Thursday, May 26, 2022

Single Vs Multiple Dedicated Load Balancer Architecture within single Anypoint Virtual Private Cloud

Hello friends welcome back to monster in today's session we are going to discuss in detail on dedicated load balancer okay so dedicate load balancer is the optional you know entitlement in the endpoint platform so we need to buy it exclusively if you want to use it okay it won't come with your license .

So we are going to discuss in detail the architecture of the code balancer we compare single load balancer architecture versus multiple dedicated load balancer architecture we are going to discuss how your you know uh vpc looks like okay how urls are getting generated what kind of templates they are using when they .

Are generating the uh you know urls okay what is public ipad is what is private ip address what is public url what is private url when you you see the you know you know applications deployed on a worker you'll see multiple urls okay so we are going to discuss all those in details but before starting the session .

I encourage everyone to please subscribe the channel please hit the bell icon so that you will get notification for the future videos okay so let's start with the single dedicated load balancer architecture so first of all okay so we are going to discuss cloud up because these vpcs we are talking about these are customer .

Dedicated pcs and those are getting created inside the cloud okay so let's see here so the cloud of dot io let me take the pointer so this is this is the cloud i have this cloud of domain then we'll get i know we'll get a region dedicated reason for our ppc so let's .

Talk about the oh however reason that is using is true and then let's say we have created customer vpc so every customer vpc will be having a boundary okay the boundary is nothing but the slider block the range of ip addresses so here we are talking about the cyto block which is starting it resists 10.10.1.0 .

Slash 24. so slack 24 will decide number of ipad addresses slash 25 24 is nothing but 250 skype addresses okay so let's start with this vpc scenario now let's say i have deployed uh two applications one is app lucy and other one is app ether so epithel let's say i have deployed on one worker and app lucy have deployed on two workers okay .

Now when we deployed these applications inside your vpc every application will get you know fully qualified domain names okay so this domain names okay will follow some you know some template when these domain names are getting generated okay so .

Let's see that now this for this vpc will be having default firewall rules okay so those firewall rules looks like this list okay so it may vary this cider block may vary for you guys because definitely this cyto block is not going to come for you .

But the last two the firewall rules will be same for you guys so what do you mean by this spiral rules this means this port number zero nine one and eight zero nine two will be accessible within this vpc so this from this cider range only and this eight zero eight one and x ray to these two .

Port numbers will be accessible from anywhere that means these two port numbers will access from public internet okay so point number one which are default firewall rules for our vpc dedicated vpc now point number two okay so now we're talking about the dedicated load balancer so dedicate load balancer has .

Fully qualified domain name and the template looks like this okay so lp your load balancer name dot it will be having suffix that is fixed always lb dot any point in dna start name then whatever name you give your default balancer that will be prefixed to this suffix and it will the url will look .

Like my iphone dnp that is your load balancer name and then you can find the you know domain name over here point number two point number three okay every dedicated load balancer will get deployed on two workers okay the moment you say two workers each .

Worker will be associated with public ip address and private ipads so public ip address that will associate with one url that we call it public url and that url will be accessible from public internet okay then private ipad will be associated with the internal url and that url will be accessed within your .

Ppc okay so let's have a look at it so if you see here top two urls okay my dlp dot lp any point dns.net these two ip addresses which we are seeing here these are 3.13 these are public addresses and these are not coming from our vpc ip range but the last two which are internal right so .

Same url only prefix will be there internal hyphen now if you see this ip addresses this belongs to our vpc you can see those two ip addresses are coming from the vpcip range the point number three these are the dns records for your dedicated load balancer okay .

And this this the directory documents are always for high availability we can deploy on multiple workers so right now it's deployed on default it will get deployed on two workers if you want more workers then you need to buy the license accordingly okay so default license will be having two workers okay .

Now point number four point number four when we are triggering this now let's say i want to access my let's say app lucy app okay so first of all this app okay which is deployed inside my .

Vpc this should be running on eight zero nine one okay if i want to access r8092 if i want to access it from dedicated load balancer why because on dedicated load balancer there will be default port mapping what is that default port mapping so if you are triggering your url dedicated load .

Balancer url from public internet the port 80 will be automatically mapped to 8091 and port number 443 will get automatically 8092 we cannot change that okay uh even on shared load balancer we cannot change the port mapping similar way on delegate load balancer also we cannot change the port mapping 80 will .

Be mapped to 8091 443 will be mapped to 809 to all base that means if i want to access any application which is inside the vpc which i want to access via dedicated load balancer those has to be running on eight zero nine one or eight zero nine okay point number four .

Default mapping rules for our radiate load balancer so we have covered dns records now we have covered the default mapping rule let's say now i have triggered my point number uh i have number six but it's not it's a point number five okay so let's say i have triggered this url from my let's say from my postman okay .

Now this is my dedicated load balancer url slash ablution okay so now this will go to my dedicated load balancer here okay and then from there it will map to the url if you see here okay so .

This is the url from the bottom just a second if you see these two urls so this url will get mapped to this ip address and this this ip address belongs to the dedicated load balancer worker from there it will get mapped to mule worker which you see here the .

Mule worker internal url okay now since i am using app lucy here it it will get resolved in two workers okay so this app loose is deployed on two workers so this will get resolved on two ip addresses and two .

So this dedicated load balancer will use a round robin algorithm to manage the load okay so first let me let me recap here okay let me go back so on this point okay so when i'm triggering this url it will get mapped to this url which is our .

Internal ip address and my application is running on eight zero nine one so my app loosely will be triggered from this eight zero nine one port and that will allow only because if you see my firewall rules here so these firewall rules are allowing me .

Inside so that i'll be able to access my app loose which is running on eight zero nine one four okay so this is the point number four now i can access the application from shade load balancer also okay .

Shade load balancer will be able to access application which are running on eight zero eight one or eight zero eight two because on shade load balancer this is the orange one this is a shade load balancer okay and this one has a default port mapping .

On this particular shared load balancer 80 will be mapped to 8 08 one and four fourth will be mapped to eight two so we won't be able to change that port mapping as i mentioned in i know when i was explaining for the liquid load answer here also we cannot change that .

Okay so now if i trigger apple c dot us iphone e2 cloud dot io dot colon 80 80 is like a default port number even if you don't pass it it will it will be considered as 80 only okay that will get mapped to the public url okay it won't get mapped to the internal url okay it will get mapped to public url .

Okay now public means there won't be any internal insight in your url and that will get mapped to your 8081 port number okay so this public url now we have firewall rule you can see that so this will go to your .

Firewall rule and inside the vpc firewall tool and inside this parallel yes we have two rules which are saying that okay even a public internet request comes please allow that okay so if your application is running on its rate one it will be accessible by a shared load balancer if your application is not running on .

Eight zero eight one or eight zero two you cannot access anything from shared load balancer okay so that's the complete structure of your single load balancer or architecture i would say okay so we talked about fully qualified domain names we talked about how many ip addresses will be allocated to any worker whether it's application worker .

Or if your dedicated load balancer works okay now we will jump on to the i know uh multiple dedicated load balancer architecture okay now same structure we'll take it same use case we'll take it so now we have cloud of that is our uh cloud of .

Biodiversity we have a lot of domain then we have region inside that region we have vpc and my vpc domain range or we can say cider block is it's like you know 256 ip addresses slash 24 is 255 now now i split my apis in two categories one is experience api and another i can say public apis and private eps in .

Private apis i put process apn system apis and in public eps i'll put the experience in this one okay now what i saw all applications within the vpc uh my condition is all should be exposed on either of the port either eight zero nine one or eight zero nine two okay .

Now all applications will be having internal ip address okay so those internal appearances will be coming from this ip range whatever ip range we have for our ppc from those those ipads should be coming now first thing i change the firewall rule here .

What i'll do i'll remove the last two default you know mapping rules so i've removed public access from internet so second point i have removed the you know i am saying that only traffic will be allowed from .

My vpc not from outside okay so that is what my vpc rule is now now i am saying only these apis will be accessible from my vpc not from outside now let's see how we can access with this kind of rules okay so first point that means my shared load balancer won't be able to access now my vpc .

Applications so that point this one i am closed no i won't be able to access it now i have a external dedicated load balancer now and i have internal dedicated balance so this external dedicated load balancer will be facing .

The external traffic this internal dedicated advantage will be facing only internal traffic that means if experience api wants to access the process api or system apa this experience repair has to go via internal dedicated load balancer now we have discussed already how these urls .

Are getting generated so there is a template this int hyphen dlp is the name of the load balancer and the suffix is always constant lv dot endpoint dna start okay now so i have two digital load balancers now external hyphen dlp and internal hyphen .

Tlp now let's go ahead there's a default dedicated load balancer mappings okay now if you see here mapping rules so if anything get getting triggered you know from dedicated from the external traffic slash app .

That app name will be added to the url in in this way again we can say this is a template so your url final url will be generated something like mule hyphen worker hyphen internal and then application name and then us iphone is to this is the reason and then cloud or iot is the domain and then colon 809 if you are triggering via http .

Okay now point number three that is our default mapping rule for each tlb this and this both dlp will be having this default mapping group we can change this mapping rule if you want okay so if you want to have different mapping rule for external uh traffic facing dlp and internal .

Factor we can do that so we can add n number of mapping rules on the dedicate load balancers okay now what i'm doing here is i'm white listing the cider range which is your anywhere that is your public internet so i'm white listing that point number four okay because .

I want to give access to the public internet this dedicate load balancer only so that means i can add the whitelisting citer block on this external facing dedicated answer as zero dot zero dot that means the public internet can access this dedicated load balance okay point number five .

I'll add the white listing cider block which is my vpc cider block so that means this dedicated load balancer can be accessible via this ip range that means from the vpc only this will be accurate now okay so that that is how the you know that's .

What the multiple dedicated load balance structure now how to call the apis we have already discussed in the first slide in this slide okay first line now if i somebody wants to access okay the application from outside they will be actually triggering .

This external dedicated balancer that extended load balancer will be triggering the experience api and then experience cpa will be triggering internal data load balancer and then wire internally load balancer it will access process api or system okay so that's all from this session .

Hope you clear you know how the single vertical load balancer right which looks like and multiple are you know dedicated to uh architecture looks like generally clients go for the multiple dedicated architecture that's the reason i have mentioned in detail okay how the firewall rule looks like how the .

White listing looks like on your data load balancer how the mapping rule looks like on your critical load balancer and uh you know how you can access or control the access on your vpc via firewall rules and via mapping rules that's all from this session okay hope you liked it hit the bell icon hit the subscribe button hit the like button so .

That you know uh will be you know you'll be able to see more videos notifications in future thank you thanks for watching

RELATED ARTICLES

Most Popular