Beruflich Dokumente
Kultur Dokumente
AWS re:INVENT
Deep Dive into the New Network Load
Balancer
Pratibha Suryadevara, Narayan Subramaniam, Bryan
McKenney(Loggly)
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Elastic Load Balancing automatically distributes
incoming application traffic across multiple targets,
such as Amazon Elastic Compute Cloud (Amazon
EC2) instances , containers, and IP addresses
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Elastic Secure Integrated Cost Effective
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amazon EC2
Instance
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
EC2
Instance
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Layer 4 (network) Layer 7 (application)
Supports TCP Supports HTTP and HTTPS.
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
The Elastic Load Balancing Family
Application Load Balancer Network Load Balancer Classic Load Balancer
Previous Generation
HTTP & HTTPS (VPC) TCP Workloads (VPC)
for HTTP, HTTPS, TCP
(Classic Network)
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Network Load Balancer (NLB)
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Application Load Balancer Network Load Balancer Classic Load Balancer
SSL offloading ✔ ✔
IP as Target ✔ ✔
Path-based routing,
Host-based routing ✔
Static IP ✔
WebSockets ✔ ✔
Container Support ✔ ✔
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Network Load Balancer
New, layer 4 load-balancing platform
Connection-based load balancing
TCP protocol
High Performance
Can handle millions of requests per sec
Static IP Support
Preserves Source IP
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
NLB Performance
Bees with machine
guns, executed in a
loop
bees attack --url
'<NLB-URL>' --
number 10000000 --
concurrent 100000 –
keepalive
Performance Graph
shows no errors and
content was served fine
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Resources same as ALB
Improved Elastic Load Balancing API
Listeners
Target Groups
Targets
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Network Load Balancer
Listener Listener
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Listeners
Define the port and protocol that the load
balancer must listen on
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Network Load Balancer
Listener Listener
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Target groups
Logical grouping of targets behind the load
balancer
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Network Load Balancer
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Targets
Support for Amazon EC2 instances, Amazon
ECS containers, and IP Addresses.
Use IP address from the RFC 1918 and RFC 6598 range for
targets located outside the load balancer’s VPC such as on-
premises targets reachable over AWS Direct Connect
(10.0.0.0/8, 172.16.0.0/12,192.168.0.0/16 and 100.64.0.0/10)
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
ECS integration
NLB is fully integrated with Amazon EC2
Container Service (Amazon ECS)
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Network Load Balancer
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
NLB Other Key Features
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
NLB Static IP
Automatically gets assigned a single IP per
Availability Zone
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Assign Elastic IP Addresses
TargetGroup 1
1a
Assigning Elastic IP
provides a single IP
Network Load
Balancer
address per Availability
Zone per load balancer
that will not change.
EC2 Instances
54.69.111.179 EC2 Instance
1b
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Preserve Source IP
Preserves Client IP to back-ends
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Firewall Example with NLB
Internet
FW FW FW FW
Preserves source IP
Auto Scaling
Firewalls use this for features like Geo-
Internal Network Load
IP blocking
inside.domain.com
Balancer (NLB)
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Health Checks
Supports both Network and Application
Target health checks
EC2
Instance
EC2
Instance
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Health Checks
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Availability Zone Failover
34.214.45.162 TargetGroup 1
Customer VPC
54.69.111.179
us-west-1a
34.214.45.162 EC2
NLB Instances
Health Check
Amazon
Route 53
us-west-1b
Health Check EC2
NLB
Instances
54.69.111.179
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Availability Zone Failover
34.214.45.162 TargetGroup 1
Customer VPC
54.69.111.179
us-west-1a
34.214.45.162 EC2
NLB Instances
Health Check
Amazon
Route 53
us-west-1b
Health Check
NLB
54.69.111.179
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Integration AWS Ecosystem
Auto Scaling Integration
Auto Scaling can now scale targets within a
target group
Allows for applications to be scaled
independently behind the Network Load
Balancer
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amazon CloudWatch metrics
Amazon CloudWatch metrics provided for each
load balancer.
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Traffic and Capacity Metrics
ActiveFlowCount - total number of
concurrent TCP flows (or connections)
from clients to targets
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Backend Health
HealthyHostCount – number of targets
that are considered healthy
UnHealthyHostCount – number of
targets that are considered unhealthy
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Flow Logs
Captures the network flow for a
specific 5-tuple, for a specific capture
window
Packets
Bytes
Capture window start and end
Action - Accepted or Rejected
status
Log Status
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Demo for NLB API and CONSOLE
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Network Load Balancer pricing
With the Network Load Balancer, you only pay for what you use. You are
charged for each hour or partial hour your Network load balancer is running and
the number of Load Balancer Capacity Units (LCU) used per hour
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Load balancer capacity units
An LCU measures the dimensions on which the Network Load Balancer
processes your traffic (averaged over an hour). The three dimensions measured
are:
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Migrating to Network Load Balancer
Migration is as simple as creating a new Network
Load Balancer, registering targets and updating
DNS to point at the new CNAME.
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
When should I use Network Load
Balancer?
Application Load Balancer Network Load Balancer Classic Load Balancer
SSL offloading ✔ ✔
IP as Target ✔ ✔
Path-based routing,
Host-based routing ✔
Static IP ✔
WebSockets ✔ ✔
Container Support ✔ ✔
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
For TCP in VPC, use Network Load Balancer.
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Cloud-based log management
Founded in 2009
Based in San Francisco
10,000+ customers
Startups to Fortune 500
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
LOG MANAGEMENT IS A BIG DATA PROBLEM
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
LOGGLY BIG DATA PIPELINE
Indexing cluster
Kafka Kafka
Amazon
Amazon
broker broker
analysis
Search &
Indexer analytics Search API
engine
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
NLB requirements for Loggly
Balance load across data consumer fleet (collectors)
Ability to process up to 500k events per second per POD / 3-5 Gbps events bytes
Handle unpredictable traffic patterns and bursting events
Seamlessly “auto-scale” the Loggly backend
Must be fault tolerant
Low latency
Must scale across regions and zones
Flexibility with microservice based architecture
No “warmup” time required
Support short and “long-lived” TCP connections
Support Syslog 514
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
HIGH-LEVEL DEPLOYMENT TOPOLOGY
ROUTE S3
53
DIRECT
CONNECT
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
HOW WE TESTED ALL OF THIS
Region /AZ: us-east-1a, us-east-1b, us- Client
ROUTE
53 COL NLB
east-1c
Variables: NLB vs. Direct vs. HA proxy
Amazon EC2: Various family instance types ROUTE
Python utility for syslog load generation Client 53 COL HAPROXY
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
NLB LESSONS LEARNED
NLB has fundamentally changed the way we manage risk and cost
Massively scalable (millions of request per second)
Delivers ultra low latency performance
Handles volatile traffic patterns
Fault tolerance (only healthy targets receive requests)
Zonality feature is under appreciated (IP per AZ)
Fully integrated with auto-scaling, cloud formation, and container service
Spot instances help take the sting out of compute cost
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
THANK YOU!
Bryan Mckenney
email: bmckenney@loggly.com
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Learn More
https://aws.amazon.com/elasticloadbalancing/
https://aws.amazon.com/documentation/elastic-load-balancing/
THANK YOU!
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.