AWS Network Load Balancer

·

15 min read

An NLB serves as the single point of contact for clients and automatically distributes the incoming traffic uniformly across multiple targets. The targets are the EC2 instances within the same or different AZs.

Prerequisites:

  • A default VPC. It is a VPC in a default region and has a public subnet in each Availability Zone. Refer to the create a default VPC(opens in a new tab) for more details. Just to ensure you have the right set of VPC, subnet, route table, and internet gateway available, refer to the snapshots below.

Create a default VPC (on Your VPCs dashboard)

Create a default VPC

Info about a default VPC

Info about a default VPC

Prerequisite 1: A default VPC

Prerequisite 1: A default VPC

Prerequisite 2: Subnets in each AZ in the default VPC. Also, notice that a common route table is attached to all subnets.

Prerequisite 2: Subnets in each AZ in the default VPC. Also, notice that a common route table is attached to all subnets.

Prerequisite 3: A route table with a rule for internet facing communication. See that it requires an internet gateway

Prerequisite 3: A route table with a rule for internet facing communication. See that it requires an internet gateway

Prerequisite 4: The Internet gateway is a managed service. See an internet gateway attached to the default vpc.

Prerequisite 4: The Internet gateway is a managed service. See an internet gateway attached to the default vpc.

Step 1. Create the first EC2 instance

The steps below show how to create the first EC2 instance in a public subnet in any one Availability Zone, and install the Apache webserver on it. Use the following configuration, and leave the remaining values as the defaults.

  • Navigate to the EC2 Dashboard page, and click on the Launch Instance wizard to launch an instance. Choose the AMI and instance type as:
StepValue
1. Amazon Machine Image (AMI)Amazon Linux 2 AMI (HVM), SSD Volume Type

Note: You have chosen a Free Tier Eligible AMI | | 2. Instance Type | t2.micro |

* At the next step, Configure Instance Details, use the following values:

FieldValue
Number of Instances1
NetworkSelect the default VPC that has public subnets in different AZs
SubnetChoose any, for example us-east-2a
Auto-assign Public IPEnable

Navigate to the EC2 dashboard and click the Launch instances button at the top-right

Navigate to the EC2 dashboard and click Launch instances

Set a name and select the Amazon Linux 2 AMI (HVM) image under the Free tier plan

Set a name and select the Amazon Linux 2 AMI (HVM) image under the Free tier plan

Ensure the t2.micro is selected as instance type and the default VPC you created allow SSH and HTTP connection.

Ensure the t2.micro is selected as instance type and the default VPC you created allow SSH and HTTP connection.

  • Under the Advanced Details → User data section, add the following configuration script to run automatically during launch.
#!/bin/bash
sudo yum update -y
sudo amazon-linux-extras install -y lamp-mariadb10.2-php7.2 php7.2
sudo yum install -y httpd mariadb-server
sudo systemctl start httpd
sudo systemctl enable httpd
sudo chkconfig httpd on
# Set file permissions for the Apache web server
sudo groupadd www
sudo usermod -a -G www ec2-user
sudo chgrp -R www /var/www
sudo chmod 2775 /var/www
find /var/www -type d -exec sudo chmod 2775 {} +
find /var/www -type f -exec sudo chmod 0664 {} +
# Create a new index.html file at  /var/www/html/ path
echo "<html> <head><title>server 01</title> </head> <body><h1>This is server 01 </h1></body> </html>" > /var/www/html/index.html

The script above will install, configure, and launch the Apache webserver on the Amazon (Redhat) Linux EC2 instance. For Ubuntu based systems, you can install Apache web server as:

#!/bin/sh
sudo apt update
sudo apt install apache2 -y
sudo ufw allow 'Apache'
sudo systemctl start apache2
# Create a new index.html file at  /var/www/html/ path
echo "<html> <head><title>server 01</title> </head> <body><h1>This is server 01 </h1></body> </html>" > /var/www/html/index.html

For troubleshooting, SSH log into the machine and verify the contents of /var/www/html/index.html file. You can learn more about the individual steps at Create an EC2 instance and install a web server(opens in a new tab).

Specify the user data to configure the EC2 instance

Specify the user data to configure the EC2 instance

  • Generate and download a new key pair, at the last stage of the Launch Instance wizard.
    Important: This key-pair will allow you to log into your instance, using SSH, from your local machine. Save the key-pair carefully, because the same private key cannot be re-generated.

Step 2. Create the second EC2 instance in a separate Availability Zone

Launch the second EC2 instance using the same steps above, except for the following changes at the Configure Instance Details step:

  • Select another public subnet in a different AZ, say us-east-2d

  • Replace the last line of the user data (shell script) with

echo "<html> <head><title>server 02</title> </head> <body><h1>This is server 02 </h1></body> </html>" > /var/www/html/index.html

Additionally, change the tag to Name: Server-B.

Step 3. Verify the Web server installation

  • Confirm that the newly created EC2 instances are in the running state.

Two instances running in different AZs. Server-A is running in us-east-2a, while Server-B is running in us-east-2b.

Two instances running in different AZs. Server-A is running in us-east-2a, while Server-B is running in us-east-2d.

  • Verify that the Apache server is running successfully on both the EC2 instances. Simply copy, and paste the public IPv4 address of each instance in a new browser window. If the Apache is configured successfully, you will see the Apache welcome page.

Note: We have opened the HTTP traffic on the default port, therefore the public IPv4 address should be prepended with http://, instead of https://.

Need help?: Refer to the How do I troubleshoot an unresponsive website hosted on my EC2 instance(opens in a new tab) or clean restart the exercise by deleting the VPC, and EC2 resources again.

The image above shows the output at HTTP (not HTTPS), such as, `http://174.129.73.211/` and `http://http://54.234.18.17/`

The image above shows the output at HTTP (not HTTPS), such as, http://174.129.73.211/ and http://http://54.234.18.17/

Step 4. Create an NLB

  • Select the Load Balancers service on the left-hand side menu of the EC2 dashboard, and click on the Create Load Balancer button.

Click on the Create Load Balancer button

Click on the Create Load Balancer button

  • You will be prompt to choose the type of load balancer: Application, Network, or Classical load balancer. Choose to create a Network Balancer.
  • At the first step, Configure Load Balancer, use the following basic configuration details
SectionFieldValue
Basic ConfigurationNameudacity-nlb
Schemeinternet-facing
Availability ZonesVPCChoose default-vpc
Availability ZonesCheck the two where you've launched the EC2 instances,

such as us-east-2a and us-east-2d |

Create a new Application Load Balancer

Create a new Application Load Balancer

Give it a name and set as Internet-facing

Give it a name and set as Internet-facing

Add the networking mapping by selecting the Subnet region you selected in your instances

Add the networking mapping by selecting the Subnet region you selected in your instances

Create a new target group

Create a new target group

  • Skip the Configure Security Settings step, by clicking the Next button.

  • At the Configure Routing step, use the following configuration details in the Target group section:

FieldValue
Target groupNew target group
NameUdacityNLBTarget
Target typeInstances
ProtocolTCP
Port80

* At the Register Targets step, add the two EC2 instances created previously to the target group.

Set Instances as target type and give it a name

Set Instances as target type and give it a name

Add instances to the registered target group. Do not forget to click on the Include as pending button after selecting the instances from the list.

Add instances to the registered target group. Do not forget to click on the Include as pending button after selecting the instances from the list

  • Leave the remaining things as default, and finish creating the NLB.

Step 5. Test the NLB

  • You will be taken back to the Load Balancers dashboard. Copy the DNS name of the newly created NLB, and open it in your browser. A sample DNS name looks like this:

  • Paste the copied DNS name to a new browser window and refresh the browser a few times, each after a few seconds. You will notice that sometimes the request is redirected to Server-A, and other times, it is routed to Server-B.

The NLB is getting the output from the two different webservers. Notice that the DNS name (URL) is the same in the above two cases.

The NLB is getting the output from the two different webservers. Notice that the DNS name (URL) is the same in the above two cases.An NLB serves as the single point of contact for clients and automatically distributes the incoming traffic uniformly across multiple targets. The targets are the EC2 instances within the same or different AZs.

Prerequisites:

  • A default VPC. It is a VPC in a default region and has a public subnet in each Availability Zone. Refer to the create a default VPC(opens in a new tab) for more details. Just to ensure you have the right set of VPC, subnet, route table, and internet gateway available, refer to the snapshots below.

Create a default VPC (on Your VPCs dashboard)

Create a default VPC

Info about a default VPC

Info about a default VPC

Prerequisite 1: A default VPC

Prerequisite 1: A default VPC

Prerequisite 2: Subnets in each AZ in the default VPC. Also, notice that a common route table is attached to all subnets.

Prerequisite 2: Subnets in each AZ in the default VPC. Also, notice that a common route table is attached to all subnets.

Prerequisite 3: A route table with a rule for internet facing communication. See that it requires an internet gateway

Prerequisite 3: A route table with a rule for internet facing communication. See that it requires an internet gateway

Prerequisite 4: The Internet gateway is a managed service. See an internet gateway attached to the default vpc.

Prerequisite 4: The Internet gateway is a managed service. See an internet gateway attached to the default vpc.

Step 1. Create the first EC2 instance

The steps below show how to create the first EC2 instance in a public subnet in any one Availability Zone, and install the Apache webserver on it. Use the following configuration, and leave the remaining values as the defaults.

  • Navigate to the EC2 Dashboard page, and click on the Launch Instance wizard to launch an instance. Choose the AMI and instance type as:
StepValue
1. Amazon Machine Image (AMI)Amazon Linux 2 AMI (HVM), SSD Volume Type

Note: You have chosen a Free Tier Eligible AMI | | 2. Instance Type | t2.micro |

* At the next step, Configure Instance Details, use the following values:

FieldValue
Number of Instances1
NetworkSelect the default VPC that has public subnets in different AZs
SubnetChoose any, for example us-east-2a
Auto-assign Public IPEnable

Navigate to the EC2 dashboard and click the Launch instances button at the top-right

Navigate to the EC2 dashboard and click Launch instances

Set a name and select the Amazon Linux 2 AMI (HVM) image under the Free tier plan

Set a name and select the Amazon Linux 2 AMI (HVM) image under the Free tier plan

Ensure the t2.micro is selected as instance type and the default VPC you created allow SSH and HTTP connection.

Ensure the t2.micro is selected as instance type and the default VPC you created allow SSH and HTTP connection.

  • Under the Advanced Details → User data section, add the following configuration script to run automatically during launch.
#!/bin/bash
sudo yum update -y
sudo amazon-linux-extras install -y lamp-mariadb10.2-php7.2 php7.2
sudo yum install -y httpd mariadb-server
sudo systemctl start httpd
sudo systemctl enable httpd
sudo chkconfig httpd on
# Set file permissions for the Apache web server
sudo groupadd www
sudo usermod -a -G www ec2-user
sudo chgrp -R www /var/www
sudo chmod 2775 /var/www
find /var/www -type d -exec sudo chmod 2775 {} +
find /var/www -type f -exec sudo chmod 0664 {} +
# Create a new index.html file at  /var/www/html/ path
echo "<html> <head><title>server 01</title> </head> <body><h1>This is server 01 </h1></body> </html>" > /var/www/html/index.html

The script above will install, configure, and launch the Apache webserver on the Amazon (Redhat) Linux EC2 instance. For Ubuntu based systems, you can install Apache web server as:

#!/bin/sh
sudo apt update
sudo apt install apache2 -y
sudo ufw allow 'Apache'
sudo systemctl start apache2
# Create a new index.html file at  /var/www/html/ path
echo "<html> <head><title>server 01</title> </head> <body><h1>This is server 01 </h1></body> </html>" > /var/www/html/index.html

For troubleshooting, SSH log into the machine and verify the contents of /var/www/html/index.html file. You can learn more about the individual steps at Create an EC2 instance and install a web server(opens in a new tab).

Specify the user data to configure the EC2 instance

Specify the user data to configure the EC2 instance

  • Generate and download a new key pair, at the last stage of the Launch Instance wizard.
    Important: This key-pair will allow you to log into your instance, using SSH, from your local machine. Save the key-pair carefully, because the same private key cannot be re-generated.

Step 2. Create the second EC2 instance in a separate Availability Zone

Launch the second EC2 instance using the same steps above, except for the following changes at the Configure Instance Details step:

  • Select another public subnet in a different AZ, say us-east-2d

  • Replace the last line of the user data (shell script) with

echo "<html> <head><title>server 02</title> </head> <body><h1>This is server 02 </h1></body> </html>" > /var/www/html/index.html

Additionally, change the tag to Name: Server-B.

Step 3. Verify the Web server installation

  • Confirm that the newly created EC2 instances are in the running state.

Two instances running in different AZs. Server-A is running in us-east-2a, while Server-B is running in us-east-2b.

Two instances running in different AZs. Server-A is running in us-east-2a, while Server-B is running in us-east-2d.

  • Verify that the Apache server is running successfully on both the EC2 instances. Simply copy, and paste the public IPv4 address of each instance in a new browser window. If the Apache is configured successfully, you will see the Apache welcome page.

Note: We have opened the HTTP traffic on the default port, therefore the public IPv4 address should be prepended with http://, instead of https://.

Need help?: Refer to the How do I troubleshoot an unresponsive website hosted on my EC2 instance(opens in a new tab) or clean restart the exercise by deleting the VPC, and EC2 resources again.

The image above shows the output at HTTP (not HTTPS), such as, `http://174.129.73.211/` and `http://http://54.234.18.17/`

The image above shows the output at HTTP (not HTTPS), such as, http://174.129.73.211/ and http://http://54.234.18.17/

Step 4. Create an NLB

  • Select the Load Balancers service on the left-hand side menu of the EC2 dashboard, and click on the Create Load Balancer button.

Click on the Create Load Balancer button

Click on the Create Load Balancer button

  • You will be prompt to choose the type of load balancer: Application, Network, or Classical load balancer. Choose to create a Network Balancer.
  • At the first step, Configure Load Balancer, use the following basic configuration details
SectionFieldValue
Basic ConfigurationNameudacity-nlb
Schemeinternet-facing
Availability ZonesVPCChoose default-vpc
Availability ZonesCheck the two where you've launched the EC2 instances,

such as us-east-2a and us-east-2d |

Create a new Application Load Balancer

Create a new Application Load Balancer

Give it a name and set as Internet-facing

Give it a name and set as Internet-facing

Add the networking mapping by selecting the Subnet region you selected in your instances

Add the networking mapping by selecting the Subnet region you selected in your instances

Create a new target group

Create a new target group

  • Skip the Configure Security Settings step, by clicking the Next button.

  • At the Configure Routing step, use the following configuration details in the Target group section:

FieldValue
Target groupNew target group
NameUdacityNLBTarget
Target typeInstances
ProtocolTCP
Port80

* At the Register Targets step, add the two EC2 instances created previously to the target group.

Set Instances as target type and give it a name

Set Instances as target type and give it a name

Add instances to the registered target group. Do not forget to click on the Include as pending button after selecting the instances from the list.

Add instances to the registered target group. Do not forget to click on the Include as pending button after selecting the instances from the list

  • Leave the remaining things as default, and finish creating the NLB.

Step 5. Test the NLB

  • You will be taken back to the Load Balancers dashboard. Copy the DNS name of the newly created NLB, and open it in your browser. A sample DNS name looks like this:

  • Paste the copied DNS name to a new browser window and refresh the browser a few times, each after a few seconds. You will notice that sometimes the request is redirected to Server-A, and other times, it is routed to Server-B.

The NLB is getting the output from the two different webservers. Notice that the DNS name (URL) is the same in the above two cases.

The NLB is getting the output from the two different webservers. Notice that the DNS name (URL) is the same in the above two cases.