Learn the best solution to limit traffic across Availability Zones for a highly available application using a Network Load Balancer (NLB) in the same VPC on AWS. Discover how to ensure traffic stays in the same AZ unless there are no healthy targets.
Table of Contents
Question
A company has deployed an application in which the front end of the application communicates with the backend instances through a Network Load Balancer (NLB) in the same VPC. The application is highly available across two Availability Zones. The company wants to limit the amount of traffic that travels across the Availability Zones. Traffic from the front end of the application must stay in the same Availability Zone unless there is no healthy target in that Availability Zone behind the NLB. If there is no healthy target in the same Availability Zone, traffic must be sent to the other Availability Zone.
Which solution will meet these requirements?
A. Create a private hosted zone with weighted routing for each Availability Zone. Point the primary record to the local Availability Zone NLB DNS record. Point the secondary record to the Regional NLB DNS record. Configure the front end of the application to perform DNS lookups on the local private hosted zone records.
B. Turn off cross-zone load balancing on the NLConfigure the front end of the application to perform DNS lookups on the local Availability Zone NLB DNS record.
C. Create a private hosted zone. Create a failover record for each Availability Zone. For each failover record, point the primary record to the local Availability Zone NLB DNS record and point the secondary record to the Regional NLB DNS record. Configure the front end of the application to perform DNS lookups on the local private hosted zone records.
D. Enable sticky sessions (session affinity) so that the NLB can bind a user’s session to targets in the same Availability Zone.
Answer
C. Create a private hosted zone. Create a failover record for each Availability Zone. For each failover record, point the primary record to the local Availability Zone NLB DNS record and point the secondary record to the Regional NLB DNS record. Configure the front end of the application to perform DNS lookups on the local private hosted zone records.
Explanation
To limit the amount of traffic that travels across Availability Zones (AZs) while ensuring high availability, you should:
- Create a private hosted zone in Amazon Route 53. This allows you to create custom DNS records for your application.
- Create a failover record for each AZ in the private hosted zone. Failover routing lets you route traffic to a resource when the resource is healthy or to a different resource when the first resource is unhealthy.
- For each failover record, set the primary record to point to the local AZ NLB DNS record. This ensures that traffic is first directed to the NLB in the same AZ.
- For each failover record, set the secondary record to point to the Regional NLB DNS record. This ensures that if there are no healthy targets in the primary AZ, traffic is routed to the NLB in the other AZ.
- Configure the front end of the application to perform DNS lookups on the local private hosted zone records. This directs the application to send requests using the failover records you created.
This setup leverages Route 53 health checks to determine whether the primary NLB (in the local AZ) has any healthy targets. If it does, traffic is routed to the local NLB. If not, traffic automatically fails over to the Regional NLB, which can route to the other AZ.
Options A and B are incorrect because weighted routing isn’t ideal for failing over between the local and Regional NLB – it doesn’t take into account the health of the targets.
Option D is incorrect because sticky sessions (session affinity) are used to bind a user’s session to a specific target, not to limit cross-AZ traffic. Sticky sessions ensure that all requests from a user during a session are sent to the same target, which is useful for maintaining session state but doesn’t address the cross-AZ traffic requirement.
Therefore, creating failover records in a private hosted zone that point to the local AZ NLB DNS record (primary) and Regional NLB DNS record (secondary) is the best solution to meet the stated requirements.
Amazon AWS Certified Advanced Networking – Specialty ANS-C01 certification exam assessment practice question and answer (Q&A) dump including multiple choice questions (MCQ) and objective type questions, with detail explanation and reference available free, helpful to pass the Amazon AWS Certified Advanced Networking – Specialty ANS-C01 exam and earn Amazon AWS Certified Advanced Networking – Specialty ANS-C01 certification.