Amazon AWS Certified Advanced Networking Specialty – Load Balancer Section Part 2

  • By
  • January 16, 2023
0 Comment

4. Implementing Path Based Routing in ALB

Hey everyone, and welcome back to the KP Labs course. So in the earlier lecture, we had discussed about the application load balancer and one of its feature which is path based routing. So we had a demo. So what we’ll do in today’s lecture is we’ll actually configure our first application load balancer. So in today’s lecture, we’ll be configuring our first album Be, along with the path based routing. And we’ll also look into the feature of register IP as a targets. Perfect. So before we can implement path based routing, what we’ll do, we already have two servers over here, and within two servers we need to have these two separate directories. So let me give you an overview. So we already have two servers, kplab one, Kplab two. Now within the one server we’ll have a directory call as slash Images, and within the Kplab two we’ll have a directory call as Work.

So let me actually show you. So if I go to User share NGINX HTML, you see that I have already a directory call as Images. You can simply run the Mkdir command and create this directory. Now, within this directory I have an image which is Galaxy GPG, and you can have any image that you intend to have. Similarly, in the second server. So this is the Kplab two server. I’ll go to the User share NGINX HTML, and if I do a LSO here I have a directory college work, and inside work I have a filecollarswork TXT.

So what we’ll do, we’ll change the contents. I’ll say I like travel but no work. Perfect. So let’s quickly verify whether we can actually access both the contents from the server. So images, galaxy this seems to be working. I’ll copy the IPV four of the second server and I’ll go to work TXT and see I like travel but no work. Perfect. So as far as the server side is concerned, thing seems to be working perfectly. So now we can go ahead and implement the application load balancer. So go to the Load balancers, click on Create a new Load Balancer and this time we’ll be selecting the application Load balancer. Go ahead and click on Create. So I’ll name this as KP lags hyphen ALB. Now the scheme again, it can be Internet facing as well as internal. I’ll use the internal load balancer protocol.

I’ll put it as 80 availability zone. I’ll just select two Availability Zones and I’ll click on Configure the security groups. So I’ll just use the default Security group which allows 80 for everyone. Now comes the configure routing. So within this, just give a name. I’ll just give a random name that you intend to do. I’ll just say External and within the target type. If you’ll see over here you have the target type of either instance or IP, so you can have any one of them. I’ll select IP for the time being. Now, since I had selected the IP I have to put in the IP address of the EC two instances. So let me put in the IP address. I’ll put in the IP address over here.

Now as Oops it has to be private IP. My mistake. So once you put in the private IP address, just click on Add to List and this will automatically get added to the list. Go to review and click on Create. Perfect. So now we have application load balancer, which is configured. So now since we have added the IP address of this instance, what you can do is whenever you go to the DNS name associated, it will open up this specific IP address. So let’s go to index HTML. So it takes a little time for the resolution to happen. So till that time, let me confirm whether the resolution is fast. You see it has not yet resolved. So generally it resolves quite fast. But today and even yesterday, the name resolution has been taking quite a while. Anyway, so till the time this specific ALB name gets resolved, what we’ll do we’ll look into how we can implement the images and the work based routing. So within the load balancer, just click on Target groups. So this is the new target group which was configured.

So let’s create a new target group. I’ll name this as Images and the target type you can have instance you can have based on IP address. I’ll select IP address for the time being and click on Create. So now you have a target group. Now within this target group you have to configure the instances. Now for the images I have the KP lab one. So I’ll copy the IP address of Kplab One and within the target I’ll add a new target. Perfect. And I’ll select register. So this target has been registered successfully. Similar to this, I’ll create one more target group. The target group name would be Work. The target type would be IP Address and click on Create. Now within the work I’ll again so this work should go to the Kplab two instance. So I’ll just copy the private IP and I’ll register this with the target group. Perfect. Great. So now what we have is we have two target groups.

One target group is of images. So this is the target group and the easy to instance associated with this target group is kplab zero one. Similarly, we have one more target group called as slash Work or Work. And this target group is associated with Kplab two. Now, what we need to do is we have to associate these two target groups with the ALB rules. So in order to do that, go to the Load Balancer, go to the ALB which you have created. Select listeners. So there is one listener which is configured click on View and Edit rules. So there is one rule which is already created. So this is the default rule. So just click Add and here we’ll insert a new rule. So here we’ll select the path pattern. Path pattern would be images. And so what this basically means that within the Uri if there is an images which is present, then forward this to a target group which is Images and I’ll click on Save. Perfect.

Now similar to this, I’ll add one more rule where path pattern would be work and anything which comes with the Uri of work should be forwarded to the target group of work. Perfect. So this is a nice little path based routing rules that we had configured for our ALB. So now let’s quickly verify whether the DNS name is now resolving and it is indeed resolving. So I’ll copy the DNS name of this ALB and now as soon as I put the DNS name so since let me quickly show you why this page has actually come up. So if you go to the listeners and if you look into the edit rules, there are three rules. So if it is work, if the Uri has work, it will go to the work target group.

If the Uri has images, it will go to the Images target group. However, if the Uri does not have anything, then it will show you the default page. So this is the default rule which is added over here. Perfect. So now let’s go to Images. I’ll say galaxy. Jpg you see it seems to be working perfectly. Now, let’s try work. PXT and again this seems to be working perfectly. So this is what the path based routing for the application load balancer is all about. So pretty simple but quite powerful. So this is it. About this lecture, I hope this has been informative for you and I look forward to seeing you in the next lecture.

5. ALB – Listeners & Target Groups

Hey everyone and welcome back to the KP Labs course. So in today’s lecture we will be discussing about the listeners and the target groups. Now, these two are very important concepts to understand as far as the application load balance is concerned and even the network load balancers. So let’s go ahead and understand this in much more depth so that our concepts are much more clear. So in simple terms, listeners are basically the processes in the load balancer which checks for the connection request. Now, listener works based on two aspects. One is the protocol and second is the ports. So before we begin understanding more, I’ll just give you one example.

So if you go into a classic load balancer, you see there are already listeners and the listeners work based on protocol and port based connection. And the same part goes with the application load balancer and the network load balancer as well. So I hope you already know what listeners are all about. So one of the examples is Http protocol and port 80 or maybe Http protocol and port 80 80. So these are various listener configurations that we can have. Now, the new concept is that each listener is associated with the target group. Now, this is not part of the classic load balancer but is part of the next generation load balancers. So you create a listener. So there is a default listener which is added to the application load balancer and the same listener, it gets connected with the target group. Now, Target group again gets associated with the instance ID. So what you do, you create an application load balancer with a default listener. Now, the default listener will not have any instances, it connects to the target group and target group in turn connects with the instances.

So I’ll give you a reference with the classic load balancer again. So within the instances. So you see within classic load balancer you have two important tabs. One is the instances tab where you can add or remove the instances. And second is the health check tab where you can configure the health checks. Now all of these tabs, these two tabs are within the load balancer console itself. However, for the application load balancer you see those two tabs are not here. And same goes for the network load balancer.

Those two tabs are not here. So question is where are the instances and the health check related configuration done? And these configurations are done based on target groups. So you configure those two configuration within a target group and then you attach that target group to the listeners. So within the load balancer they have added a new tab called as target group. So this is the target group. So whenever you create a target group, you see you can configure the instances by the instance IDs, by the VPC. And you also have the protocol and the port related information that can be configured over here. So this is a logical diagram which actually gives you the basic flow on how exactly things are done perfect. So let’s look into the overall architecture.

So the first thing you do is you the listener is created. So whenever you create an ALB, automatically a default listener gets added within the application load balancer. However, you can have multiple listeners also, which you can add at a later amount of time. So you create a listener and you create a target group. So these are the target group and this is the listener. So within the ALB, again the default target group is already created. So the target group in turn associates with a certain server. So you have target group one, target group two associates it with a server. Now we can reference to the server based on the instance and the IP address.

We have already seen that. Now the listener intern gets connected with the target group and the elastic load balancer of the application ALP gets connected with the listeners. Now this is the logical flow of diagram. Now the listener in turn gets added with the conditions. So there can be multiple conditions over here. So we have already looked into pathways routing where there were two conditions. So if the Uri contains images then it should go to the target group one or if it contains work, it goes to the target group two. And in turn target group one has a different set of servers. Target group two has its own different set of servers. So this is the basic logical diagram related to the listeners, related to the target groups and also what conditions are all about.

6. ALB – Conditions & Host Based Routing

Hey everyone and welcome back to the KP Labs course. So in today’s lecture, we’ll be looking into the conditions which we can apply during the routing aspect and we’ll also look into the host based routing as far as the next generation load balances are concerned. So we have already discussed this part where you have a listener and within the listener we have a condition. So this was based on the path based routing. So the conditions where if there’s an images within the Uri pattern, then it goes to the target group one. And if there is something called a slash work, it goes to the target group two. So this is called as the path based conditions. Now, when it comes to the conditions type, there are two major types of conditions which are available. One is the path based condition and second is the host header based condition. So a path based condition basically allows us to forward the traffic to appropriate target groups depending upon the path of the URL which is received to the ALB. Similarly, host based condition actually looks into the host header of the Http packet and depending upon the host header, it forwards the traffic to the appropriate target group.

So let’s look into what I mean by this. So you have a listener, you have the conditions, so there are two types of conditions. So you have the path based condition and you have the host header based condition. So we already looked into what path based condition is all about. Will today discuss about the host header. So now what happens is if we are using host header, you assume that the host header has this value which is Kplabs internal. If it has, then it will forward it to the target group one. If the host header has my Kplabs internal, then it will forward it to the target group two. So this is very similar to hosting multiple domains within the same listener. So if it is example. com, forward it to target group one. If it is say test, it will forward it to target group two. So you can actually host multiple domains within the same load balancer.

So this is one part which was not really possible in a classic load balancers. This is part of the next generation load balancers. So let’s look into how exactly this would work like so let’s begin. So I have an application load balancer and within the load balancer in the listener configuration, I have two rules which are host based rules. So if I click on edit over here, these are basically the host based headers which are added. So if the domain is Kplapse menu. com, so if someone visits this specific domain, then it will forward it to the KP Labs Hyphen server target group. If the host header has my Kplabs menu. com, then it will forward it to the my kplabs servers target group.

So let’s look into the target group as well. So the Kplab server target group has one instance which is associated with it which is KP lab one and my KP labs servers target group has another instance which is KP lab two which is associated. So let me show you each one of them. So if I go to Kplab one it will say kplabs internal, if I go to Kplab two it will show you my Kplabs internal. So a very straightforward lab. So anyone visiting Kplabs Munmu.com, it should open up the Kplabs internal. Anyone visiting my Kplabs Munmu. com, it should open my Kplabs internal. So along with that I’ll also show you the route settings that I have already added to both the domains. So both the domains are actually have a CNAME of the application load balancer which we have already created. So this is my public hosted zone and I’ll say kplabs. So you have kplabs and you see it is connected with the application load balancer. This is of type c name. I have my Kplabs internal which is again connected to the same application load balancer. So the same load balancer is actually hosting multiple sub domains, it can be domains as well, it does not really matter, but I have two sub domains which are sending to the same load balancer.

So let’s try and see on how exactly that would really look like. So I am connected to ignite mode, I’ll go and do a control shift I. So if you do a control shift I, you have the inspect element that comes in. So I’ll do kplabs, Mu and New. So when I do that, you know what is going to be the answer, it is going to be Kplabs internal. Now, when it comes to host based header we already discussed, let me again show you on what I mean by this. So within the listener if you add a rule, there are two ways. One is the host header and second is the path pattern. Path pattern is something that we already looked currently we are looking in the host header. So within the host header we can actually give the domain say my Kplabs mu and mu. com we have already given this in the second condition but this is how you can actually do it. So within the host header if you give this path which is my KP labs so what the ALB does ALB will look into the host headers of the Http protocol. So if I click here KP lapse if you go a bit down, this is the request headers. So within the request headers you see I have the host header which is Kplabs menu. com. So this request header is sent by my browser to the load balancer. So load balancer will check this host headers and depending upon the conditions of the listeners. So if you will see I have two conditions depending upon the conditions of the listeners. Once it has found that the host header which is sent from the browser is Kplabs Munu. com.

Then it will forward it to one set of servers, something very similar. If it finds a specific domain, it will forward it to a target group one. If it has a different domain, it will forward it to the target group two. Perfect. So similarly, let’s open up new tab. I’ll open up this time I’ll say meek Labs Munmu. com and this time you see I have my Kplabs internal ah. If you open up here, go to the host header. The host header now is my KP lapse into Menu. com. So this is how the application load balancer actually does the entire routing based on the host headers sent by the browser or by the Http client?

Comments
* The most recent comment are at the top

Interesting posts

The Growing Demand for IT Certifications in the Fintech Industry

The fintech industry is experiencing an unprecedented boom, driven by the relentless pace of technological innovation and the increasing integration of financial services with digital platforms. As the lines between finance and technology blur, the need for highly skilled professionals who can navigate both worlds is greater than ever. One of the most effective ways… Read More »

CompTIA Security+ vs. CEH: Entry-Level Cybersecurity Certifications Compared

In today’s digital world, cybersecurity is no longer just a technical concern; it’s a critical business priority. With cyber threats evolving rapidly, organizations of all sizes are seeking skilled professionals to protect their digital assets. For those looking to break into the cybersecurity field, earning a certification is a great way to validate your skills… Read More »

The Evolving Role of ITIL: What’s New in ITIL 4 Managing Professional Transition Exam?

If you’ve been in the IT service management (ITSM) world for a while, you’ve probably heard of ITIL – the framework that’s been guiding IT professionals in delivering high-quality services for decades. The Information Technology Infrastructure Library (ITIL) has evolved significantly over the years, and its latest iteration, ITIL 4, marks a substantial shift in… Read More »

SASE and Zero Trust: How New Security Architectures are Shaping Cisco’s CyberOps Certification

As cybersecurity threats become increasingly sophisticated and pervasive, traditional security models are proving inadequate for today’s complex digital environments. To address these challenges, modern security frameworks such as SASE (Secure Access Service Edge) and Zero Trust are revolutionizing how organizations protect their networks and data. Recognizing the shift towards these advanced security architectures, Cisco has… Read More »

CompTIA’s CASP+ (CAS-004) Gets Tougher: What’s New in Advanced Security Practitioner Certification?

The cybersecurity landscape is constantly evolving, and with it, the certifications that validate the expertise of security professionals must adapt to address new challenges and technologies. CompTIA’s CASP+ (CompTIA Advanced Security Practitioner) certification has long been a hallmark of advanced knowledge in cybersecurity, distinguishing those who are capable of designing, implementing, and managing enterprise-level security… Read More »

Azure DevOps Engineer Expert Certification: What’s Changed in the New AZ-400 Exam Blueprint?

The cloud landscape is evolving at a breakneck pace, and with it, the certifications that validate an IT professional’s skills. One such certification is the Microsoft Certified: DevOps Engineer Expert, which is validated through the AZ-400 exam. This exam has undergone significant changes to reflect the latest trends, tools, and methodologies in the DevOps world.… Read More »

img