I have a situation here.
I made 2 environments prod and preprod, both has two vms each (like two nodes per environment).
Now i have to create a Load Balancer keeping those to nodes on the back end. Once of the nodes has SSL configured with a domain name (say example.com).
Its a Pega App Server with two nodes pointing to the same DB on Google SQL. now Client wants a Load Balancer in the front which will share or balance the traffic between these two nodes.
Is that possible?
If yes, the domain name has been registered with the ip of Node1, but Load Balancer will have a different ip right?
So if the Pega URL that was working before https://example.com/prweb will not work, isnt it?
But the requirement is they will just type the domain name and ill access the Pega App via Load balancer, as in, to which Node the requests gonna go.
Is that Possible at all guys?
Guys honestly i am a noob in all these Cloud thing, please if possible help me out. I ould really appriciate it. Thanks.
I tried to create an HTTPS Load Balancer classic and added those two instances in the Backend, but 1 target pool detected out of 2 instances, its showing "instance xxxx is unhealthy for [the ip of the load balancer]
So next i created HTTPS type Load Balancer with Network endpoint group, where i added those two nodes private ip. But not sure how to do it. Please let me know if anybody knows how to do it.
Related
I am having hard time in understanding the role of a Load Balancer when used with Ingress Nginx.
I know a Load balancer distributes request over multiple nodes.
i.g, let's say I have two nodes A and B , and they are responisble for processing requests at example.com.
So a load balancer will take request for example.com and distribute among them with help of defined algorithm.
I also understand what an API Gateway is,
i.g., let's say I have one order service and another payment service so an API gateway will get the request for example.com and it will hand over the request for /orders to order service and /payments to payment service.
The Confusion:
Load Balancer(NLB) -> API Gateway -> Services -> order deployment -> which is running two replicas
Who distributes requests in those replicas for /orders
What is the role of load balancer in this case?
Some article suggest to create a service as type Load Balancer what does that mean? What this service will do?
Also, Load Balancer sits outside of the cluster NLB -> [ k8s cluster ], how does it know how to distribute requests?
These collectely could one question, I don't know.
Any kind of explanation would appreciated.
I have gone through many articles and blogs but none talks about complete picture.
Update
Many of my doubts are cleared through this article
Within the cluster a service does load balancing among the replicas.
Source
I still have some questions,
Do I only need a load balacner to expose the ingress controller service?
What if there is some problem with the ingress controller and it restarts.
What will happen will it get a new IP and load balancer will poin to new one or the ip will remain the same?
This article may help : https://aws.amazon.com/blogs/opensource/network-load-balancer-nginx-ingress-controller-eks/
Q: Do I only need a load balacner to expose the ingress controller service?
A: Expose K8s services mainly
Q: What if there is some problem with the ingress controller and it restarts.
A: Problem can appear if new broken changes will be applied, and in this case old controller will still work, but new one will fail to start, therefore you will have to do kubectl describe etc, to understand what is wrong.
Q: What will happen will it get a new IP and load balancer will poin to new one or the ip will remain the same?
A: Why you need LB ip's? Use LoadBalancer DNS.
I have a website which has main domain and sub domain (I have different subdomain for different countries) eg: mysite.com ( is the main domain ), country-a.mysite.com ( for country A ), country-b.mysite.com ( for country B) NOTE: each country has independent users / data and linked with separate databases.
Now I'm managing them in one EC2 instance. Where I have subfolders for each country and point them to subdomain using Route53. And they are working fine.
But now I wanted to them scalable as I'm expecting more traffic. What is the best practice for such scenario ?
Is it possible to get another EC2 instance and clone all the subfolders and introduce a load balancer to handle the traffic between these 2 instances ? I mean, when a user from country A and B will hit the load balancer, the load balancer will handle it properly and redirect the user to the right subfolder in these 2 instances and manage the traffic ?
If yes, how should I configure the Route53 ?
How the load balancer is handling user sessions ? I mean, let say first time a user hit the load balancer direct the user to 1st instance and when the other request comes from the same user hit the 2nd instance. If a session create on the 1st instance and this session data will be available at 2nd instance?
Also I wonder how I can manage the source codes in these instances. I mean, if I wanted to update the code do I have to update in these 2 instance separately? OR is there a easy way where I upload the files to one of the instance and it will clone to other instances ?
BTW, my website built using Laravel framework and Postgres.
Im new to load balancer, pls help me to find the perfect solution.
If yes, how should I configure the Route53 ?
There is nothing you should be doing in R53. Its load balancer (LB) that distributes traffic among your instances, not R53. R53 will just direct traffic to the LB, nothing else.
How the load balancer is handling user sessions ?
It does not handle it. You could enable sticky sessions in your target group (TG) so that LB tries to "maintain state information in order to provide a continuous experience to clients".
However, a better solution is to make your instances stateless. This means that all session/state information for your application is kept outside of the instances, e.g. in DynamoDB, ElastiCache or S3. This way you are making your application scalable and eliminate a problem of keeping track of session data stored on individual instances.
Also I wonder how I can manage the source codes in these instances. I mean, if I wanted to update the code do I have to update in these 2 instance separately?
Yes. Your instances should be identical. Usually CodeDeploy is used to ensure smooth and reproducable updates of number of instances.
our company just moved to a new office and therefore also got new network equipment. Es it turns out, our new firewall does not allow pushing routes over VPN that it first has to look up ip addresses for.
As we all know, amazon aws does not allow static ip addresses for its application load balancer.
So our idea was to simply put a network load balancer in front of the application load balancer (there is a pretty hacky way described by aws itself (https://aws.amazon.com/blogs/networking-and-content-delivery/using-static-ip-addresses-for-application-load-balancers/) that seemed to work fine (even if I don't really like the approach with the lambda script registering and deregistering targets)
So here is our problem: as it turns out, the application load balancer only gets to see the network load balancers ip address. This prevents us to use security groups for ip whitelisting which we do quite heavily. On top of that some of our applications (Nginx/PHP based) also do ip address verification and the alb used to pass the clients ip address as an x-forwarded-for header. Now our application only sees the one from the nlb.
We know of the possibility to use the global accelerator but that is a heavy investment as we don't really need what the GA is trying to solve.
So how did you guys solve this problem ?
Thankful for any help :)
Greetings
You could get the list of AWS IP addresses for the region your ALB is located, and allow for them in your firewall. They do publish the list and you can filter through it https://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html
I haven't done this myself and I'm unsure if the addresses for ALB are included under the EC2 category of you would take the whole of AMAZON service "to be safe".
Can you expand on this? "We know of the possibility to use the global accelerator but that is a heavy investment as we don't really need what the GA is trying to solve."
GA should give you better, more consistent performance, especially if your office is far away from the AWS Region where the ALB is running
If I have an ECS cluster with N distinct websites running as N services on said cluster - how do I go about setting up the load balancers?
The way I've done it currently is for each website X,
I create a new target group spanning all instances in the cluster
I create a new application load balancer
I attach the ALB to the service using the target group
It seems to work... but am want to make sure this is the correct way to do this
Thanks!
The way you are doing it is of course one way to do it and how most people accomplish this.
Application load balancers also support two other types of routing. Host based and path based.
http://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html#host-conditions
Host based routing will allow you to route based off of the incoming host from that website. So for instance if you have website1.com and website2.com you could send them both through the same ALB and route accordingly.
http://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html#path-conditions
Similarly you can do the same thing with the path. If you websites were website1.com/site1/index.html and website1.com/site2/index.html you could put both of those on the same ALB and route accordingly.
This may seem an obvious for people who have worked with AWS but I have a lot of trouble figuring out on how to set up a loadbalancer on 2 EC2 instances which are hosting multiple websites.
We have 2 Windows 2012 R2 machines set up, I have created one ELB and from what I have read, I know you can point that ELB to one location (assuming its the default site on the servers). How would I go about pointing say other ELBs that I create to point to the other applications on the server? (Not sure if this info is relevant but just to add : This whole setup is a part of VPC, Domain Controller environment and the web servers are in public subnet. )
One way to solve this is by running your applications in multiple IIS websites.
Each of the websites should have a different site binding with a different host name. You could use the DNS name of the load balancer for each website.
Alternatively you can use a domain name configured in Route53 and use an A record to point to the load balancer.