Friday, 8 March 2013

AWS Elastic Load Balancing with a Static IP Address



As anyone using AWS to host their applications and services already knows, Amazon has done a great job in building a scalable and reliable cloud platform.

One of the AWS tools is the Elastic Load Balancer, which allows you to host multiple instances for scalability or tolerance of failures across multiple geographic locations or availability zones, and as with many of the other AWS tools, this ‘just works’ and looks after things such as load balancing requests, ensuring that failed hosts are removed from your LB pool,add to this the simple yet effective SSL offload means if you haven’t considered using an ELB to host your app you probably should.

There is, however, on minor problem…

If your application might require your customers to change there firewalls, your wont be able to provide them an IP address to create a rule around.

Due to the way the ELB works, you can find your IP addreses on your LB changing without notice, and perhaps several times a day. This can be a problem for enterprises which want to know specifically what IP address your running your server on.

HAProxy to the rescue.
In order to provide your customers a ‘Static’ IP address (ok, in AWS we call it an Elastic IP) you can use HAProxy to operate as a transparent SSL proxy.

In this way you can spin up an HAProxy instance and have them forward their requests to your ELB.
To maximize your availability you will want to run a proxy in more than one AZ, and assign each of them an EIP. Then use your DNS (you using R53 right?) to DNS Round Robin your requests onto each HAProxy.

In the back end, you point your HAProxy to forward onto you ELB.




HAProxy & ELB Config
Configure HAProxy:

# this config needs haproxy-1.1.28 or haproxy-1.2.1
global
        log 127.0.0.1   local0
        maxconn 4096
        chroot /var/lib/haproxy
        user haproxy
        group haproxy
        daemon

defaults
        log     global
        mode    tcp
        option  dontlognull
        retries 3
        option redispatch
        maxconn 2000
        contimeout      5000
        clitimeout      50000
        srvtimeout      50000

listen  tcp-80 *:80
        option  persist
        mode tcp
        balance roundrobin
        server  inst1 your-elb.elb.amazonaws.com:80 #check inter 2000 fall 3

listen  tcp-443 *:443
        option  ssl-hello-chk
        mode tcp
        balance roundrobin
        server inst1 your-elb.elb.amazonaws.com:443 check inter 30000 fall 3
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)