Day 12 Creating a Scalable NLB Project with EC2, VPC, Route 53, and SSL Certificate Manager

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hi guys good morning everyone welcome back to my channel again my name is saen today we are going to discuss about load balancers guys we are going to discuss about load balancer so before jumping onto the load balancers we do actually have two types not Network and application guys before that we do have something called Regional based Regional based load balancer and then there is another called VPC based load balancer okay so in this Regional based Road balancer we do have Global accelerator or Global load balancer and then here we do have two more things one is application load balancer and then another one is Network load balancer okay so guys before jumping on to the Practical let me show you the architecture now today we are going to do one proper real time task guys make sure if you do not have time okay but come back and watch this again so let me draw you the architecture now I'm going to take so I'll keep three private subnets today we are not using any public in stres guys we are using three private subnets okay and then imagine this is a target group we'll be keeping this in TZ Target group and on top of it we'll create one load balancer today we are going to discuss only about Network load balancer and tomorrow we are going to discuss about application load balancer here we are going to keep three public subnets nice and then after creating the load balancer we'll be getting one DNS name but we are not going to access our instances with this DNS name for this what I'm going to do is I'm going to create one Route 53 I'll create one domain name we are going to access with the domain name W www. cloud vishwakarma vishwakarma doin this is Route 53 actually okay so with this we will accept this load balancer and then from here we do have Target groups we'll be attaching this private uh subnets to the Target groups and we'll also be creating one Nat Gateway Nat is for communication guys if private want to take anything from the public we can take this from n Gateway I'll also so people who are watching for the very first time if you are not aware of the N Gateway I request you to please go back and watch it if not you can learn this from this session itself only okay so this is the thing we are going to achieve this for today uh before jumping onto the practicals let me tell you another thing as I said there are of two load balancer under VPC based one is Network load balancer we are going to discuss this now this uh Network load balancer mainly works on transport layer guys which is also called as layer 4 and the second one is application load balancer this works on application layer this is layer 7 okay see guys this NLB load balancer this always works on TCP and UDP protocol this is how you have to tell you in the interview not just uh like you know load balancers are of two types and and one is application and no you're not supposed to tell like that and application load balance work on HTTP and https protocol okay so in interview if if if an interviewer is asking do you know load balancers or something you should not tell them yeah you know there are of Two Types on is application and network load balancer no that is not the proper answer you should tell them clearly on what prot it works and what is the another load balancer which on what protocol does it works you should tell them application load balancer supports only HTTP and https protocol and network load balancer supports TCP and UDP protocol but HTTP and https are TCP protocols only however application load balancer doesn't support UDP UDP is again user datagram protocol so UDP is mainly used for what UDP is mainly used for gaming applications or streaming applications or team Zoom uh WebEx all these remote sessions uh so that is not supported by the application load balancer this is the major difference between these two so today we are jumping only on to the network load balancer so first we'll see what is this TCP and UDP exactly and then we'll quickly Network load balancer guys TCP is something example if you take File Transfer app or SFTP or winess CP or at last we can take email I'll tell you in a very short way this is not a networking session so imagine here there is an email box see not email box whenever a TC in protocol what will happen is it it's completely works on source and destination or Source or targets okay imagine here is a Source okay and here is the destination so what it will do is when you enter www. google.com or ww something it will send a packet to the destination and it will make sure this Source will wait for the response from the destination it will it will be done in a very fast way guys I'm just telling you but try to understand so what this Source will do is in TCP protocol it always waits for the destination acknowledgement so this is how TCP protocol works for example you can take SFTP SFTP is nothing but secure file transfer protocol and VP is also in file transfer protocol or email Outlook Apple email all all this comes under uh this TCP protocol itself only if you take UDP if you take pubg okay if you take pubg one of our favorite games or Hitman or something or Battlefield or something see that doesn't require TCP that requires UDP because UDP works on example again if you take source and destination it doesn't waits for the destination response it will keep sending the packets continuously when you're playing pubg whenever you're talking with your friend uh with the the mic on or something so it doesn't need any response from the other one right he will definitely knows whether the sound is properly audible or not so in such case UDP protocol is enough or if you take Zoom sessions or if you take team sessions or I'll show you one thing I'll open Google now and then I'll show you see in in some cases there is something called fail over and failback protocols which were they will be working on both TCP and UDP protocols also I'll I'll open this Microsoft teams protocol see Ms team for teams functional correct you must open DCP port 18443 and UDP ports also see Microsoft teams works on both of the protocols okay and if you want to still debug or search more on this you can go through the Google and do it guys first what you have to do I'll refresh VPC create VPC VPC and more I'll close this and then I'll give this as an lb 10 do is okay for me number of availability on three private subry public sub 3 one in availabil on create PPC let's wait uh for this n gateway to complete do not jump onto the instances directly we should wait till it completes I'll refresh again guys see uh it has been created now go to the VPC guys make sure that you are creating the security groups properly okay it plays a very crucial role during the time of this uh load balance this entire project part let's go back to security groups once after creating your uh all the VPC components come here and then copy it okay this is our security group what you have to do is we'll be allowing some TCP ports and HTTP ports and also we will allow some TLS Sports okay so for that you need to allow all um I'll allow all TCP anywhere and then also allow all traffic anywhere in real time don't do this guys here what you can do is you can select only particular code and I'll also allow HTTP and https also htps anywhere anywhere so all traffic and then also last one which is SSH nice and then save RS now once after creating this what you have to do is you have to come back to the instances and make sure that you are creating instances only in private subnets not in public subnets okay launch instance and you should keep one one in each 1 a and 1 B and 1C T2 micro is fine and then my Keir latest pen edit VPC make sure you're selecting properly n lb and then I need 1 a this is private use yeah one only don't don't need we don't require IP and then security groups this is the one and make sure that you're pasting the script here because we need to test the load balancer right how we would know whether the load is transmitting properly or not so what I'll do is I'll paste one small script where it installs enzen X and then what we doing is we are copying this host name from this C command and then we are copying it to the engine X directory okay uh this is server 1 a fine fine launch instance now what you have to do is you have to quickly go back to the Target groups and you can create the target group first and then you can create the load balancer come back to Target groups open Target group click on create Target group instances is you have to select the instance I'll give as an lb hyen TZ this I'll take as TCP I'll select the VPC as my NLB I'll leave it as it is and then click on next make sure you're selecting all these private servers okay these are all private and then include as spending below create Target group now what you have to do go back to your load balancer now create the load balancer create load balancer we are going to discuss this tomorrow guys application load balancer this Gateway load balancer is again I didn't test it maybe this is a regional based load balancer I think uh here NLB and then I'll give NLB see this is internet facing and this is internal guys I'll tell you later about this okay now only I'll tell you what was this exactly see imagine if there are imagine if there are three servers one is web another one is app this is DB now with the internal what you can do is you can keep one inter facing load balancer here okay and they can communicate each other so that is something which is internal facing load balance see here you can select internal with the private IP address and then NLB guys make sure that you are selecting public Subs here not private subjects okay see you have to select public and then you have to select c 1 a public 1 B public and 1 C public here these are assigned by AWS only or you can also use elastic IP addresses if you want constant IP then what you can do is you can create uh elastic IP addresses individually for now it doesn't requir so I'm leaving it as it is for AWS itself only and then here I'm going to select NLB guys here I'll select ad listener I'll tell you last why I have selected ad listener here and then again here I'll select TLS 443 is the port number I'll select NLB Target group I have created a certificate I'll show you now this is my certificate uh this was issued by Amazon actually I have taken this domain name outside I'll click this because this certificate does have access uh from Amazon itself only all security policies you can take anyone I leave itting as I'm leaving it as for recommended and then all good write listener TLS fine now come down and click on create load balance now I'm going to show you that certificate okay in AWS we do have something called ACM guys ACM is nothing but Amazon just hold on Amazon certificate manager or AWS certificate manager so here what we have to do is people who does have domain just follow the steps which what I'm telling right now because I have already requested for the certificate it will take more than one day um sometimes it will take more like less than 5 minutes itself only but in my case it has taken very much long time I don't know why so I have created this before coming to the session itself only simply what you can do first you have to open your uh uh round 53 come to hosted zones click on create hosted zones just forgot about all these things guys click on H create hostal Jones here you have to enter your domain name my domain name is cloud vishwakarma doin this is the domain name I bought from GoDaddy okay and then you have to enter the same here also I description it's as it is public and then you have to create hosted zones then you will see a tab like this cloud. okay now what you have to do simply go inside don't do any changes just leave it as it is and then come back to ACM which is a your um sorry Amazon certificate manager here what you have to do is you have to click on request and then request a public certificate next and then here you have to mention see this star what this star indicates is it's an subdomain name you can give it as www or Basha cloud isa.com or like you know saam whatever you want you want to give that that star represents that subdomain and then DNS validation and then RSA request so what it will do is Once after you requested if you come back here it will not be displayed like this you have to click on this certificate ID okay you have to click on the certificate ID after some few minutes you'll be seeing something called C name and C C name value here this is uh a is just asking you were you the proper owner or not this is just an type of authentication so what you have to do you have to copy this CN go to your Route 53 create record see how I created record here create record and then here paste the C name make sure that you removing this last Cloud vishwakarma doin and then you also make sure that you removing the dot okay this cam. cloud .in and then this record type should be C name again and here you have to paste the CNM value which is an authentication and if you click on create record what will happen is this certificate manager will come back in the back end and it will check in this hosted zones whether this combinations were there or not whether this CM values were there or not and it will make sure that you are the proper owner or not once the verification is done then it then it will issue a certificate now I'll show you after some few minutes I'll show you uh how you can see this Amazon issued certificate that is the reason why I have selected during the time of load balancer TLS I'll show you exactly what will happen and then we have created uh VPC let me write the steps for you um however load balancer will take some time to come up first step what we have did first we have created VPC uh with the N Gateway and then what we created we created instances uh and then what we have created we have created Target groups and then we have created load balancer Now 1 2 3 4 now what we'll do uh certificates you have to create before only you have to create certificate guys because it will will take a lot of time uh or else I'll do one thing I'll first write it as certificates only if you have certificate then you can uh ACM this is the first part you have to do and this is the second one third four 5 now what I'll do Route 53 this is six let's go back and create a Route 53 because we have created one load balancer right we need to attach that uh load balancer to a domain name this is real time in real time we do like this only guys um click on create record first I'll www. Cloud vishwakarma doin and I'm telling I'm going to search my private subnets I mean uh whatever I kept in the private subnets I wanted to search with this domain name www. cloud is.in and then I'll click on alas here I'll select alas to network load balancer and and then I'll select the region here yes East in this region I created one NLB here it is and then I'll click on create record let's wait till it get synced meanwhile we'll go back to the load balancer and we'll check whether the load balancer has been created or not nice it is active see are are instanes are healthy awesome we have achieved the one of the important step now we should wait till this we can still check with this domain name but this is not the real use case guys that is the reason why I'm not checking I can paste here and see now we are in 1 C servers if someone tries to accept this from different server they will be getting a different uh name yeah yeah it's in syn now now I open open one edge browser and then I'll open one uh Firefox what I'll do I'll enter www. Cloud vishwakarma doin see now we are in onea servers load balancer is working guys if you see here this key okay I'll show you the certificate route now which what Amazon has been issued see issued by Amazon this is how that ACM role plays okay if it is not there then you can see here the site is unsecure like that from chrome it is 1 C from Edge it is 1 a we'll see from Safari not Safari this is what micro Firefox and if I click here see here we are seeing One servers if you CLI if you keep searching this in different different like you know see in a minute there will be a lot of packets hitting to our domain right so in such case you'll be seeing different different servers I'll open uh private Tab and I'll see here if it is showing in a different tab no it is also working in one it's okay the load is still going on but I do have one doubt here is it really sending the load to all our incenses properly equally or how it is sending for that what I'll do is I'll come back to where is my yeah where is it here it is so now what I'll do is I'll just check all the IPS uh whether if if the load is passing correctly or how it is transmitting the load with the small Linux command let me take the IPS first this is one right what is the IP 143 172 okay here while [Music] true do curl hyph SL https column SL www. Cloud v i w k r cloud is karma. in and then GP hyph I what is my IP guys instead of giving the complete IP I'll just give only only these two digits I mean this two numbers because see our entire instances are on 10.0 only correct this is 10.0 this is 10.0 see we should play a proper role during the time of the subnet assigning only it will help now and then if you click on 1 C it's 10.0 only so it's okay we can give 10 do Z itself only I'll paste this and then uh enter sleep for 1 second and then done command not phone G I'm sorry oh okay see guys now it is going for 180 172 221 180 172 221 180 172 221 180 172 221 but still if you still wanted to check in a detailed way whether if it is really uh like you know uh sending it properly to the instances simply what you can do is uh here there is a command called tph a AWS NLB okay sorry the python is wrong what it will do is it will copy all this uh uh this logs to the and there is a file called NSB NLB dolog we have created this file right now so what will happen is now it is pinging right continuously it is speaking to different different servers in 1 a 1 B and 1 C but still we do have the doubt whether if it is transmitting the route correctly to all the three instances or not because the weight should be fall on uh all the three instances properly okay for that I'm running this let let it take some logs I'll stop it here now if you enter cat a NLB log uh nice we got the log here fine now what I'll do is cat AWS and ITB log and then grip hyph I I'll take the uh this IP which one private instance one IP yeah here it is copy it paste it and then what you have to do WC iph L see 14 calls have been uh 14 packets have been sent to the private server one and for the private server 2 how many calls oh my God it sign out log file is there fine log file is there C log I'll paste this IP and then WC hyl H for this one also it is 14 nice what is the third one 172 221 nice 14 14 14 guys but still I checked only from my end because I was the only one who was running the logs here but in real time what will happen you know there are millions of users will be hitting to your website imagine Instagram is there Facebook is there in such cases the load should be transmitted properly correct it should not transmitted in a different way so for that what we'll do is I'll show you come to the load balancer click on attributes go to edit this is the interview question guys this is the interview question they'll ask you how to enable cross joning okay then you have to tell them go to the load balancer and then click on attributes under the attributes you have something called uh enable cross Zone load balancing you have to click on edit and then you have to do that guys now I'll click this enable cross Zone load balancing okay don't look here look here here what happening exactly is whenever a user searches something with the help of d DS here DNS is nothing but our Route 53 it is sending the traffic to packet I mean instance one instance 2 instance 3 in network load balancer we kept the public Subs these are the target groups okay see that's why it is like this target here are private subjects over there what it is doing it is sending 1 2 3 if there are three packets imagine if 1 million packets are there so here there is something called cross Zone functioning now see guys see here exactly see here what will happen see what will happen is whenever this load is high automatically this when you enable cross Zone load balancing Network load balancer what it will do it will automatically transmit the route to the another uh uh two instances this is how this cross Zone load balancing works but there is a separate cost for this uh again for the data data transmission also it charges some costs for this enabled crossone load balancing okay uh that's all for today the session went up to very long time I'll U I personally request each and everyone to do practicals guys this is very very important interviewers might be asking you 2 three four questions from this session this is a proper real times if you see here we haven't used any kind of public instances here all were private instances itself only okay and that's all if you ask me on a high level the reason why we are uh like you know there are two load balancers Network and application is see in this network load balance service whatever we have practiced right now uh where is my paint here it is whatever we practice right now there is no httv to https forwarding guys I'll show you now here if I enter HTTP col www. Cloud vishwakarma doin see it is not redirecting to https it is only staying with the HTTP only which is in unsecure and there is something called URL path based routing was also not there okay in this network load balancer and in future we'll be talking about something which is uh I'll show you which is web application firewall called as WAP so this web web application firewall is also not supported and the major Point here in network load balancer is it cannot be used as an Ingress in kubernetes we will learn this later after devops so these are the major issues when it comes to uh Network load balancer tomorrow we are going to do a project on application load balancer it is also a proper realtime project we'll definitely meet in the tomorrow session guys have a nice day everyone I request you to please do practice and do not worry about the bill and all it will be very less itself only it's not that big figure make sure you're stopping your n Gateway and then make sure you're stopping your load balancers make sure you're shopping your target groups and especially make sure you're releasing your elastic IP it is very important guys we are lack of this uh elastic IPS make sure First Stop N Gateway and then release the elastic IP that's all for today tomorrow we are going to meet have a nice day everyone happy St down only me byebye
Info
Channel: Saikiran Pinapathruni
Views: 342
Rating: undefined out of 5
Keywords: networkloadbalancer, aws, devops, kubernetes, ingress, ALB
Id: th9K0k_J-W4
Channel Id: undefined
Length: 32min 26sec (1946 seconds)
Published: Wed Apr 17 2024
Related Videos
Day 13 ALB | AWS ALB Project Walkthrough | Private Subnets | Route53 | @SaiKirannPinapathruni
Saikiran Pinapathruni
152
AWS Networking Basics For Programmers | Hands On
Travis Media
100K
Cybersecurity Architecture: Networks
IBM Technology
95K
AWS Load Balancer HTTPS Setup with Route 53 and Certificate Manager & HTTP Redirect to HTTPS
Cloud With Raj
122K
AWS ECS Tutorial | Deploy a New Application from Scratch | KodeKloud
KodeKloud
121K
The Best Cloud Projects To Get Hired For Beginners
Tech With Soleyman
24K
AWS how to setup VPC, Public, Private Subnet, NAT, Internet Gateway, Route Table? - (Part-5)
Rahul Wagh
39K
AWS Interview Questions and Answers 2024
Cloud Champ
48K
OSI Model Deep Dive
Kevin Wallace Training, LLC
301K
The Best AWS Cloud Projects To Get You Hired (For Beginners)
Tech With Lucy
473K
AWS EC2 Auto Scaling : Step By Step Tutorial ( Part - 10)
Rahul Wagh
24K
CISSP 2024 exam changes in DETAIL!
Destination Certification
46K
Complete Guide to AWS Certificate Manager: Set up SSL/TLS Certificates in Minutes | Whizlabs
Whizlabs
21K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.