AWS Advanced Networking Speciality 1.3 : Configuration options for load balancer target groups (for example, TCP, GENEVE, IP compared with instance)

Advanced Network Speciality Exam — Blogs

A Target group routes requests to one or more registered targets. They can be EC2 Instances, IP addresses, Kubernetes Cluster, Lambda Functions etc. Target groups are specified when you create a listener rule. You can also define various health checks and associate them with each target-groups.

Typical load-balancer components

Ref:https://docs.aws.amazon.com/images/elasticloadbalancing/latest/application/images/component_architecture.png

Cross-Zone Load Balancing Ref:https://docs.aws.amazon.com/images/elasticloadbalancing/latest/userguide/images/cross_zone_load_balancing_enabled.png

What is Geneve, and what is the context with ELB: Generic Network Virtualisation Encapsulation

In the context of Gateway Load Balancer, a flow can be associated with either 5-Tuple or 3-Tuple.A flow can be associated with either a 5-tuple or 3-tuple flow in load balancers.

A 5-tuple flow includes the source IP address, destination IP address, source port, destination port, and protocol number. This is used for TCP, UDP, and SCTP protocols.

A 3-tuple flow includes the source IP address, destination IP address, and protocol number. This is used for ICMP and ICMPv6 protocols.

Gateway Load balancers and their registered virtual appliances use GENEVE protocol to exchange application traffic on port 6081

References :

https://docs.aws.amazon.com/elasticloadbalancing/latest/application/introduction.html

https://datatracker.ietf.org/doc/html/rfc8926 Continue reading

Speciality 1.3 : Integrations of load balancers and other AWS services (for example, Global Accelerator, CloudFront, AWS WAF, Route 53, Amazon Elastic Kubernetes Service [Amazon EKS], AWS Certificate Manager [ACM])

< MEDIUM : https://raaki-88.medium.com/aws-advanced-networking-speciality-1-3-deedc0217ea6 >

Advanced Network Speciality Exam — Blogs

https://medium.com/@raaki-88/list/aws-advanced-network-speciality-24009c3d8474

Global Accelerator — A service that provides static ip addresses with your accelerator. These IP addresses are Anycast from the AWS edge network, meaning the global accelerator diverts your application’s traffic to the nearest region to the client.

Two types of Global Accelerators — Standard Accelerators and Custom Routing accelerators.

https://d1.awsstatic.com/product-page-diagram_AWS-Global-Accelerator%402x.dd86ff5885ab5035037ad065d54120f8c44183fa.png

Standard Accelerators uses aws global network to route traffic to the optimal regional endpoint based on health, client location and policies that the user configures, increasing availability and decreasing latency to the end users. Standard-accelerator endpoints can be Network Load balancers, Application load balancers from load balancing context. Custom routing accelerators do not support load balancer endpoints as of today.

When using accelerators and Load-balancers, update DNS records so that application traffic uses accelerator end-point, redirecting the traffic to load-balancer endpoints.

CloudFront and AWS-WAF with ELB:

When using an application load balancer in ELB, cloud-front meant to cache the objects can reduce the load on ALBs and improve performance. CF can also protect ALB and internal services from DDOS attacks, as with AWS WAF. But for this to succeed, administrators Continue reading

Lessons Learned Running Presto at Meta Scale

Presto is a free, open source SQL query engine. We’ve been using it at Meta for the past ten years, and learned a lot while doing so. Running anything at scale - tools, processes, services - takes problem solving to overcome unexpected challenges. Here are four things we learned while scaling up Presto to Meta scale, and some advice if you’re interested in running your own queries at scale.

Scaling Presto rapidly to meet growing demands: What challenges did we face?

Deploying new Presto releases

Gossip Protocol Explained

You can subscribe to the system design newsletter to excel in system design interviews and software architecture. The original article was published on systemdesign.one website.

What Is Gossip Protocol?

The typical problems in a distributed system are the following [1], [11]:

maintaining the system state (liveness of nodes)
communication between nodes

The potential solutions to these problems are as follows [1]:

centralized state management service
peer-to-peer state management service

AWS Advanced Networking Speciality 1.3 AWS Advanced Networking: Connectivity patterns that apply to load balancing based on the use case

< MEDIUM: https://raaki-88.medium.com/aws-advanced-networking-speciality-1-3-23eb011b74df >

Exam Topic — https://d1.awsstatic.com/training-and-certification/docs-advnetworking-spec/AWS-Certified-Advanced-Networking-Specialty_Exam-Guide.pdf

https://towardsaws.com/aws-advanced-networking-task-statement-1-3-c457fa0ed893

https://raaki-88.medium.com/aws-advanced-networking-speciality-1-3-3ffe2a43e2f3

Internal ELB — An internal Load balancer is not exposed to the internet and is deployed in a private subnet. A DNS record gets created, which will have a private-IP address of the load-balancer. It’s worth noting to know DNS records will be publicly resolvable. The main intention is to distribute traffic to EC2 instances. Across availability zones, provided all of them have access to VPCs.

External ELB — Also called an Internet-Facing Load Balancer and deployed in the Public subnet. Similar to Internal ELB, this can also be used to distribute and balance traffic across two availability zones.

Example Architecture Reference — https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/deploy-an-amazon-api-gateway-api-on-an-internal-website-using-private-endpoints-and-an-application-load-balancer.html?did=pg_card&trk=pg_card

– Rakesh

AWS Advanced Networking Speciality 1.3 AWS Advanced Networking: Different types of load balancers and how they meet requirements for network design, high availability, and security

< MEDIUM: https://raaki-88.medium.com/aws-advanced-networking-speciality-1-3-3ffe2a43e2f3 >

https://medium.com/towards-aws/aws-advanced-networking-task-statement-1-3-c457fa0ed893 — Has intro details for the speciality exam topic

Different types of Load-Balancers

CLB — Classic Load Balancer
ALB — Application Load Balancer
NLB — Network Load Balancer
GLB — Gateway Load Balancer

High Availability Aspect: ELB (Can be any load-balancing) can distribute traffic across various different targets, including EC2-Instances, Containers, and IP addresses in either a single AZ or multiple AZs within a region.

Health Checks: An additional health check can be included to ensure that the end hos serving the application is healthy. This is typically done through HTTP status codes, with a return value 200 indicating a healthy host. If discrepancies are found during the health check, the ELB can gracefully drain traffic and divert it to another host in the target group. If auto-scaling is set up, it can also auto-scale as needed.

Network Design: Depending on the type of traffic and Application traffic pattern, the load and burst-rate choice of load-balancer will differ.

Various Features — High-Availability, High-Throughput, Health-Checks, Sticky-Sessions, Operational-Monitoring and Logging, Delete-Protection.

TLS Termination — You can also have integrated certificate management and SSL decryption which offloads end-host CPU load and acts as a central Continue reading

AWS Advanced Networking — Task Statement 1.3: How load balancing works at Layer 3, layer 4, and Layer 7 of the OSI model

< MEDIUM: https://towardsaws.com/aws-advanced-networking-task-statement-1-3-c457fa0ed893 >

Ref: https://aws.amazon.com/elasticloadbalancing/

Why Elastic Load Balancer?

To Distribute incoming application traffic across EC2 instances / Containers / IP Addresses and these entities, generally, can be called targets and grouped as Target-Groups.
Another advantage is performing health checks, such as packet-loss or high-latency, and can be integrated with Auto-scaling, hence Elastic.
Depending on the ELB type and its operational requirement, this can further be subdivided into CLB, ALB, GLB, and NLB.

CLB — Classic Load Balancer

– AWS Recommends ALB today instead of CLB
– Intended for EC2 instances which are built in EC2-Classic Network
– Layer 4 or Layer 7 Load Balancing
– Provides SSL Offloading and IPv6 support for Classic Networks

ALB — Application Load Balancer

Works at the 7th Layer of the OSI Model.
Supports applications that run in Containers
Supports Content-based Routing
HTTP/HTTPS, Mobile Apps, Containers in EC2, and Microservices benefit greatly from ALB

Why Elastic Load Balancer?

To Distribute incoming application traffic across EC2 instances / Containers / IP Addresses and these entities, generally, can be called targets and grouped as Target-Groups.
Another advantage is performing health checks, such as packet-loss or high-latency, and can be integrated with Auto-scaling, Continue reading

Set up your Own wireguard-based Cloud VPN server without installing software on your laptop — GL-A1300 Slate Plus Wireless Router

< MEDIUM: https://aws.plainenglish.io/set-up-your-own-wireguard-based-cloud-vpn-server-without-installing-software-on-your-laptop-1bdc41b0b55 >

Note: This requires the purchase of a wireless router which is capable of running a Wireguard package in this case it’s Slate-Plus GL-A1300 and I do not have any affiliate or ads program with them, I simply liked it for its effectiveness and low cost.

The Need :

For one reason many of us want a VPN server which does decent encryption but won’t charge us a lot of money, in some cases, it can be done free of cost and in others for not want us to install a variety of software which messes up with internal client routing and also against some of the IT-Policies, even if it’s a browser-based plugin.

The Choice :

Wireguard: https://www.wireguard.com/ — VPN Software, Software-based encryption, extremely fast and light-weight.

GL-A1300 Slate-Plus — Wireless Router with support for Wireguard which is not a feature in many of the current market routers, had OpenWrt as the installed software.

Features

The GL-A1300 Slate Plus wireless VPN encrypted travel router comes packed with features that will make your life easier while travelling. Here are just a few of the most important:

VPN Encryption — The GL-A1300 Slate Plus Continue reading

AWS Rekognition — A simple classifier without having to build a lot of in-house or Cloud Environments — Sample Bird-Project

< MEDIUM : https://aws.plainenglish.io/aws-rekognition-a-simple-classifier-without-having-to-build-a-lot-of-in-house-or-cloud-a43fc6e9e8a >

A few weeks ago, I set up a bird feeder and used it to capture bird images, the classifier itself was not that accurate but was doing a decent job, what I have realised is that not every time we end up with highly accurate on-board edge classification especially while learning how to implement them.

So after a few weeks, there were a lot of images some of them sure enough had birds while some of them were taken in Pitch Dark and am not even sure what made the classifier figure out a birdie in the snapshot from the camera.

Now for me in order to make an Image, I have to rely on a re-classifier doing the job for me, initially, I thought I will write a lambda-based classifier as a learning experiment, but then I thought it was a one-time process every 6 months or so, so I went ahead with a managed service option and in this case, its AWS Rekognition, which is quite amazing.

https://aws.amazon.com/rekognition/

Code Snippet used for Classification

import os
import concurrent.futures
import boto3

def detect_birds(image_path):
# Configure AWS credentials and region
session Continue reading

Controversial Reads 071423

Indian-born CEOs are closing their firms and fleeing back to India to escape charges of fraud in the annual lotteries for visas to import H-1B foreign contract workers, says a lawyer for many Indian-owned subcontractors and visa workers.

Over the past few years, Apple has pursued a meal-prepping app with a pear logo, a singer-songwriter named Frankie Pineapple, a German cycling route, a pair of stationery makers, and a school district, among others.

Reddit, a link-aggregating website that claims to be the “front page of the internet,” has turned into a hotbed for radicalization.

Wolk wasn’t saying cable news was necessarily a terrible product; it was an obsolete one on an obsolete platform. While he didn’t predict that the death of cable was imminent, he made it clear it might be time to start looking for hospice care.

However, where the previous labor nuke decimated the white working class in flyover states, this one will explode closer to the power center of Corporate America. Creative AIs like ChatGPT most threaten one of the Regime’s most powerful assets: the managerial class.

A bid to legally muzzle critics of the Irish Data Protection Commission (DPC) is just the tip of the iceberg Continue reading

Weekend Reads 071423

For example, at a certain level, your password must include today’s Wordle answer. And then there’s rule #27: “At least 50% of your password must be in the Wingdings font.”

On 12 June, the DFIR Report published an in-depth analysis of a Truebot intrusion that began with several page redirects via a Traffic Distribution System (TDS) and ended with dropping a Master Boot Record (MBR) killer wiper onto a victim’s computer.

PL/I stands for Programming Language 1, and its aim was to be the Highlander of programming languages: there would be no need for 2, 3, or 4 if everything went to plan.

In this episode of PING, APNIC’s Chief Scientist Geoff Huston discusses how Sweden built a national time distribution system and the nature of time in the modern Internet.

When system architects sit down to design their next platforms, they start by looking at a bunch of roadmaps from suppliers of CPUs, accelerators, memory, flash, network interface cards – and PCI-Express controllers and switches.

In a recent investigation by Microsoft Incident Response of an intrusion, we found that the threat actor progressed through the full attack chain, from initial access to impact, in less than five days, Continue reading

Akamai opens new data centers in push to public cloud

Content delivery network (CDN) and cloud computing provider Akamai has opened three new internet point of presence (POP) data centers this week, and will open two more later in the quarter, as the company looks to take over a bigger portion of the public cloud market.The three new sites open as of this week are in Paris, Washington, D.C., and Chicago. Sites in Seattle and Chennai will follow in the coming months, Akamai said. The expansion is part of the company's push into the public cloud market dominated by incumbents like Google, Amazon and Microsoft, Akamai said.The sites were chosen carefully, according to a statement from Akamai. Washington, D.C., is one of the biggest data center hubs in the world, with Northern Virginia containing upward of half of the major data center capacity in the US. Chicago is a well-situated secondary site for latency-sensitive workloads running either locally or in nearby markets, including Philadelphia and Washington, while the Paris site represents a new option for organizations facing data sovereignty challenges posed by EU regulation.To read this article in full, please click here

Enterprises Are Not Going To Miss The Fourth Wave Of AI

IBM announced its Watsonx software development stack back in May, and today it is starting to ship it to customers. …

The post Enterprises Are Not Going To Miss The Fourth Wave Of AI first appeared on The Next Platform.

Enterprises Are Not Going To Miss The Fourth Wave Of AI was written by Timothy Prickett Morgan at The Next Platform.

Heavy Networking 690: LACP Is Not Link Aggregation – With Tony Bourke

On today’s Heavy Networking we talk LACP and link aggregation. While bonding two or more links together to act as a single virtual link has been done for decades, LACP and link aggregation aren't the same thing, and the distinction matters. Our guest to get into the differences is network instructor Tony Bourke.

Heavy Networking 690: LACP Is Not Link Aggregation – With Tony Bourke

The post Heavy Networking 690: LACP Is Not Link Aggregation – With Tony Bourke appeared first on Packet Pushers.

New ML benchmarks show best algorithms for training chatbots

MLCommons, a group that develops benchmarks for AI technology training algorithms, revealed the results for a new test that determines system speeds for training algorithms specifically used for the creation of chatbots like ChatGPT.MLPerf 3.0 is meant to provide an industry-standard set of benchmarks for evaluating ML model training. Model training can be a rather lengthy process, taking weeks and even months depending on the size of a data set. That requires an awful lot of power consumption, so training can get expensive.The MLPerf Training benchmark suite is a full series of tests that stress machine-learning models, software, and hardware for a broad range of applications. It found performance gains of up to 1.54x compared to just six months ago and between 33x and 49x compared to the first round in 2018.To read this article in full, please click here

New ML benchmarks show best algorithms for training chatbots

Cisco snaps up Oort to bolster identity management technology

Cisco is continuing its summer buying spree with the acquisition of security startup Oort for an undisclosed amount.Oort offers an identity threat detection and response platform for enterprise security. Founded in 2019, Oort raised $15 million in Series A funding that included money from Cisco’s venture capital arm.“With Oort’s API-driven, cloud-native, and agentless platform, they eliminate identity visibility gaps across disparate data sources, show misconfigurations, check for security vulnerabilities, and offer predictive identity analytics to proactively stop attacks,” wrote Raj Chopra, senior vice president and chief product officer for Cisco Security, in a blog about the acquisition. To read this article in full, please click here

Cisco snaps up Oort to bolster identity management technology

Quickly see differences between Zone Versions with Version Comparisons

On the week of July 10, 2023, we launched a new capability for Zone Versioning - Version Comparisons. With Version Comparisons, you can quickly get a side by side glance of what changes were made between two versions. This makes it easier to evaluate that a new version of your zone’s configuration is correct before deploying to production.

A quick recap about Zone Versioning

Zone Versioning was launched at the start of 2023 to all Cloudflare Enterprise customers and allows you to create and manage independent versions of your zone configuration. This enables you to safely configure a set of configuration changes and progressively roll out those changes together to predefined environments of traffic. Having the ability to carefully test changes in a test or staging environment before deploying them to production, can help catch configuration issues before they can have a large impact on your zone’s traffic. See the general availability announcement blog for a deeper dive on the overall capability.

Why we built Version Comparisons

Diff is a well known and often used tool by many software developers to quickly understand the difference between two files. While originally just a command line utility it is now ubiquitous across Continue reading

« Previous 1 … 204 205 206 207 208 … 3,782 Next »