1
00:00:00,440 --> 00:00:02,969
Okay, so let's practice using our network load balancer.

2
00:00:02,969 --> 00:00:04,710
So when you create a new network load balancer,

3
00:00:04,710 --> 00:00:09,200
and as you can see it's TCP, TLS and UDP sort of traffic.

4
00:00:09,200 --> 00:00:10,730
So let's create it.

5
00:00:10,730 --> 00:00:13,200
And we do it again so demoNLB,

6
00:00:13,200 --> 00:00:15,070
this scheme is internet facing,

7
00:00:15,070 --> 00:00:17,810
the IP address type is IPv4

8
00:00:17,810 --> 00:00:21,040
and then we have to choose VPC network mapping.

9
00:00:21,040 --> 00:00:23,820
So for this, I'm going to select us-east-2a,

10
00:00:23,820 --> 00:00:26,240
us-east-2b and us-east-2c.

11
00:00:26,240 --> 00:00:30,020
So something interesting is that when you do select an az

12
00:00:30,020 --> 00:00:32,920
for your NLB, you have an IPv4 address

13
00:00:32,920 --> 00:00:36,310
and remember the NLB has fixed IPv4 addresses.

14
00:00:36,310 --> 00:00:40,740
So you can either use an IPv4 assigned about AWS for this

15
00:00:40,740 --> 00:00:43,340
or if you want to provide your own elastic IP address

16
00:00:43,340 --> 00:00:46,170
you could do it so here by first creating your elastic IP,

17
00:00:46,170 --> 00:00:48,197
and then assigning it to your NLD.

18
00:00:48,197 --> 00:00:50,010
So this is a particularity of NLB

19
00:00:50,010 --> 00:00:52,790
is that remember they have fixed IP.

20
00:00:52,790 --> 00:00:56,040
So we can assign one fixed IP per availability zone,

21
00:00:56,040 --> 00:00:57,440
which we will not do right now.

22
00:00:57,440 --> 00:00:59,850
Okay, then in terms of a listener

23
00:00:59,850 --> 00:01:00,720
we're going to be listening

24
00:01:00,720 --> 00:01:03,820
on ports on the TCP protocol on port 80.

25
00:01:03,820 --> 00:01:06,490
And so this will work because HTTP is relying

26
00:01:06,490 --> 00:01:10,300
on TCP to work and so when we provide TCP port 80

27
00:01:10,300 --> 00:01:11,820
we know things will work, but as you can see

28
00:01:11,820 --> 00:01:13,520
there is no HTTP option here.

29
00:01:13,520 --> 00:01:16,293
Well because, this is not an HTTP based load balancer,

30
00:01:16,293 --> 00:01:18,940
is a TCP base load balancer so,

31
00:01:18,940 --> 00:01:22,540
when the TCP on port 80 is correct, then forward to

32
00:01:22,540 --> 00:01:25,240
and we need to create a target group specifically for this

33
00:01:25,240 --> 00:01:27,940
so let's create a new target group for the NLB.

34
00:01:27,940 --> 00:01:30,960
So there's going to be an instance based target group.

35
00:01:30,960 --> 00:01:35,020
And the target group name is going to be my target group

36
00:01:35,020 --> 00:01:37,190
and there'll be demo, okay.

37
00:01:37,190 --> 00:01:41,620
On TCP port 80 and the VPC is the good one,

38
00:01:41,620 --> 00:01:43,840
the health checks were just going to edit them.

39
00:01:43,840 --> 00:01:47,460
So we're going to have three half healthy thresholds.

40
00:01:47,460 --> 00:01:49,160
And the intro is going to be 10 seconds to

41
00:01:49,160 --> 00:01:50,700
go a little bit quicker.

42
00:01:50,700 --> 00:01:53,210
Okay, next we have to register targets

43
00:01:53,210 --> 00:01:55,850
so let's register our three instances

44
00:01:55,850 --> 00:01:58,270
and include a spending below their pending

45
00:01:58,270 --> 00:01:59,963
and create a target group.

46
00:02:00,900 --> 00:02:03,020
So this target group is specific

47
00:02:03,020 --> 00:02:05,710
to my NLB and we have to see

48
00:02:05,710 --> 00:02:08,410
whether or not the targets will be healthy or not.

49
00:02:08,410 --> 00:02:10,810
So for now, let's go back to the NLB

50
00:02:10,810 --> 00:02:13,180
we'll refresh this and we select the target groups

51
00:02:13,180 --> 00:02:16,300
so this one, and then we're good to go.

52
00:02:16,300 --> 00:02:18,300
So we can look at the summary and create

53
00:02:18,300 --> 00:02:20,340
our Network Load Balancer.

54
00:02:20,340 --> 00:02:23,190
So let's view our load balancer which is right here.

55
00:02:23,190 --> 00:02:26,500
So now we have a ALD and an NLB.

56
00:02:26,500 --> 00:02:28,510
So this is our NLB,

57
00:02:28,510 --> 00:02:30,720
and we need to wait for it to be provisioned.

58
00:02:30,720 --> 00:02:32,900
So I will pause the video right now.

59
00:02:32,900 --> 00:02:36,050
Okay, so my NLD is now provisioned

60
00:02:36,050 --> 00:02:39,370
and so it can open the URL, press enter.

61
00:02:39,370 --> 00:02:42,130
And as you can see, things do not work right now.

62
00:02:42,130 --> 00:02:44,300
So I have a good idea why there's not work

63
00:02:44,300 --> 00:02:46,213
and I will show you in one second.

64
00:02:47,230 --> 00:02:49,470
So if we look in our target groups

65
00:02:49,470 --> 00:02:51,400
and we have two target groups right now,

66
00:02:51,400 --> 00:02:54,190
the first one is HTTP, the second one is TCP.

67
00:02:54,190 --> 00:02:56,920
Well, the HTTP one had three targets

68
00:02:56,920 --> 00:02:58,580
and they were all healthy so that was great,

69
00:02:58,580 --> 00:02:59,990
So we have three healthy targets,

70
00:02:59,990 --> 00:03:03,950
but if we look at the NLD one in details and go to targets,

71
00:03:03,950 --> 00:03:06,850
as you can see the three targets are unhealthy.

72
00:03:06,850 --> 00:03:09,810
And that's because when you do a TCP based target group

73
00:03:09,810 --> 00:03:12,880
and an NLB, while the security group that is taken

74
00:03:12,880 --> 00:03:16,470
into account is a security group of the EC2 instances.

75
00:03:16,470 --> 00:03:18,960
There was no security group we have created when

76
00:03:18,960 --> 00:03:20,160
we created an NLB,

77
00:03:20,160 --> 00:03:23,550
or when we created a target group that was on TCP.

78
00:03:23,550 --> 00:03:25,100
So that means that to solve this problem

79
00:03:25,100 --> 00:03:28,230
we have to edit the security group of our instance.

80
00:03:28,230 --> 00:03:31,300
So if we go back to launch wizard one, and then

81
00:03:31,300 --> 00:03:34,220
for inbound rules, as we can see the HTTP port 80

82
00:03:34,220 --> 00:03:37,590
is only allowing my first load balancer security group,

83
00:03:37,590 --> 00:03:40,960
but we need to create a new rule to just allow back HTTP

84
00:03:40,960 --> 00:03:44,630
from anywhere for the network load balancers to work

85
00:03:44,630 --> 00:03:46,950
so I would just do it from anywhere,

86
00:03:46,950 --> 00:03:50,440
it says, necessary for the NLB.

87
00:03:50,440 --> 00:03:53,350
And the reason is because the NLB just forwards

88
00:03:53,350 --> 00:03:55,050
over the traffic from the clients

89
00:03:55,050 --> 00:03:56,460
into the institute instance.

90
00:03:56,460 --> 00:03:58,520
And so from an institute instance perspective,

91
00:03:58,520 --> 00:04:00,870
the traffic doesn't look like it's coming from the NLB.

92
00:04:00,870 --> 00:04:04,020
It looks like it's coming from an external client.

93
00:04:04,020 --> 00:04:06,590
So once we've added this rule for the NLB,

94
00:04:06,590 --> 00:04:09,020
then if we go back into our target group

95
00:04:09,020 --> 00:04:10,873
this one and open it,

96
00:04:12,780 --> 00:04:14,670
we should seeing very very soon

97
00:04:14,670 --> 00:04:16,480
that the instance will become healthy

98
00:04:16,480 --> 00:04:17,980
so let's just wait one minute.

99
00:04:18,890 --> 00:04:20,930
And so now my instances are becoming healthy.

100
00:04:20,930 --> 00:04:23,920
So after a refresh, we have three of them being healthy

101
00:04:23,920 --> 00:04:25,620
thanks to the security group change.

102
00:04:25,620 --> 00:04:28,760
So that means that if I go back to my NLB and refresh

103
00:04:28,760 --> 00:04:31,430
here we go, we get the Hello World from an instance.

104
00:04:31,430 --> 00:04:33,630
And then if I keep on refreshing, as you can see,

105
00:04:33,630 --> 00:04:35,520
I am redirected to the same instance

106
00:04:35,520 --> 00:04:37,910
so that means that the connection is somewhat sticky

107
00:04:37,910 --> 00:04:40,820
but at least we know that our NLB is working.

108
00:04:40,820 --> 00:04:43,970
So to just close on this, hands-on,

109
00:04:43,970 --> 00:04:46,319
we just need to go ahead and delete the NLB

110
00:04:46,319 --> 00:04:47,180
and delete the target group

111
00:04:47,180 --> 00:04:50,970
so I will delete the NLB right here.

112
00:04:50,970 --> 00:04:55,570
I will delete this target group that was a demo for the NLD.

113
00:04:55,570 --> 00:04:56,630
Yes, please.

114
00:04:56,630 --> 00:04:58,570
And then for the security group, I'm going to

115
00:04:58,570 --> 00:05:00,350
go back into my security group,

116
00:05:00,350 --> 00:05:02,010
and I'm going to edit the rules

117
00:05:02,010 --> 00:05:03,580
to just remove this one

118
00:05:03,580 --> 00:05:05,230
again to go back to the state we were

119
00:05:05,230 --> 00:05:07,800
when we had an application load balancer.

120
00:05:07,800 --> 00:05:08,940
So that's it for this hands-on.

121
00:05:08,940 --> 00:05:11,890
I hope you liked it and I will see you in the next lecture.