O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

AWS ELB Tips & Best Practices

509 visualizações

Publicada em

AWS & ChinaNet Cloud Event 3/30/17 by Steve Mushero - about Elastic Load Balancer on AWS

Publicada em: Internet
  • Entre para ver os comentários

AWS ELB Tips & Best Practices

  1. 1. OpsStack · Operations-as-a-Service www.ChinaNetCloud.com Copyright © 2017 ChinaNetCloud AWS ELB Tips & Best Practices OpsStack · Operations-as-a-Service www.ChinaNetCloud.com Copyright © 2017 ChinaNetCloud By Steve Mushero
  2. 2. OpsStack · Operations-as-a-Service www.ChinaNetCloud.com Copyright © 2017 ChinaNetCloud AGENDA I Load testing SSL CNAMES LB Within regions vs. across L4 Issues Internal LB - Don’t forget this Logging
  3. 3. OpsStack · Operations-as-a-Service www.ChinaNetCloud.com Copyright © 2017 ChinaNetCloud AGENDA II X-Forwarded-For Stickiness In/Out & A/B Deploy Draining CLI use (role in CI/CD) API use
  4. 4. OpsStack · Operations-as-a-Service www.ChinaNetCloud.com Copyright © 2017 ChinaNetCloud ELBS ARE GREAT – USUALLY • Very easy to use • But some issues • Limited Features • Need extra work to work well • Still need to manage & monitor it • Good to know how it works • We often use HAProxy with ELB
  5. 5. OpsStack · Operations-as-a-Service www.ChinaNetCloud.com Copyright © 2017 ChinaNetCloud LOAD TESTING ELBS • Can Load Test • But Be Careful – Easy to Overload • ELBs Automatically Managed • ELBs Scaled Automatically • Must Have Time to Adjust - Minutes • Call Support For Pre-Warming for Scale
  6. 6. OpsStack · Operations-as-a-Service www.ChinaNetCloud.com Copyright © 2017 ChinaNetCloud SSL IN ELB • Supported ! • Many New Features • Now in Console (was CLI only) • Integrated with Cert Manager • Use CLI / API for advanced stuff • Careful of Cipher Options – Use latest
  7. 7. OpsStack · Operations-as-a-Service www.ChinaNetCloud.com Copyright © 2017 ChinaNetCloud SECURITY GROUPS IN ELB • Don’t forget these • Especially for Dev/Test • Front door of your system • Name Clearly so ELB vs. EC2 VM
  8. 8. OpsStack · Operations-as-a-Service www.ChinaNetCloud.com Copyright © 2017 ChinaNetCloud CNAMES • Each ELB Cluster will have ONE • You MUST use IT • Do NOT use ELB’s IP • It will change on failure or scale • Remember, one ELB Instance per AZ
  9. 9. OpsStack · Operations-as-a-Service www.ChinaNetCloud.com Copyright © 2017 ChinaNetCloud ELB WITHIN & ACROSS AVAIL ZONES • One ELB instance per AZ • Load Balancing is ACROSS ZONES • NOT really across servers • So use same # of VMs per Zone
  10. 10. OpsStack · Operations-as-a-Service www.ChinaNetCloud.com Copyright © 2017 ChinaNetCloud ELB L4 SUPPORT • Nice feature • For non-HTTP • APIs • Web Sockets / Pollers • Chat Systems • Databases • Games
  11. 11. OpsStack · Operations-as-a-Service www.ChinaNetCloud.com Copyright © 2017 ChinaNetCloud INTERNAL ELB • Between Subnets • Useful for DB LB (read) • Useful for internal HTTP • Search, etc. • Helps Separate Services • Use with Docker / Micro-Services
  12. 12. OpsStack · Operations-as-a-Service www.ChinaNetCloud.com Copyright © 2017 ChinaNetCloud ELB LOGGING • Don’t forget this • Disabled by Default • Push HTTP Logs to S3 • Every 5 minutes • Has response time / latency • Need tools to read / analyze
  13. 13. OpsStack · Operations-as-a-Service www.ChinaNetCloud.com Copyright © 2017 ChinaNetCloud X-FORWARDED-FOR HEADER • Don’t forget this • ELB will add this header • Needed for Nginx/Apache to log real IP • On by default, but you must use it • You need to change your log format
  14. 14. OpsStack · Operations-as-a-Service www.ChinaNetCloud.com Copyright © 2017 ChinaNetCloud STICKINESS • How Existing Users are Distributed • Required if no shared-session Cache • Such as Java • PHP doesn’t need if have Redis • Even for same user • ONLY on first time • Sets Cookie with server ID • Disabled by Default
  15. 15. OpsStack · Operations-as-a-Service www.ChinaNetCloud.com Copyright © 2017 ChinaNetCloud IN/OUT & BLUE/GREEN DEPLOY • DevOps Deployment • Push to 1+ servers / containers • Test them – Direct or Test ELB • Cut-Over via ELB Target Pool • Full or Partial Cut-Overs (Harder) • Smoke Test Production • Roll Back if Needed • Simple with CLI/API • Also Jenkins, etc. Integrations
  16. 16. OpsStack · Operations-as-a-Service www.ChinaNetCloud.com Copyright © 2017 ChinaNetCloud CONNECTION DRAINING • When VM Leaves Pool • No New Conne tions • But won’t break connections • Better user experiences • Remove a Server as Users Finish • Used for Auto-Scale DOWN • Also for Deployments • Must Enable it on ELB
  17. 17. OpsStack · Operations-as-a-Service www.ChinaNetCloud.com Copyright © 2017 ChinaNetCloud ELB CLI USE FOR CI/CD • AWS CLI is your friend • Great for testing • Also calling BASH scripts • Useful in Automation • Useful in CI/CI • Move VMs in/out of pools • Can do on a control VM with Role
  18. 18. OpsStack · Operations-as-a-Service www.ChinaNetCloud.com Copyright © 2017 ChinaNetCloud AUTO SCALING • Add VMs with Load • Uses ELB Metrics • Many Metrics to use: • Rejected Connections • Healthy Host Count • Latency (Scale on Rise)
  19. 19. OpsStack · Operations-as-a-Service www.ChinaNetCloud.com Copyright © 2017 ChinaNetCloud CLOUD FRONT FOR ELB • Can use • Better Performance • DDoS Protection • Includes WAF
  20. 20. OpsStack · Operations-as-a-Service www.ChinaNetCloud.com Copyright © 2017 ChinaNetCloud NEW ISSUES • Micro-Service Hard – Port-to-Port Map • Thus Poor Support for Docker • New ALB Helps – Not in China • Still Limited Features
  21. 21. OpsStack · Operations-as-a-Service www.ChinaNetCloud.com Copyright © 2017 ChinaNetCloudOpsStack · Operations-as-a-Service www.ChinaNetCloud.com Copyright © 2017 ChinaNetCloud USE & LOVE YOUR ELBS ELB ME

×