NLB 也可以幫忙處理 TLS 了...

AWS 推出的新功能,讓 NLB (network load balancer) 可以直接做完 SSL offload:「New – TLS Termination for Network Load Balancers」。

而且 NLB 可以保留 source ip,不需要在 web server 上處理特殊的 header (像是 X-Forwarded-For 這類的 HTTP header)。這點倒是頗有趣...

Amazon API Gateway 可以透過 NLB 接進 VPC 內了

AWS 宣佈可以透過 Network Load BalancerAPI Gateway 接進 VPC 內了:「Amazon API Gateway Supports Endpoint Integrations with Private VPCs」。

You can use API Gateway to create an API endpoint that is integrated with your VPC. You create an endpoint to your VPC by setting up a VPC link between your VPC and a Network Load Balancer (NLB), which is provided by Elastic Load Balancing.

基本上是所有的區域都有了,除了美國政府的區域外:

This feature is now available in US East (N. Virginia), US East (Ohio), US West (Oregon), US West (N. California), Canada (Central), South America (São Paulo), EU (Ireland), EU (Frankfurt), EU (London), Asia Pacific (Singapore), Asia Pacific (Tokyo), Asia Pacific (Sydney), Asia Pacific (Seoul), and Asia Pacific (Mumbai) AWS regions.

是透過 NLB 接進去,而不是 ELB Classic 或是 ALB,可以來想像網路架構是怎麼做的...

AWS 推出將 Classic Load Balancer 轉換成 Application Load Balancer 或 Network Load Balancer 的功能

AWS 應該是希望大家趕快把能換的 ELB 都換成新的 ALB 與 NLB,所以推出這個功能:「New One-step Migration Wizard to Migrate a Classic Load Balancer」。

Today, AWS announced the ability to migrate from a Classic Load Balancer to an Application Load Balancer or a Network Load Balancer in one step using a console-based migration wizard.

不過 ELB 有一些功能是目前 ALB 與 NLB 沒有的,像是一般性的 SSL offload (而非 HTTPS offload),以及舊客戶會有的 EC2-Classic:

不知道這兩個問題之後會推出什麼樣的方案解決...

AWS NLB 也可以指定 IP address 當後端了

月初的時候 AWS ALB 支援 IP address 當後端 (AWS ALB 可以設定 IP address 當作後端伺服器了),然後推出 AWS NLB (AWS 推出新的 Load Balancer:NLB (Network Load Balancer)),然後這個功能也被做到 NLB 上了:「Elastic Load Balancing: Network Load Balancer now supports load balancing to IP addresses as targets for AWS and on-premises resources」。

就如同說明的,這樣可以透過 VPN 架構 (無論是 AWS Direct Connect 或是一般的 IPsec VPN) 共用機房與雲端上的資源:

We are pleased to announce that Network Load Balancers can now distribute traffic to AWS resources using their IP addresses as targets in addition to the instance IDs. You can now also load balance to resources in on-premises locations reachable over AWS Direct Connect and resources in EC2-Classic. Load balancing across AWS and on-premises resources using the same load balancer makes it easy for you to migrate-to-cloud, burst-to-cloud, or failover-to-cloud.

除了中國區以外的 region 都可以用這個功能了:

Load balancing using IP addresses is available today for existing and new Network Load Balancers in all public AWS regions except the China (Beijing) region. You can get started using the AWS Management Console, AWS Command Line Interface (CLI), or AWS SDK.

AWS 推出新的 Load Balancer:NLB (Network Load Balancer)

從一開始推出的 ELB (Elastic Load Balancer),到 ALB (Application),現在則推出了 NLB (Network):「New Network Load Balancer – Effortless Scaling to Millions of Requests per Second」。

有這些特性:

  1. Static IP Addresses
  2. Zonality
  3. Source Address Preservation
  4. Long-running Connections
  5. Failover

雖然不能確定 AWS 用的技術是什麼,但這裡面有好幾個很明顯就是 DSR (Direct Server Return) 架構的特性 (包括了限制與優點)。

另外也因為不用處理 L7 的內容,效能比起 ELB/ALB 好很多,夠大的用量下,價錢也低不少。對於不少非 HTTP/HTTPS 的應用應該很好用,就算是 HTTP/HTTPS,單純一點的應用應該也不錯...