remember, second, which is a very interesting, is that it supports the use of static IP addresses. So we can now make use of elastic IP addresses. So load balancer, having dynamic IP address was a very big pain. So now network load balancer actually supports the static IP addresses. So before we conclude this lecture, I’ll just show you now the overall concept of the network load balancer and the application load balance is very similar. So if you’ll see network load balancer have four taps, application load balancer have four taps, network load balancer also have a listener, application load balancer also has a listener and both of them has a target groups.

So if you understand application load balancer, you will understand the network load balancer as well. Now, the only difference between the major difference is that the application load balancer works based on the Http protocol. The network load balancer works based on the transport protocol, TCP protocol. I would say, and this is the reason why within the application layer, you can actually make the routing decision based on the application, the Http protocol headers. So this is possible now, since network load balancer cannot understand Http, cannot see the Http headers, it cannot make routing decisions based on Http protocol. You see, we cannot really edit this when we add a listener. The only thing that we can work based on is the TCP and the port number. That is it. We cannot really make those fancy decisions based on host headers, based on the path Uris, et cetera. But good thing is that it can support a wallet tell workloads, it can have a static IP address.

8. Implementing Network Based Load Balancers

And welcome to the Kplabs course. So in today’s lecture, we will be discussing about the implementation aspect related to the network load balancer. Now, one of the things that we had discussed earlier is that network load balancer now supports static IP addresses and you can associate your elastic IP address within your account to the network load balancer. Great. So this seems to be quite interesting. So the first thing that we would ideally do before we configure the network load balancer is to make sure that we have elastic IP addresses in place. So in my case, I have a few elastic IP addresses which are not associated, and these are the free elastic IP addresses which I can use. Perfect. So now the next thing that we’ll do is we’ll create a load balancer. This would be of type network. I’ll name this as say network load balancer demo.

It would be Internet facing the protocol. Again, as we discussed that it works based on the fourth layer and it only supports TCP protocol. So if you go with down, you’ll have to select the Availability zone where the load balancer nodes will be created. I select the Availability Zone, US East one A, and as soon as I select it, you see within the elastic IP you have the option to select which elastic IP address you want to associate. So I’ll just select the 34 series and I’ll go to configure routing. So this is where you have to select the target group. So let’s create a new target group. I’ll say network load, balancer demo, target type. Again, it would be instances protocol would be either http, https or TCP. So you can select any one of them. So these are the protocols for health checks. Okay, so I’ll go to the TCP. This is the place where you can do the threshold value. I’ll just make it as defaults. So now within the targets, I’ll select the two instances that are running Kplab one, Kplab Two.

I’ll add it to the registered targets, I’ll click on next review and I can go ahead and create perfect. So our network load balancer is in the state of provisioning. So it takes little amount of time for the network load balancers to get configured. So let’s just wait for a while for the status to change from provisioning to available. Okay, so it has been close to three to four minutes and now our network load balancer change has happened from provisioning to active. So now let’s look into the DNS and let’s verify whether everything is working as expected.

So I’ll paste this within my browser and you see things are working good as expected. Perfect. So one thing that we had discussed related to static IPS, so we had assigned let me just refresh the page. You see, we had assigned this specific IP and it is now associated with a specific eni. So if I’ll go ahead and open up the Eni. So this is the elastic network interface which is associated, and this is the ELB network load balancers. Perfect. Now, the IP address associated is 342-34-2129. So let’s do a quick Lookup and look into what is the IP address which is associated with this load balancer. See 34 234 to one, two dot 190. And this is the static elastic IP address which is present.

Now, you can also have multiple elastic IP addresses, so you have to add multiple Availability Zones when you create a load balancer. So in our demo session, we had only added one Availability Zone, but if you add Multiple Availability Zone, then there will be multiple elastic IPS for the same network load balancer. This is it. About the network load balancer, the configuration is quite simple, so if you understand application load balancer related terminology like listeners, target groups, same thing applies for the NLB as well. So this is it. I hope this has been informative for you and I look forward to seeing you in the next lecture.

9. ELB Sandwich Architecture

Hey everyone and welcome back. In today’s video we will be discussing about ELB Sandwich. So I am very sure that you already know this specific how exactly this architecture is. However, in exam suddenly if you see that there is a word or there is a question related to ELB Sandwich, a lot of people get confused because they do not really know that this term applies to a specific architecture. So let’s look into what ELB Sandwich architecture really looks like. So if you look into this type of architecture where you have an internet gateway and below that you have an ELB. Now this ELB is sending traffic to a set of web servers. Now this set of web servers are then forwarding traffic to the second ELB, which in turn is sending the traffic to another set of servers. So this specific architecture. So if you see this is the first ELB, this is the second ELB and there are set of servers between them. So this set of architecture is called as the ELB Sandwich Architecture. Now this kind of architecture is very useful in lot of scenarios. So what you can do with this type of architecture is that you can have a certain set of web application firewalls here. So when you receive a traffic from the external ELV, these are a set of web application firewall, easy to instances in Auto Scaling group which will verify whether the incoming traffic has any security related events or not.

If not, then this set of web application servers will then forward the traffic to the internal ELB and internal ELB will then distribute the traffic among set of web servers in the Auto Scaling mode. So this is what the ELB Sandwich architecture looks like. So in exams there are a lot of cases where you might get questioned related to ELV Sandwich architecture. So just understand on where this type of architecture can be used. I’ll give you one more example. In fact in one of the organization that I have been working with, what we had was we had an ELB Sandwich architecture where you had an external ELB. Now within this, within the first layer we had a set of NGINX instances which used to do a lot of filtering related to web application firewall, related to static assets and various others.

Now this set of NGINX instances would then forward the traffic to an internal ELB and then internal ELB would in turn send forward the traffic to the application servers. So you had these web servers in Auto Scaling mode, you had these application servers in Auto Scaling mode. So there can be various different architectural designs which you can have with the help of ELV Sandwich architecture. So this is something that you need to remember. Make sure that you understand what this ELV Sandwich architectures are. And basically one important advantage which allows ELB Sandwich architecture to be popular because it allows this instances to scale horizontally and this is one of the important aspects of this type of architecture.

Comments
* The most recent comment are at the top

Interesting posts

The Growing Demand for IT Certifications in the Fintech Industry

The fintech industry is experiencing an unprecedented boom, driven by the relentless pace of technological innovation and the increasing integration of financial services with digital platforms. As the lines between finance and technology blur, the need for highly skilled professionals who can navigate both worlds is greater than ever. One of the most effective ways… Read More »

CompTIA Security+ vs. CEH: Entry-Level Cybersecurity Certifications Compared

In today’s digital world, cybersecurity is no longer just a technical concern; it’s a critical business priority. With cyber threats evolving rapidly, organizations of all sizes are seeking skilled professionals to protect their digital assets. For those looking to break into the cybersecurity field, earning a certification is a great way to validate your skills… Read More »

The Evolving Role of ITIL: What’s New in ITIL 4 Managing Professional Transition Exam?

If you’ve been in the IT service management (ITSM) world for a while, you’ve probably heard of ITIL – the framework that’s been guiding IT professionals in delivering high-quality services for decades. The Information Technology Infrastructure Library (ITIL) has evolved significantly over the years, and its latest iteration, ITIL 4, marks a substantial shift in… Read More »

SASE and Zero Trust: How New Security Architectures are Shaping Cisco’s CyberOps Certification

As cybersecurity threats become increasingly sophisticated and pervasive, traditional security models are proving inadequate for today’s complex digital environments. To address these challenges, modern security frameworks such as SASE (Secure Access Service Edge) and Zero Trust are revolutionizing how organizations protect their networks and data. Recognizing the shift towards these advanced security architectures, Cisco has… Read More »

CompTIA’s CASP+ (CAS-004) Gets Tougher: What’s New in Advanced Security Practitioner Certification?

The cybersecurity landscape is constantly evolving, and with it, the certifications that validate the expertise of security professionals must adapt to address new challenges and technologies. CompTIA’s CASP+ (CompTIA Advanced Security Practitioner) certification has long been a hallmark of advanced knowledge in cybersecurity, distinguishing those who are capable of designing, implementing, and managing enterprise-level security… Read More »

Azure DevOps Engineer Expert Certification: What’s Changed in the New AZ-400 Exam Blueprint?

The cloud landscape is evolving at a breakneck pace, and with it, the certifications that validate an IT professional’s skills. One such certification is the Microsoft Certified: DevOps Engineer Expert, which is validated through the AZ-400 exam. This exam has undergone significant changes to reflect the latest trends, tools, and methodologies in the DevOps world.… Read More »

img