Migrating Load Balancers to AWS

Architecture Considerations for Migrating Load Balancers to AWS

Load balancer options

  1. ALB: Load balancing of HTTP/HTTPS traffic
  2. NLB: Load balancing TCP, UDP and TLS traffic
  3. 3rd party load balancers

Downstream Targets

Identify the compute engine used by downstream targets

  • IP Addresses
  • EC2 instance ids
  • Lambda functions

How do the load balancers reach downstream targets?

Request Inspection

  1. Resource pool switching: Dynamically change the downstream target of a request
  2. Payload scanning: Scan the entire request headers and body for patterns
    1. Example: block requests based on the identified pattern

Advanced Monitoring

Monitoring allows application owners to analyze traffic patterns, troubleshoot issues and improve application performance and security

SSL/TLS Offloading and Certificate management

SSL/TLS offloading is the process of terminating incoming SSL/TLS connections at the load balancer and proxying requests, unencrypted, to downstream targets

Multiprotocol support

Static ip addresses

  1. NLB: Elastic IPs can be associated with NLBs
  2. ALB: There is no direct integration with Elastic IPs
  3. Global accelerator:

HTTP Request manipulation

Some load balancers perform manipulation of HTTP requests for incoming traffic before proxying these requests to application nodes. These manipulations can add, remove, or rewrite parts of the request

SSL / TLS Negotiation configuration

  1. SSL/TLS protocol version
  2. SSL/TLS cipher suite

Idle Connections

Reference:

https://d1.awsstatic.com/whitepapers/architecture-considerations-for-migrating-load-balancers-to-aws.pdf

Leave a Reply

Your email address will not be published. Required fields are marked *