• PRODUCT

    PRODUCT

  • PRICING
    PRICING

  • HELP
    HELP

  • BLOG
    BLOG

  • APPSTORE
    APPSTORE

  • COMPANY
    COMPANY

  • LEGAL
    LEGAL

  • LOGIN
    LOGIN

  • AWS Load Balancing Part II: Settings up an application load balancer


  • As we mentioned in Part I, the classic load balancer has serious limitations including the lack of support for multiple SSL certificates and lack of flexibility for on standard applications. In this article we will discuss the advantage of the application load balancers (ALB).


  • Overview

    There are noticable differences between the classic load balancers and application load balancer. The application load balancers decouple the the ELBs into smaller components for greater flexibility and customization.

    Notie however that application load balancers do not work with non HTTP/S protocols. For example if you are trying to put a SMTP, POP3 or IMAP server behind an ALB you are out of lock. We will discuss this in the next article.

    ALB Components

    See this article for more information: AWS ALB overview

    Listeners
    Checks for connection requests from clients, using the protocol and port that you configure, and forwards requests to one or more target groups, based on the rules that you define. Each rule specifies a target group, condition, and priority.
    content-based routing
    When you define a rule that works based on the content of the request.
    target group
    Routes requests to one or more registered targets, such as EC2 instances, using the protocol and port number that you specify. You can register a target with multiple target groups.
    Health checks
    Performed on all targets registered to a target group that is specified in a listener rule for your load balancer.

    Migrating to ALB

    AWS provides a tool for migrating a classic load balancer to an application load balancer. This will automatically create a new ALB for you which will have a DNS A record:

    myloadbalancername-randomnumber.us-west-2.elb.amazonaws.com

    To run a quick check to ensure that the load balancers are setup correctly, do:

    curl -I myloadbalancername-randomnumber.us-west-2.elb.amazonaws.com

    You should see the response:

    HTTP/1.1 200 OK

    Date: ...GMT

    Content-Type: text/html

    Connection: keep-alive

    Server: nginx/1.12.1

    X-IZYCIRCUS-RENDER-TIME-MS: 331

    You still need to:

    • go to Route53 and point your DNS entries to the new load balancer.
    • make sure that the traffic is being routed to the new load balancer AWAY from the old load balancer. If you look into Cloud Watch metrics for each load balancer and zoom into the time interval that you made the DNS change, you should see an up spike in the new ELBs request count and a down spike in the old ELBs count.
    • run all the IzyCloudWatch tests to verify that everything went smooth
    • delete the old load balancer

    Multiple TLS Certificates per ELB

    This was not possible until late 2017, but Amazon finally announced that they are launching support for multiple TLS/SSL certificates on Application Load Balancers (ALB) using Server Name Indication (SNI). See this article for more details multiple tls certificates.

    What this means is that the classic load balancer will not work for handle TLS on multiple domains and you must use an ALB.

    ARNS

    Amazon Resource Names (ARNs) uniquely identify AWS load balancers.

    Typical Port Configurations

    HTTP Servers

    You would need to configure PORTs 80, 443

    SMTP Servers

    You would need to configure PORTS 25, 465

    POP3 Servers

    You would need to configure PORTS 110, 995

    IMAP Servers

    You would need to configure PORTS 143, 993

    AWS ALB overview: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/introduction.html

    multiple tls certificates: https://aws.amazon.com/blogs/aws/new-application-load-balancer-sni/

  • Izyware Blog
    Izyware Blog