Amazon AWS Certified Advanced Networking Specialty – Load Balancer Section Part 4
10. Understanding Cross Zone Load Balancing
Hey everyone and welcome back. In today’s video we will be discussing about the cross zone load balancing. Now, before we go ahead and understand about the cross zone load balancing, it is important for us to know about the concepts of nodes and Availability Zones. So whenever you create an elastic load balancer, you can associate it with the Availability Zone. So whenever you associated with the Availability Zone, elastic load balancer will go ahead and create the ELV node in that Availability Zone. And that ELV node basically can drop the traffic in the easy to instances which are part of that Availability Zone. Now, in case there is a search in traffic, what the ELB does is that it creates multiple ELB nodes within the Availability Zone. So these things are being handled in the back end. But understanding the concepts about the ELB nodes is important before we go ahead and discuss about cross zone load balancing. So let’s do one thing.
Let me quickly show you a demo before we go ahead and start our demo related to cross zone load balancing. Now this is a simple classic load balancer. Now, if you look into the Availability Zone, where this load balancer is associated with it is associated with US East One A and US East One B. So in this case, what ELB has done, ELB has created a ELB node in US East One A and it has created a node in US East One B. All right? So typically what happens is that each node that gets created has its own associated IP address.
So whenever you do a NS lookup on the DNS name of the load balancer, you will get IP address of the ELB nodes which are currently available. So I’m in my CLI, let me quickly do a Nslookup and I’ll paste the DNS name of the load balancer. And here you see that the NS lookup query response has basically returned two IP addresses. One is from the 3. 82 and second is from the 54 at 158. So each of these IP address is basically associated with a ELB node in a specific Availability Zone. Now, within this ELB there are two instances.
If you see both of these instances are in service. So let’s go to the instances tab. So within here there are two EC Two instances which are up and running. Let’s open up the first EC Two instance in the browser. So you see you got a message of Site One, easy One. All right? So basically, this EC two instance is in the availability zone. One a now, if you just copy up the IP address of the second instance, let me paste it over here. And here you see it is site two. AZ Two. So this EC two instance is basically in the US east. One b.
So with this set up, let’s go ahead and understand about the cross zone load balancing. Now, we already discussed that ELB basically creates node in the Availability Zone and this ELB nodes has the capability to route the traffic. Now, what happens is that if the cross zone load balancing is disabled, then the ELV node can only send the traffic to the easy two instances which are part of that Availability Zone.
So in this easy one, there is an ELB node. So this ELB node can only send the traffic to the EC two instance within that Availability Zone. Similarly, here within the easy two, you have the ELB node here, and this ELB node can only send traffic to the EC two instance within the Availability Zone too. So let’s go ahead and see on how exactly this might look like in practical aspect. So coming back to the CLI, we already discussed that there are two ELB nodes and each one of them has an associated IP address. So now let’s do a curl on the IP address of 3. 82. And this basically has returned the NGINX page of Site to 82.
So from here we can determine that this specific IP address belongs to the ELB node in the Availability Zone, us East One B. Now, if you do a curl on the other IP address, this should basically return you Site One Easy One. All right? So this is site one. Easy one. So from here we can determine that this specific IP address is of the ELB node in the Availability Zone One A.
So irrespective of how many time you send a request to the ELB node, it will only send the request to the EC to instance which is part of that Availability Zone. So now what cross zone load balancing allows us to do, it allows the ELB node to be able to send the traffic to the EC two instance in a different Availability Zone as well. And this is very important that you have the cross zone load balancing enabled within your ELB. So let’s do one thing. Let’s go back to our EC two instance.
I’ll go to the description and if you go a bit down, you will see here the cross zone load balancing is currently disabled. Let’s change the cross zone load balancing setting and I’ll change it to enable. All right, so now the cross zone load balancing is enabled.
So let’s go to the CLI and let’s make make a curled request. And now you see what happened is you made the curled request, the first request went to Site One, easy One, and the second request to the ELB node in the Availability Zone One went to the EC Two instance in the Availability Zone Two. So this is what the cross zone load balancing is all about.
11. Selecting Cipher Suites
Hey everyone, and welcome back. In today’s video, we’ll be looking into the selection of cipher suits. Now, AWS offers a wide range of cyberese options which can be selected by the customer depending upon the requirement. Now, the cipher suits can be selected for various AWS services that a customer might be using, like elastic, load balancing, you have CloudFront, you even have application and load balancer. Now, it is always recommended to make use of the most recent cipher suits. However, this might not always be the case, because if you switch to the latest one, and if the customer’s client, which can be a browser or whatever client that they are running, they do not support the latest one, that means that a customer will not be able to interact with your application. And hence it is very important that whatever ciphers that you choose for the services, it needs to be in compliant both with respect to security along with the customers supported applications. So, let me quickly show you on how exactly we can select our own range of Cypress suites. So, I’m in my AWS console, let’s go ahead and create a load balancer here. For our testing purpose, we’ll be making use of a classic load balancer. So let’s quickly do a Https over here, I’ll click on Next. Let’s quickly give a load balancer. Name? I’ll say KP Labs. Hyphen Demo. I’ll click on next.
And now, within the step three of configuring the security settings, if you go a bit down, you see you have a predefined security policy where AWS has selected the right ciphers, the right SSL option and the right SSL protocols for you. So generally, the ones which are selected over here, they are up to date with the latest security standards. However, it might happen that the ones which are selected over here, it might not fit the Use case which your organization might have. So in such case, you can have your own custom security policy over here. All right? So for example, let’s say that you are dealing with some kind of a military information or some kind of a very sensitive information, and you want only the latest protocols to be available. So you can deselect TLS version one, you can deselect TLS version 1. 1, you can just have the protocol of TLS version 1. 2.
However, it might happen that certain organizations might want to support even the SSL version three, which is not at all recommended. So in such kind of a scenario, they need to go with the custom security policy and they need to select whatever SSL protocol they intend to use. Along with that, they can select the SSL ciphers that they need. So currently, these are the amount of SSL ciphers that are available. So depending upon the Use case and the requirement, they can select their own ciphers, they can select their own SSL options as well as the protocols.
Interesting posts
The Growing Demand for IT Certifications in the Fintech Industry
The fintech industry is experiencing an unprecedented boom, driven by the relentless pace of technological innovation and the increasing integration of financial services with digital platforms. As the lines between finance and technology blur, the need for highly skilled professionals who can navigate both worlds is greater than ever. One of the most effective ways… Read More »
CompTIA Security+ vs. CEH: Entry-Level Cybersecurity Certifications Compared
In today’s digital world, cybersecurity is no longer just a technical concern; it’s a critical business priority. With cyber threats evolving rapidly, organizations of all sizes are seeking skilled professionals to protect their digital assets. For those looking to break into the cybersecurity field, earning a certification is a great way to validate your skills… Read More »
The Evolving Role of ITIL: What’s New in ITIL 4 Managing Professional Transition Exam?
If you’ve been in the IT service management (ITSM) world for a while, you’ve probably heard of ITIL – the framework that’s been guiding IT professionals in delivering high-quality services for decades. The Information Technology Infrastructure Library (ITIL) has evolved significantly over the years, and its latest iteration, ITIL 4, marks a substantial shift in… Read More »
SASE and Zero Trust: How New Security Architectures are Shaping Cisco’s CyberOps Certification
As cybersecurity threats become increasingly sophisticated and pervasive, traditional security models are proving inadequate for today’s complex digital environments. To address these challenges, modern security frameworks such as SASE (Secure Access Service Edge) and Zero Trust are revolutionizing how organizations protect their networks and data. Recognizing the shift towards these advanced security architectures, Cisco has… Read More »
CompTIA’s CASP+ (CAS-004) Gets Tougher: What’s New in Advanced Security Practitioner Certification?
The cybersecurity landscape is constantly evolving, and with it, the certifications that validate the expertise of security professionals must adapt to address new challenges and technologies. CompTIA’s CASP+ (CompTIA Advanced Security Practitioner) certification has long been a hallmark of advanced knowledge in cybersecurity, distinguishing those who are capable of designing, implementing, and managing enterprise-level security… Read More »
Azure DevOps Engineer Expert Certification: What’s Changed in the New AZ-400 Exam Blueprint?
The cloud landscape is evolving at a breakneck pace, and with it, the certifications that validate an IT professional’s skills. One such certification is the Microsoft Certified: DevOps Engineer Expert, which is validated through the AZ-400 exam. This exam has undergone significant changes to reflect the latest trends, tools, and methodologies in the DevOps world.… Read More »