Mini-Thread: We've just launched TLS/SSL support for AWS Network Load Balancers. You can now use NLB to terminate TLS/SSL directly and still get the great performance, scalability, and insane magic of network transparency! See @jeffbarr's post athttps://aws.amazon.com/blogs/aws/new-tls-termination-for-network-load-balancers/ …
-
Show this thread
-
Quick reminder: NLB is our "Layer 4" load balancing offering. It's integrated directly into the Software Defined Networking fabric of Amazon VPC, which means it can scale to terabits of traffic, millions of new connections per second, hundreds of millions of active connections.
1 reply 8 retweets 20 likesShow this thread -
It also means that NLB is transparent. When you put targets behind an NLB, those targets still see the original source IP/port of the client. That means no need to use X-Forwarded-For, or Proxy Protocol, or to reconfigure your logging or on-host security rules.
2 replies 4 retweets 15 likesShow this thread -
This is the "insane magic". You can kind of see how it's possible at the network layer; just route the packets around, rewrite the destination, but leave the source alone. People have been doing this with ordinary routers for some time, yeah yeah.
2 replies 1 retweet 6 likesShow this thread -
But actually what we do is far better than that. We use AWS HyperPlane, an internal service, that tracks the state of billions of connections. It means we can keep connections going to the same target for months, years, no breakage. It's what we use for Elastic File System!
1 reply 5 retweets 28 likesShow this thread
NLB's performance and capabilities is based on our own custom silicon that's built in to our EC2 Nitro controllers. For what we handle in user-space, we do use DPDK, but I wouldn't say it's based on it :)
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.