AWS - Load Balancer

最後更新: 2021-08-12

 


一共有3類 Load Balancer

  • Application Load Balancer
  • Network Load Balancer
  • Gateway Load Balancers

Application vs Network Load Balancer

 * Both support an SSL certificate install on your load balancer.
 * SNI is automatically enabled when you associate more than one TLS certificate

Application Load Balancer

 * Support weighted target

Network Load Balancer

 * For each associated subnet that a Network Load Balancer is in,

    the Network Load Balancer can only support a single public/internet facing IP address.

 * The Elastic IP Addresses that were associated with your load balancer

    will be returned to your allocated pool and made available for future use.

Note:

 * If the Choose an Elastic IP option is unavailable,

    you must allocate an Elastic IP address for the Network Load Balancer elastic network interfaces.

 * After you create the load balancer, you cannot disable the enabled subnets,

    but you can enable additional ones.

 


Network Load Balancer

 

 


ALB TLS Offload

 

Support

  • WebSockets
  • HTTP/2 with HTTPS listeners.
    (You can't use the server-push feature of HTTP/2)

Header

  • X-Forwarded-For (http_x_forwarded_for)
  • X-Forwarded-Proto
  • X-Forwarded-Port

X-Forwarded-Proto

server {
    listen 80;
    server_name _;
    if ($http_x_forwarded_proto = 'http'){
    return 301 https://$host$request_uri;
    }
}

 


Health Check

 

Error

Health checks failed with these codes: [301]

原因: http redirect to https

nginx

server {
    listen 80;
    server_name  datahunter.org;
    root         /usr/share/nginx/html;
    set $notHealthCheck 0;
    set $redirectHttp 0;
    if ($request_uri != "/server-check/server.php"){
            set $notHealthCheck 1;
    }
    if ($http_x_forwarded_proto = 'http'){
            set $redirectHttp 1;
    }
    if ($notHealthCheck = $redirectHttp){
            return 301 https://$host$request_uri;
    }
    include /etc/nginx/snippets/datahunter.org.conf;
}

Health Checker User Agent

nginx 的 $http_user_agent

"ELB-HealthChecker/2.0"

 


Sticky sessions & Cookie

 

Cookie: AWSALB

 * To use sticky sessions, the client must support cookies.

 * The content of load balancer generated cookies are encrypted using a rotating key.
   (You cannot decrypt or modify load balancer generated cookies. )

Application-based stickiness

When the Application Load Balancer receives the custom application cookie from the target,
it automatically generates a new encrypted application cookie to capture stickiness information.

The load balancer generated application cookie does not copy the attributes of the custom cookie set by the target.
(expiry attribute)

P.S.

curl with cookie

--cookie "AWSALB=...."

 


Slow start duration

 

It gives targets time to warm up before the load balancer sends them a full share of requests.

The load balancer linearly increases the number of requests that it can send to a target in slow start mode.

After a healthy target exits slow start mode, the load balancer can send it a full share of requests.