1
00:00:00,330 --> 00:00:01,260
‫So let's go ahead

2
00:00:01,260 --> 00:00:04,050
‫and practice with network load balancers.

3
00:00:04,050 --> 00:00:04,883
‫So to do so,

4
00:00:04,883 --> 00:00:06,660
‫I'm going to create a load balancer

5
00:00:06,660 --> 00:00:08,883
‫and I will choose a network load balancer.

6
00:00:10,050 --> 00:00:12,333
‫Then I will call this one DemoNLB.

7
00:00:13,950 --> 00:00:16,950
‫It's going to be internet-facing of IPv4.

8
00:00:16,950 --> 00:00:18,300
‫And then for network mappings,

9
00:00:18,300 --> 00:00:21,660
‫I will deploy it in three different availability zones,

10
00:00:21,660 --> 00:00:24,960
‫but as you can see here, there is an IPv4 setting.

11
00:00:24,960 --> 00:00:28,860
‫This is because the NLB has a one-fixed IP address

12
00:00:28,860 --> 00:00:31,230
‫per AZ that you're deploying to.

13
00:00:31,230 --> 00:00:36,090
‫And you can either choose a IP address assigned by AWS.

14
00:00:36,090 --> 00:00:39,810
‫It's going to be public because I chose a IP,

15
00:00:39,810 --> 00:00:43,320
‫an internet-facing type of network load balancer.

16
00:00:43,320 --> 00:00:45,330
‫But if you had an Elastic IP,

17
00:00:45,330 --> 00:00:47,910
‫you could use that Elastic IP instead

18
00:00:47,910 --> 00:00:50,010
‫on your network load balancer.

19
00:00:50,010 --> 00:00:50,843
‫So we're good.

20
00:00:50,843 --> 00:00:51,810
‫We have three AZs

21
00:00:51,810 --> 00:00:54,720
‫and we'll have three fixed IPs at the end of it.

22
00:00:54,720 --> 00:00:55,553
‫And right now,

23
00:00:55,553 --> 00:01:00,300
‫I need to create a specific target group for our NLB.

24
00:01:00,300 --> 00:01:02,253
‫So it's going to be based on instances.

25
00:01:03,150 --> 00:01:06,273
‫And I'll call this one demo-tg-nlb.

26
00:01:07,110 --> 00:01:10,620
‫And the protocol is TCP on port 80.

27
00:01:10,620 --> 00:01:13,890
‫I have to choose TCP for my network load balancer.

28
00:01:13,890 --> 00:01:15,510
‫And then the health check protocol

29
00:01:15,510 --> 00:01:19,320
‫can be TCP, HTTP, or HTTPS.

30
00:01:19,320 --> 00:01:20,640
‫So we choose whatever we want.

31
00:01:20,640 --> 00:01:22,440
‫If we know we have an HTTP application,

32
00:01:22,440 --> 00:01:23,730
‫it's not a bad idea to use

33
00:01:23,730 --> 00:01:26,730
‫an HTTP type of protocol for the health check.

34
00:01:26,730 --> 00:01:30,000
‫So I use slash as my health check path.

35
00:01:30,000 --> 00:01:32,640
‫And then the health threshold is going to be two,

36
00:01:32,640 --> 00:01:35,190
‫the timeout is going to be two seconds,

37
00:01:35,190 --> 00:01:37,683
‫and the interval is going to be five.

38
00:01:39,630 --> 00:01:41,040
‫Let's click on Next.

39
00:01:41,040 --> 00:01:42,840
‫We have two available instances.

40
00:01:42,840 --> 00:01:45,810
‫So let's include them as pending below

41
00:01:45,810 --> 00:01:48,150
‫and create our target group.

42
00:01:48,150 --> 00:01:50,220
‫So now, our target group is created.

43
00:01:50,220 --> 00:01:51,690
‫I'm going to refresh this page.

44
00:01:51,690 --> 00:01:52,523
‫And as you can see,

45
00:01:52,523 --> 00:01:55,203
‫now my demo target group NLB is appearing.

46
00:01:56,250 --> 00:01:57,083
‫So we're good to go.

47
00:01:57,083 --> 00:01:58,770
‫We have defined our NLB.

48
00:01:58,770 --> 00:02:01,260
‫Now, let's create our load balancer.

49
00:02:01,260 --> 00:02:03,090
‫And it's going to take a few minutes

50
00:02:03,090 --> 00:02:05,010
‫for it to become active.

51
00:02:05,010 --> 00:02:07,920
‫So our network load balancer is now created.

52
00:02:07,920 --> 00:02:11,400
‫And if I click on it, and open the DNS name,

53
00:02:11,400 --> 00:02:15,240
‫and open a new tab, as you can see, it does not work.

54
00:02:15,240 --> 00:02:16,800
‫So let's investigate.

55
00:02:16,800 --> 00:02:18,510
‫We're going to go into the target group

56
00:02:18,510 --> 00:02:20,730
‫of our network load balancer,

57
00:02:20,730 --> 00:02:22,170
‫and we're going to look at the targets,

58
00:02:22,170 --> 00:02:25,170
‫and while two of them are unhealthy.

59
00:02:25,170 --> 00:02:26,910
‫This is zero because we know that the instances

60
00:02:26,910 --> 00:02:29,220
‫are healthy on my other load balancer.

61
00:02:29,220 --> 00:02:30,480
‫So what's happening?

62
00:02:30,480 --> 00:02:31,860
‫Well, it turns out that when you use

63
00:02:31,860 --> 00:02:33,420
‫a network load balancer,

64
00:02:33,420 --> 00:02:35,880
‫you don't define a security group for it.

65
00:02:35,880 --> 00:02:37,230
‫That means that all the traffic

66
00:02:37,230 --> 00:02:39,300
‫goes through the network load balancer

67
00:02:39,300 --> 00:02:41,940
‫and goes straight into the EC2 instances.

68
00:02:41,940 --> 00:02:45,600
‫And this is the security group of the EC2 instances

69
00:02:45,600 --> 00:02:46,950
‫that is going to decide whether or not

70
00:02:46,950 --> 00:02:48,810
‫the traffic is allowed.

71
00:02:48,810 --> 00:02:51,660
‫But if we go back to our EC2 instances

72
00:02:51,660 --> 00:02:54,600
‫and look at the security group we had defined from before,

73
00:02:54,600 --> 00:02:56,073
‫the launch-wizard-1,

74
00:02:57,210 --> 00:02:59,880
‫and look at the inbound rules, and edit them,

75
00:02:59,880 --> 00:03:02,940
‫well, it turns out that we only allowed port 80

76
00:03:02,940 --> 00:03:05,310
‫coming from the application load balancer.

77
00:03:05,310 --> 00:03:06,180
‫And so therefore,

78
00:03:06,180 --> 00:03:08,850
‫the traffic doesn't work for public traffic.

79
00:03:08,850 --> 00:03:11,820
‫So let's add a rule instead to fix this temporarily

80
00:03:11,820 --> 00:03:14,700
‫while we still have a network load balancer

81
00:03:14,700 --> 00:03:18,780
‫to allow HTTP on port 80 from anywhere.

82
00:03:18,780 --> 00:03:20,073
‫Let's save this rule.

83
00:03:20,970 --> 00:03:22,383
‫And now it's saved.

84
00:03:23,220 --> 00:03:24,630
‫So back into our target group now.

85
00:03:24,630 --> 00:03:26,220
‫Let's refresh this page.

86
00:03:26,220 --> 00:03:29,190
‫And we are doing health checks every five seconds.

87
00:03:29,190 --> 00:03:32,310
‫And hopefully very soon it's going to start to show healthy.

88
00:03:32,310 --> 00:03:36,000
‫And as you can see now, yes, my two instances are healthy

89
00:03:36,000 --> 00:03:38,310
‫because we made changes to the security group.

90
00:03:38,310 --> 00:03:40,980
‫If I go into my load balancer and refresh, yes,

91
00:03:40,980 --> 00:03:43,110
‫as we can see I see my Hello World.

92
00:03:43,110 --> 00:03:44,970
‫And if I refresh the page more and more,

93
00:03:44,970 --> 00:03:48,930
‫it's going to switch between different EC2 instances.

94
00:03:48,930 --> 00:03:50,010
‫So that's really good.

95
00:03:50,010 --> 00:03:51,930
‫We have exactly the behavior we want.

96
00:03:51,930 --> 00:03:55,680
‫And we have our network load balancer nicely working.

97
00:03:55,680 --> 00:03:57,420
‫So to finish this hands-on,

98
00:03:57,420 --> 00:03:59,520
‫you need to just clean up after yourself.

99
00:03:59,520 --> 00:04:03,780
‫So to do so, first, delete the network load balancer.

100
00:04:03,780 --> 00:04:05,253
‫So let's delete it.

101
00:04:06,360 --> 00:04:09,600
‫And yes, I confirm.

102
00:04:09,600 --> 00:04:12,513
‫Number two, we can delete the target group itself.

103
00:04:13,380 --> 00:04:15,540
‫So yes, we delete it.

104
00:04:15,540 --> 00:04:19,590
‫And finally, into our inbound rules of our security group,

105
00:04:19,590 --> 00:04:20,520
‫we can go ahead

106
00:04:20,520 --> 00:04:23,040
‫and actually delete the rule

107
00:04:23,040 --> 00:04:25,560
‫that allowed HTTP from anywhere.

108
00:04:25,560 --> 00:04:30,120
‫So this is this first one for me and save the rules.

109
00:04:30,120 --> 00:04:30,953
‫And that's it.

110
00:04:30,953 --> 00:04:32,850
‫So we've seen network load balancers.

111
00:04:32,850 --> 00:04:34,020
‫I hope you liked it.

112
00:04:34,020 --> 00:04:36,123
‫And I will see you in the next lecture.