Overview
There are noticable differences between the classic load balancers and application load balancer. The application load balancers decouple the the ELBs into smaller components for greater flexibility and customization.
Notie however that application load balancers do not work with non HTTP/S protocols. For example if you are trying to put a SMTP, POP3 or IMAP server behind an ALB you are out of lock. We will discuss this in the next article.
ALB Components
See this article for more information: AWS ALB overview
Listeners
Checks for connection requests from clients, using the protocol and port that you configure, and forwards requests to one or more target groups, based on the rules that you define. Each rule specifies a target group, condition, and priority.
content-based routing
When you define a rule that works based on the content of the request.
target group
Routes requests to one or more registered targets, such as EC2 instances, using the protocol and port number that you specify. You can register a target with multiple target groups.
Health checks
Performed on all targets registered to a target group that is specified in a listener rule for your load balancer.
Migrating to ALB
AWS provides a tool for migrating a classic load balancer to an application load balancer. This will automatically create a new ALB for you which will have a DNS A record:
myloadbalancername-randomnumber.us-west-2.elb.amazonaws.com
To run a quick check to ensure that the load balancers are setup correctly, do:
curl -I myloadbalancername-randomnumber.us-west-2.elb.amazonaws.com
You should see the response:
HTTP/1.1 200 OK
Date: ...GMT
Content-Type: text/html
Connection: keep-alive
Server: nginx/1.12.1
X-IZYCIRCUS-RENDER-TIME-MS: 331
You still need to:
- go to Route53 and point your DNS entries to the new load balancer.
- make sure that the traffic is being routed to the new load balancer AWAY from the old load balancer. If you look into Cloud Watch metrics for each load balancer and zoom into the time interval that you made the DNS change, you should see an up spike in the new ELBs request count and a down spike in the old ELBs count.
- run all the IzyCloudWatch tests to verify that everything went smooth
- delete the old load balancer
Multiple TLS Certificates per ELB
This was not possible until late 2017, but Amazon finally announced that they are launching support for multiple TLS/SSL certificates on Application Load Balancers (ALB) using Server Name Indication (SNI). See this article for more details
multiple tls certificates.
What this means is that the classic load balancer will not work for handle TLS on multiple domains and you must use an ALB.
ARNS
Amazon Resource Names (ARNs) uniquely identify AWS load balancers.
Typical Port Configurations
HTTP Servers
You would need to configure PORTs 80, 443
SMTP Servers
You would need to configure PORTS 25, 465
POP3 Servers
You would need to configure PORTS 110, 995
IMAP Servers
You would need to configure PORTS 143, 993
AWS ALB overview: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/introduction.html
multiple tls certificates: https://aws.amazon.com/blogs/aws/new-application-load-balancer-sni/