Home » Posts tagged "balancer"

Amazon API Gateway 可以透過 NLB 接進 VPC 內了

AWS 宣佈可以透過 Network Load BalancerAPI Gateway 接進 VPC 內了:「Amazon API Gateway Supports Endpoint Integrations with Private VPCs」。

You can use API Gateway to create an API endpoint that is integrated with your VPC. You create an endpoint to your VPC by setting up a VPC link between your VPC and a Network Load Balancer (NLB), which is provided by Elastic Load Balancing.

基本上是所有的區域都有了,除了美國政府的區域外:

This feature is now available in US East (N. Virginia), US East (Ohio), US West (Oregon), US West (N. California), Canada (Central), South America (São Paulo), EU (Ireland), EU (Frankfurt), EU (London), Asia Pacific (Singapore), Asia Pacific (Tokyo), Asia Pacific (Sydney), Asia Pacific (Seoul), and Asia Pacific (Mumbai) AWS regions.

是透過 NLB 接進去,而不是 ELB Classic 或是 ALB,可以來想像網路架構是怎麼做的...

Amazon Lightsail 推出 Block Storage 與 Load Balancer

Amazon Lightsail 推出了 Block Storage (11/14) 與 Load Balancer (11/29):「Introducing additional block storage for Amazon Lightsail」、「Amazon Lightsail adds load balancers with integrated certificate management」。

兩個是不同時間點發表的,當時懶的寫所以這次一起寫...

Block Storage 有不少 VPS 都有提供了,像是 Linode 的「Linode Block Storage (Fremont beta)」(雖然還在 beta)、DigitalOcean 的「Storage on DigitalOcean | Highly available Block Storage」以及 Vultr 的「High Performance and Cheap Block Storage - Vultr.com」。

AWS 算是很早就有這個服務 (Amazon EBS),這邊應該只是把系統整合進來...

另外一個是這幾天推出的 Load Balancer,目前應該只有 Linode 的「Ensure High-Availability with NodeBalancers - Linode」比較知名。AWS 上的 ELB 有不少選擇可以用 (ELB Classic、ALB 以及 NLB),不過公告裡沒特別提到... 比較特別的是提供免費的 SSL Certificate 吧?這在其他家主要得靠 Let's Encrypt 來做,在 AWS 上應該是整合了 ACM

AWS 推出將 Classic Load Balancer 轉換成 Application Load Balancer 或 Network Load Balancer 的功能

AWS 應該是希望大家趕快把能換的 ELB 都換成新的 ALB 與 NLB,所以推出這個功能:「New One-step Migration Wizard to Migrate a Classic Load Balancer」。

Today, AWS announced the ability to migrate from a Classic Load Balancer to an Application Load Balancer or a Network Load Balancer in one step using a console-based migration wizard.

不過 ELB 有一些功能是目前 ALB 與 NLB 沒有的,像是一般性的 SSL offload (而非 HTTPS offload),以及舊客戶會有的 EC2-Classic:

不知道這兩個問題之後會推出什麼樣的方案解決...

AWS NLB 也可以指定 IP address 當後端了

月初的時候 AWS ALB 支援 IP address 當後端 (AWS ALB 可以設定 IP address 當作後端伺服器了),然後推出 AWS NLB (AWS 推出新的 Load Balancer:NLB (Network Load Balancer)),然後這個功能也被做到 NLB 上了:「Elastic Load Balancing: Network Load Balancer now supports load balancing to IP addresses as targets for AWS and on-premises resources」。

就如同說明的,這樣可以透過 VPN 架構 (無論是 AWS Direct Connect 或是一般的 IPsec VPN) 共用機房與雲端上的資源:

We are pleased to announce that Network Load Balancers can now distribute traffic to AWS resources using their IP addresses as targets in addition to the instance IDs. You can now also load balance to resources in on-premises locations reachable over AWS Direct Connect and resources in EC2-Classic. Load balancing across AWS and on-premises resources using the same load balancer makes it easy for you to migrate-to-cloud, burst-to-cloud, or failover-to-cloud.

除了中國區以外的 region 都可以用這個功能了:

Load balancing using IP addresses is available today for existing and new Network Load Balancers in all public AWS regions except the China (Beijing) region. You can get started using the AWS Management Console, AWS Command Line Interface (CLI), or AWS SDK.

AWS 推出新的 Load Balancer:NLB (Network Load Balancer)

從一開始推出的 ELB (Elastic Load Balancer),到 ALB (Application),現在則推出了 NLB (Network):「New Network Load Balancer – Effortless Scaling to Millions of Requests per Second」。

有這些特性:

  1. Static IP Addresses
  2. Zonality
  3. Source Address Preservation
  4. Long-running Connections
  5. Failover

雖然不能確定 AWS 用的技術是什麼,但這裡面有好幾個很明顯就是 DSR (Direct Server Return) 架構的特性 (包括了限制與優點)。

另外也因為不用處理 L7 的內容,效能比起 ELB/ALB 好很多,夠大的用量下,價錢也低不少。對於不少非 HTTP/HTTPS 的應用應該很好用,就算是 HTTP/HTTPS,單純一點的應用應該也不錯...

在 AWS 的 NGINX Plus

主要是看到「Quick Start Update: Deploy NGINX Plus on the AWS Cloud」這篇才知道在 AWS Marketplace 上有「NGINX Plus - Amazon Linux AMI (HVM)」可以用,而且有三十天試用期可以使用:

30 Day Free Trial Available - NGINX Plus is a high performance load balancer, edge cache and origin server for web content, streaming media and API traffic. It complements the load balancing capabilities of Amazon ELB and ALB by adding support for multiple HTTP, HTTP/2, and SSL/TLS services, content-based routing rules, caching, autoscaling support, and traffic management policies. NGINX Plus for AWS is provided and supported by the original creators of NGINX web server.

所有機器的年約都是 USD$2500/year,使用 t2.{nano,micro,small} 的話因為 hourly 的價錢乘以一年後反而還比較便宜,記得別亂買...

另外這代表可以直接付錢測試功能... (或是免費,如果 free trial 還沒用)

AWS ALB 可以設定 IP address 當作後端伺服器了

AWS ALB 推出直接設定 IP address 當作後端伺服器的功能:「New – Application Load Balancing via IP Address to AWS & On-Premises Resources」。

ip – Targets are registered as IP addresses. You can use any IPv4 address from the load balancer’s VPC CIDR for targets within load balancer’s VPC and any IPv4 address from the RFC 1918 ranges (10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16) or the RFC 6598 range (100.64.0.0/10) for targets located outside the load balancer’s VPC (this includes Peered VPC, EC2-Classic, and on-premises targets reachable over Direct Connect or VPN).

這樣就能拿 ALB 當 load balancer 把部份內容接到自己機房內的伺服器群了,一種隨便串的概念... (可以透過 AWS Direct Connect 或是 VPN 直接串,所以對外的部份就直接是 AWS 端,對內要怎麼接就隨便接...)

nginx 的 mirror 功能

nginx 1.13.4 出的新功能,ngx_http_mirror_module

The ngx_http_mirror_module module (1.13.4) implements mirroring of an original request by creating background mirror subrequests. Responses to mirror subrequests are ignored.

範例其實就講的還蠻清楚的:

location / {
    mirror /mirror;
    proxy_pass http://backend;
}

location /mirror {
    internal;
    proxy_pass http://test_backend$request_uri;
}

如果拿 nginx 當 load balancer 的人,可以用這個功能做些事情...

在 F5 設備上使用 Let's Encrypt 憑證

找資料的時候翻到 F5 官方有給一篇導引,介紹如何自動化 Let's Encrypt 的憑證:「Lightboard Lessons: Automating SSL on BIG-IP with Let's Encrypt!」。

在 F5 的 GitHub 上也有一包「f5devcentral/lets-encrypt-python」可以看看。

還沒仔細看 & 測試,但大概有些輪廓了。看起來要考慮到裡面用的 letsencrypt.sh 已經改名成 dehydrated,另外就是實際測試了...

其實憑證貴的不是費用,是跑採購流程的成本... 單 domain 的如果可以用 Let's Encrypt 解決的話會可以省下不少功夫。

Archives