Amazon AWS Certified Advanced Networking Specialty – Load Balancer Section Part 4

10. Understanding Cross Zone Load Balancing

Hey everyone and welcome back. In today’s video we will be discussing about the cross zone load balancing. Now, before we go ahead and understand about the cross zone load balancing, it is important for us to know about the concepts of nodes and Availability Zones. So whenever you create an elastic load balancer, you can associate it with the Availability Zone. So whenever you associated with the Availability Zone, elastic load balancer will go ahead and create the ELV node in that Availability Zone. And that ELV node basically can drop the traffic in the easy to instances which are part of that Availability Zone. Now, in case there is a search in traffic, what the ELB does is that it creates multiple ELB nodes within the Availability Zone. So these things are being handled in the back end. But understanding the concepts about the ELB nodes is important before we go ahead and discuss about cross zone load balancing. So let’s do one thing.

Let me quickly show you a demo before we go ahead and start our demo related to cross zone load balancing. Now this is a simple classic load balancer. Now, if you look into the Availability Zone, where this load balancer is associated with it is associated with US East One A and US East One B. So in this case, what ELB has done, ELB has created a ELB node in US East One A and it has created a node in US East One B. All right? So typically what happens is that each node that gets created has its own associated IP address.

So whenever you do a NS lookup on the DNS name of the load balancer, you will get IP address of the ELB nodes which are currently available. So I’m in my CLI, let me quickly do a Nslookup and I’ll paste the DNS name of the load balancer. And here you see that the NS lookup query response has basically returned two IP addresses. One is from the 3. 82 and second is from the 54 at 158. So each of these IP address is basically associated with a ELB node in a specific Availability Zone. Now, within this ELB there are two instances.

If you see both of these instances are in service. So let’s go to the instances tab. So within here there are two EC Two instances which are up and running. Let’s open up the first EC Two instance in the browser. So you see you got a message of Site One, easy One. All right? So basically, this EC two instance is in the availability zone. One a now, if you just copy up the IP address of the second instance, let me paste it over here. And here you see it is site two. AZ Two. So this EC two instance is basically in the US east. One b.

So with this set up, let’s go ahead and understand about the cross zone load balancing. Now, we already discussed that ELB basically creates node in the Availability Zone and this ELB nodes has the capability to route the traffic. Now, what happens is that if the cross zone load balancing is disabled, then the ELV node can only send the traffic to the easy two instances which are part of that Availability Zone.

So in this easy one, there is an ELB node. So this ELB node can only send the traffic to the EC two instance within that Availability Zone. Similarly, here within the easy two, you have the ELB node here, and this ELB node can only send traffic to the EC two instance within the Availability Zone too. So let’s go ahead and see on how exactly this might look like in practical aspect. So coming back to the CLI, we already discussed that there are two ELB nodes and each one of them has an associated IP address. So now let’s do a curl on the IP address of 3. 82. And this basically has returned the NGINX page of Site to 82.

So from here we can determine that this specific IP address belongs to the ELB node in the Availability Zone, us East One B. Now, if you do a curl on the other IP address, this should basically return you Site One Easy One. All right? So this is site one. Easy one. So from here we can determine that this specific IP address is of the ELB node in the Availability Zone One A.

So irrespective of how many time you send a request to the ELB node, it will only send the request to the EC to instance which is part of that Availability Zone. So now what cross zone load balancing allows us to do, it allows the ELB node to be able to send the traffic to the EC two instance in a different Availability Zone as well. And this is very important that you have the cross zone load balancing enabled within your ELB. So let’s do one thing. Let’s go back to our EC two instance.

I’ll go to the description and if you go a bit down, you will see here the cross zone load balancing is currently disabled. Let’s change the cross zone load balancing setting and I’ll change it to enable. All right, so now the cross zone load balancing is enabled.

So let’s go to the CLI and let’s make make a curled request. And now you see what happened is you made the curled request, the first request went to Site One, easy One, and the second request to the ELB node in the Availability Zone One went to the EC Two instance in the Availability Zone Two. So this is what the cross zone load balancing is all about.

11. Selecting Cipher Suites

Hey everyone, and welcome back. In today’s video, we’ll be looking into the selection of cipher suits. Now, AWS offers a wide range of cyberese options which can be selected by the customer depending upon the requirement. Now, the cipher suits can be selected for various AWS services that a customer might be using, like elastic, load balancing, you have CloudFront, you even have application and load balancer. Now, it is always recommended to make use of the most recent cipher suits. However, this might not always be the case, because if you switch to the latest one, and if the customer’s client, which can be a browser or whatever client that they are running, they do not support the latest one, that means that a customer will not be able to interact with your application. And hence it is very important that whatever ciphers that you choose for the services, it needs to be in compliant both with respect to security along with the customers supported applications. So, let me quickly show you on how exactly we can select our own range of Cypress suites. So, I’m in my AWS console, let’s go ahead and create a load balancer here. For our testing purpose, we’ll be making use of a classic load balancer. So let’s quickly do a Https over here, I’ll click on Next. Let’s quickly give a load balancer. Name? I’ll say KP Labs. Hyphen Demo. I’ll click on next.

And now, within the step three of configuring the security settings, if you go a bit down, you see you have a predefined security policy where AWS has selected the right ciphers, the right SSL option and the right SSL protocols for you. So generally, the ones which are selected over here, they are up to date with the latest security standards. However, it might happen that the ones which are selected over here, it might not fit the Use case which your organization might have. So in such case, you can have your own custom security policy over here. All right? So for example, let’s say that you are dealing with some kind of a military information or some kind of a very sensitive information, and you want only the latest protocols to be available. So you can deselect TLS version one, you can deselect TLS version 1. 1, you can just have the protocol of TLS version 1. 2.

However, it might happen that certain organizations might want to support even the SSL version three, which is not at all recommended. So in such kind of a scenario, they need to go with the custom security policy and they need to select whatever SSL protocol they intend to use. Along with that, they can select the SSL ciphers that they need. So currently, these are the amount of SSL ciphers that are available. So depending upon the Use case and the requirement, they can select their own ciphers, they can select their own SSL options as well as the protocols.

• Category: Uncategorized