diff --git a/README.md b/README.md index 832db5b..1492f9d 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ :information_source:  This repo contains questions and exercises on various technical topics, sometimes related to DevOps and SRE -:bar_chart:  There are currently **1999** exercises and questions +:bar_chart:  There are currently **2112** exercises and questions :books:  To learn more about DevOps and SRE, check the resources in [devops-resources](https://github.com/bregman-arie/devops-resources) repository @@ -527,10 +527,6 @@ HTTP Strict Transport Security is a web server directive that informs user agent Read more [here](https://www.globalsign.com/en/blog/what-is-hsts-and-how-do-i-use-it#:~:text=HTTP%20Strict%20Transport%20Security%20(HSTS,and%20back%20to%20the%20browser.) -
-What is the difference if any between SSL and TLS?
-
- #### Network - Misc
@@ -5913,6 +5909,7 @@ Platform teams in organisations that wish to offer developers additional tools t
List some Cloud Run for Anthos use cases
+ As it does not support stateful applications or sticky sessions, it is suitable for running stateless applications such as: * Machine learning model predictions e.g Tensorflow serving containers @@ -7219,6 +7216,8 @@ Yes, you can use DNS for performing load balancing. What is DNS load balancing? What its advantages? When would you use it?
+#### Load Balancers - Sticky Sessions +
What are sticky sessions? What are their pros and cons?
@@ -7231,6 +7230,34 @@ Pros: * Ensures in-proc sessions are not lost when a new request is created
+
+Name one use case for using sticky sessions
+ +You would like to make sure the user doesn't lose the current session data. +
+ +
+What sticky sessions use for enabling the "stickiness"?
+ +Cookies. There are application based cookies and duration based cookies. +
+ +
+Explain application-based cookies
+ +* Generated by the application and/or the load balancer +* Usually allows to include custom data +
+ +
+Explain duration-based cookies
+ +* Generated by the load balancer +* Session is not sticky anymore once the duration elapsed +
+ +#### Load Balancers - Load Balancing Algorithms +
Explain each of the following load balancing techniques diff --git a/exercises/aws/README.md b/exercises/aws/README.md index ccfed37..1863517 100644 --- a/exercises/aws/README.md +++ b/exercises/aws/README.md @@ -37,6 +37,7 @@ Note: Provided solutions are using the AWS console. It's recommended you'll use |--------|--------|------|----|----| | Application Load Balancer | ELB, ALB | [Exercise](app_load_balancer.md) | [Solution](solutions/app_load_balancer.md) | Easy | | Multiple Target Groups | ELB, ALB | [Exercise](alb_multiple_target_groups.md) | [Solution](solutions/alb_multiple_target_groups.md) | Easy | +| Network Load Balancer | ELB, NLB | [Exercise](network_load_balancer.md) | [Solution](solutions/network_load_balancer.md) | Easy | #### AWS - Lambda @@ -1110,6 +1111,14 @@ Application Load Balancer (ALB). True.
+
+What are some use cases for using Gateway Load Balancer?
+ +* Intrusion Detection +* Firewall +* Payload manipulation +
+
Explain "health checks" in the context of AWS ELB
@@ -1157,12 +1166,94 @@ Application Load Balancer (routing based on different endpoints + HTTP is used). False. ALB can route to multiple target groups.
+
+If you wanted to analyze network traffic, you would use the `____ load balancer`
+ +Gateway Load Balancer +
+ +
+Who has better latency? Application Load Balancer or Network Load Balancer?
+ +Network Load Balancer (~100 ms) as ALB has a latency of ~400 ms +
+ +
+True or False? Network load balancer has one static IP per availability zone
+ +True. +
+ +
+What are the supported target groups for network load balancer?
+ +* EC2 instance +* IP addresses +* Application Load Balancer +
+ +
+What are the supported target groups for gateway load balancer?
+ +* EC2 instance +* IP addresses (must be private IPs) +
+ +
+Name one use case for using application load balancer as a target group for network load balancer
+ +You might want to have a fixed IP address (NLB) and then forward HTTP traffic based on path, query, ... which is then done by ALB +
+ +
+What are some use cases for using Network Load Balancer?
+ +* TCP, UDP traffic +* Extreme performance +
+
True or False? Network load balancers operate in layer 4
True. They forward TCP, UDP traffic.
+
+True or False? It's possible to enable sticky session for network load balancer so the same client is always redirected to the same instance
+ +False. This is only supported in Classic Load Balancer and Application Load Balancer. +
+ +
+Explain Cross Zone Load Balancing
+ +With cross zone load balancing, traffic distributed evenly across all (registered) instances in all the availability zones. +
+ +
+True or False? For application load balancer, cross zone load balancing is always on and can't be disabled
+ +True +
+ +
+True or False? For network load balancer, cross zone load balancing is always on and can't be disabled
+ +False. It's disabled by default +
+ +
+True or False? In regards to cross zone load balancing, AWS charges you for inter AZ data in network load balancer but no in application load balancer
+ +False. It charges fir inter AZ data in network load balancer, but not in application load balancer +
+ +
+True or False? Both ALB and NLB support multiple listeners with multiple SSL certificates
+ +True +
+ #### AWS Security
@@ -2180,3 +2271,12 @@ Security group isn't attached to your EFS or it lacks a rule to allow NFS traffi 2. Copy the snapshot and mark the "Encrypt" option 3. Create a new EBS volume out of the encrypted snapshot
+ +
+You've created a network load balancer but it doesn't work (you can't reach your app on your EC2 instance). What might be a possible reason?
+ +Missing security group or misconfigured one. +For example, if you go to your instances in the AWS console you might see that the instances under your NLB are in "unhealthy status" and if you didn't create a dedicated security group for your NLB, that means that the security group used is the one attached to the EC2 instances. + +Go to the security group of your instance(s) and enable the traffic that NLB should forward (e.g. TCP on port 80). +
diff --git a/exercises/aws/alb_multiple_target_groups.md b/exercises/aws/alb_multiple_target_groups.md index 6b66670..a51418f 100644 --- a/exercises/aws/alb_multiple_target_groups.md +++ b/exercises/aws/alb_multiple_target_groups.md @@ -11,5 +11,5 @@ One EC2 instance with a simple web application that shows the web page with the 1. healthy threshold: 3 2. unhealthy threshold: 3 3. interval: 10 seconds -2. Create another target group +2. Create another target group for the third instance 1. Traffic should be forwarded to this group based on the "/test" path diff --git a/exercises/aws/network_load_balancer.md b/exercises/aws/network_load_balancer.md new file mode 100644 index 0000000..f12f862 --- /dev/null +++ b/exercises/aws/network_load_balancer.md @@ -0,0 +1,13 @@ +## AWS ELB - Network Load Balancer + +### Requirements + +Two running EC2 instances + +### Objectives + +1. Create a network load balancer + 1. healthy threshold: 3 + 2. unhealthy threshold: 3 + 3. interval: 10 seconds + 4. Listener should be using TCP protocol on port 80 diff --git a/exercises/aws/solutions/alb_multiple_target_groups.md b/exercises/aws/solutions/alb_multiple_target_groups.md index 0ee7853..1db48b8 100644 --- a/exercises/aws/solutions/alb_multiple_target_groups.md +++ b/exercises/aws/solutions/alb_multiple_target_groups.md @@ -11,7 +11,7 @@ One EC2 instance with a simple web application that shows the web page with the 1. healthy threshold: 3 2. unhealthy threshold: 3 3. interval: 10 seconds -2. Create another target group +2. Create another target group for the third instance 1. Traffic should be forwarded to this group based on the "/test" path ### Solution diff --git a/exercises/aws/solutions/network_load_balancer.md b/exercises/aws/solutions/network_load_balancer.md new file mode 100644 index 0000000..2aa2de1 --- /dev/null +++ b/exercises/aws/solutions/network_load_balancer.md @@ -0,0 +1,35 @@ +## AWS ELB - Network Load Balancer + +### Requirements + +Two running EC2 instances + +### Objectives + +1. Create a network load balancer + 1. healthy threshold: 3 + 2. unhealthy threshold: 3 + 3. interval: 10 seconds + 4. Listener should be using TCP protocol on port 80 + +### Solution + +#### Console + +1. Go to EC2 service +2. Click in the left side menu on "Load balancers" under "Load balancing" +3. Click on "Create load balancer" +4. Choose "Network Load Balancer" +5. Insert a name for the LB +6. Choose AZs where you want the LB to operate +7. Choose a security group +8. Under "Listeners and routing" click on "Create target group" and choose "Instances" + 1. Provide a name for the target group + 2. Set healthy threshold to 3 + 3. Set unhealthy threshold to 3 + 4. Set interval to 10 seconds + 5. Set protocol to TCP and port to 80 + 6. Click on "Next" and choose two instances you have + 7. Click on "Create target group" +9. Refresh target groups and choose the one you've just created +10. Click on "Create load balancer" and wait for it to be provisioned diff --git a/exercises/grafana/README.md b/exercises/grafana/README.md new file mode 100644 index 0000000..0f14fe9 --- /dev/null +++ b/exercises/grafana/README.md @@ -0,0 +1,7 @@ +## Grafana + +
+Explain what is Grafana
+ +[Grafana Docs](https://grafana.com/docs/grafana/latest/introduction): "Grafana is a complete observability stack that allows you to monitor and analyze metrics, logs and traces. It allows you to query, visualize, alert on and understand your data no matter where it is stored. Create, explore, and share beautiful dashboards with your team and foster a data driven culture." +
diff --git a/exercises/security/README.md b/exercises/security/README.md index 1b8f997..d401b72 100644 --- a/exercises/security/README.md +++ b/exercises/security/README.md @@ -389,7 +389,23 @@ MAC address flooding attack (CAM table flooding attack) is a type of network att What is Cache Poisoned Denial of Service?
CPDoS or Cache Poisoned Denial of Service. It poisons the CDN cache. By manipulating certain header requests, the attacker forces the origin server to return a Bad Request error which is stored in the CDN’s cache. Thus, every request that comes after the attack will get an error page. +
+
+What is the difference if any between SSL and TLS?
+
+ +
+What is SNI (Server Name Indication)?
+ +[Wikipedia](https://en.wikipedia.org/wiki/Server_Name_Indication): "an extension to the Transport Layer Security (TLS) computer networking protocol by which a client indicates which hostname it is attempting to connect to at the start of the handshaking process" +
+ +
+What benefits SNI introduces?
+ +SNI allows a single server to serve multiple certificates using the same IP and port.
+Practically this means that a single IP can server multiple web services/pages, each using a different certificate.
#### Security - Threats