# Elastic Load Balancer (ELB) Architecture / Types ### **What is ELB?** * Elastic Load Balancer (ELB) is like a traffic police for your AWS applications. * Imagine you have 3 servers running your website. If 1,000 users come at once, ELB makes sure the load is spread across the servers evenly, so no single server crashes. * If one server goes down, ELB automatically stops sending traffic to it — this is high availability. 👉 In short: ELB = traffic manager + health checker + auto-scaler helper.

### **How ELB Works** 1. Client makes a request (e.g., visiting your website). 2. DNS points to the ELB (not directly to servers). 3. ELB checks which servers are healthy (via health checks). 4. ELB forwards request to a healthy server. 5. Server responds → ELB sends back the response to the client. ### **ELB Architecture** Think of ELB as a middle layer between clients (users) and your backend (EC2, containers, etc.). The main components are: * Clients → users sending requests * Load Balancer (LB) → the managed AWS service (has listeners, nodes, DNS name) * Target Group(s) → where the traffic goes (EC2, Lambda, IPs, containers) * Targets → the actual servers/containers * Availability Zones (AZs) → multiple data centers for redundancy ### **ELB Components** Listener 🎧 * The “entry point” for traffic into ELB. * Defines protocol + port (e.g., `HTTP:80`, `HTTPS:443`, `TCP:25`). * Has rules → decides what to do with the request. 👉 Example: * Rule: If URL = `/images/*` → send to Image Target Group * Rule: If URL = `/api/*` → send to API Target Group Listener Rules * Conditions + Actions. * Conditions → Path, Hostname, HTTP headers, Query strings. * Actions → Forward, Redirect, Fixed response, Authenticate. 👉 Example: * `Host = api.example.com` → Forward to API target group. Target Group 🎯 * A container for your servers (targets). * Defines how ELB routes traffic to your backend. * Can contain: * EC2 instances * Containers (ECS/EKS) * IP addresses * AWS Lambda functions * Each target group is associated with protocol, port, and health checks. 👉 Example: * Target Group 1 → EC2s on port 80 * Target Group 2 → Lambdas for serverless requests Targets (The Servers) * The actual backend resources (EC2, Lambda, containers, IPs). * Each target is registered with a target group. * ELB distributes traffic across these targets. ### Load Balancer Nodes * AWS deploys LB nodes inside the Availability Zones (AZs) you enable. * Each AZ you add → ELB spins up a node in that AZ. * Clients connect to the DNS name of ELB, which resolves to the closest node. * Nodes then route traffic to healthy targets in registered AZs. 👉 Think of nodes as workers inside AWS data centers doing the balancing ### Availability Zones (AZs) * You can enable 2 or more AZs for your ELB. * Each AZ gets its own LB node. * With Cross-Zone Load Balancing, ELB can distribute traffic across all healthy targets in all enabled AZs. ### Health Checks 🩺 * ELB constantly checks if targets are alive. * You define: * Protocol (HTTP, TCP, HTTPS) * Path (`/health`) * Interval (time between checks) * Threshold (how many failures before marking unhealthy) 👉 Example: * Health Check = `HTTP:80 /health` * If EC2 doesn’t respond → ELB stops sending traffic there. ### DNS Name 🌐 * Each ELB gets an AWS-provided DNS name (e.g., `myapp-123456.elb.amazonaws.com`). * Clients connect to this DNS name. * Never point clients directly to IPs (they change). ### Security with ELB * Security Groups → control inbound/outbound traffic for ELB. * AWS WAF → can be attached to ALB for advanced filtering. * IAM Certificates → for SSL/TLS on HTTPS listeners. ### **ELB Traffic Flow (Step-by-Step)** 1. Client Request → User opens `myapp.com`. 2. DNS Resolution → Domain resolves to ELB’s DNS name. 3. LB Node Receives Request (closest AZ). 4. Listener Evaluates protocol & rules. 5. Forward to Target Group based on rule. 6. Target Selected using load balancing algorithm (Round Robin, Least Connections, etc.). 7. Health Check Verified → only healthy targets get traffic. 8. Response Returned → Target replies → LB node → Client. Advanced * Sticky Sessions → Keeps user bound to same target. * SSL Offloading → ELB handles encryption. * Connection Draining (Deregistration Delay) → Lets existing connections finish before shutting down a target. * X-Forwarded-For Header → Preserves client IP (since traffic comes via ELB). * Idle Timeout → Configurable for connections (default 60s). * Access Logs → Can store request logs in S3. * Deletion Protection → Prevents accidental deletion of ELB. ### Quick Real-Life Analogy Imagine an airport system: * Listener = Check-in desk (decides who goes where). * Rules = Airline desks (if ticket says "Delta" → go to Delta gate). * Target Group = Boarding gates (each gate handles passengers for one flight). * Targets = Airplanes (actual backend servers taking the load). * Nodes = Airport staff (manage passenger flow). * Health Checks = Maintenance check on planes (if plane is broken, don’t board passengers). * DNS Name = Airport address (people just know “Heathrow”, not every gate number). Internet-facing LB

Internal LB

Cross-Zone LB

Key Points

``` /27 Subnet is recommended by AWS but /28 Also works Fine ``` ### **Load Balancer Consolidation**

Types of ELB 1. Application Load Balancer (ALB) * Best for websites & apps. * Works at Layer 7 (Application layer) → understands HTTP/HTTPS. * Can do smart routing: * `/images` → server A * `/api` → server B * Supports modern apps: containers (ECS/EKS), microservices.

2\. Network Load Balancer (NLB) * Works at Layer 4 (Transport layer) → understands TCP, UDP, TLS. * Super fast ⚡ → best for millions of requests per second. * Used for gaming servers, VoIP, financial apps where performance is key.

ALB Vs NLB

3. Gateway Load Balancer (GWLB) * Special one for third-party appliances (firewalls, IDS/IPS, packet inspection). * Routes traffic to security tools before reaching your servers. 4. Classic Load Balancer (CLB) * The old version (Layer 4 & 7). * Mostly outdated → use ALB or NLB instead.