Description:

Elastic Load Balancing automatically distributes incoming applications traffic across multiple targets, such as Amazon EC2 instances, containers, IP addresses, Lambda functions, and virtual appliances.

Classic Load Balancer provides basic load balancing across multiple Amazon EC2 instances and operates at both the request level and the connection level. It is intended for applications that are built within the EC2 classic network.


Rationale:

When cross-zone load balancing is enabled, each load balancer node distributes traffic across the registered targets in all enabled Availability Zones. When cross-zone load balancing is disabled, each load balancer node distributes traffic only across the registered targets in its Availability Zone.


Impact:

It distributes traffic and each load balancer node receives 50% of the traffic from the clients. Due to cross-zone load balancing being enabled, if there are 10 targets all targets receive 10% of the traffic. This is because each load balancer node can route 50% of the client traffic to all targets.

If cross-zone load balancing is disabled then it is not equally distributed within the targets if you have two availability zone A (have 2 targets) and B(have 8 targets) then A receives 25% and B receives 6.25% of the traffic.


Default Value:

When you create the Elastic Load Balancer, Cross-zone by default disabled.


Pre-Requisite:

  • The same security group must be applied to both the ELB and EC2

  • The same subnet must be used in ELB and EC2 instance

  • VPC also be same for both instance and the load balancer

  • Web servers must be publicly accessible.


Remediation:

Test Plan:

  • Login to AWS Management Console and go to EC2 console at https://console.aws.amazon.com/ec2/

  •  In the left navigation pane, under  Load Balancing, click on Load Balancers.

  • Select your load balancer to examine 

  • Under the Description, you can see the Cross-zone load balancing is enabled or disabled.


Using AWS CLI:

To describe the load balancer attributes 

aws elb describe-load-balancer-attributes --load-balancer-name <value>


Implementation Steps:

  • Login to AWS Management Console 

  • Go to EC2 console at https://console.aws.amazon.com/ec2/

  •  In the left navigation pane, under  Load Balancing.

  • Click on Load Balancers.

  • Select the load balancer that you want to enable the cross AZ.

  • On the description, below the attributes tab, click on edit attributes.

  • On the Configure Cross-Zone Load Balancing page, select Enable. and click on Save button.


Using AWS CLI:

Modify load balancer attributes and set enabled value true.

aws elb modify-load-balancer-attributes --load-balancer-name <value> --load-balancer-attributes "{"CrossZoneLoadBalancing":{"Enabled":true}}"


Backout Plan

  • Login to AWS Management Console and go to EC2 console at https://console.aws.amazon.com/ec2/

  •  In the left navigation pane, under  Load Balancing , click on Load Balancers.

  • Select your load balancer. 

  • On the Description tab, choose Change cross-zone load balancing.

  • On the Configure Cross-Zone Load Balancing , click on edit attributes.

  • Uncheck the check box. and save it.


Using AWS CLI:

To Disable the Cross-zone load balancing.

aws elb modify-load-balancer-attributes --load-balancer-name <value> --load-balancer-attributes "{"CrossZoneLoadBalancing":{"Enabled":false}}"