AWS Elastic Load Balancing: Use Cases and Selection Strategy

This study guide covers the critical decision-making process for selecting the appropriate AWS Load Balancer (ALB, NLB, or GWLB) based on architectural requirements, performance needs, and OSI layer functionality as defined in the ANS-C01 curriculum.

Learning Objectives

By the end of this module, you should be able to:

• Differentiate between Application, Network, and Gateway Load Balancers.
• Map specific application requirements (e.g., path-based routing, static IPs, transparent inspection) to the correct ELB type.
• Understand the integration of ELB with security services like AWS WAF and AWS Certificate Manager.
• Evaluate the impact of OSI layer operation (Layer 3, 4, and 7) on network design.

Key Terms & Glossary

• Listener: A process that checks for connection requests using the protocol and port you configure.
• Target Group: A logical grouping of targets (EC2 instances, containers, IP addresses) that receive traffic from the load balancer.
• Sticky Sessions (Session Affinity): A mechanism that routes requests from the same client to the same target for a specified duration.
• TLS Termination: The process of decrypting encrypted traffic at the load balancer before sending it to the backend.
• GENEVE Protocol: The encapsulation protocol used by Gateway Load Balancers to wrap original IP packets for inspection by virtual appliances.

The "Big Idea"

Load balancing is the fundamental building block of High Availability (HA) and Scalability in the cloud. Instead of connecting clients directly to servers, Elastic Load Balancing (ELB) provides a single point of entry. This abstraction allows you to scale backend resources up or down, perform blue/green deployments, and survive infrastructure failures without ever changing the client-side configuration. Choosing the wrong load balancer isn't just a performance issue; it can prevent you from using required features like HTTP header manipulation or static IP whitelisting.

Formula / Concept Box

Hierarchical Outline

• I. Application Load Balancer (ALB) - Layer 7
  • Routing Features: Path-based (/api), Host-based (mobile.example.com), and Query-string routing.
  • Security: Direct integration with AWS WAF and ACM for TLS management.
  • Targets: Supports Lambda functions, IP addresses, and EC2 instances.
• II. Network Load Balancer (NLB) - Layer 4
  • Performance: Handles millions of requests per second with sub-millisecond latency.
  • Networking: Provides Static IP addresses per Availability Zone; supports Elastic IPs.
  • Integration: Can be a target for PrivateLink to expose services across VPCs.
• III. Gateway Load Balancer (GWLB) - Layer 3
  • Transparency: Operates as a transparent bump-in-the-wire for all IP traffic.
  • Architecture: Uses GWLB Endpoints (GWLBE) to route traffic across VPC boundaries to a centralized security VPC.
  • Protocol: Encapsulates traffic using GENEVE on port 6081.

Visual Anchors

Selection Decision Tree

GWLB Architecture Logic

Definition-Example Pairs

• Cross-Zone Load Balancing: Distributing traffic evenly across all registered targets in all enabled Availability Zones, regardless of which AZ the load balancer node is in.
  • Example: An ALB in AZ-A has 2 targets, and in AZ-B has 8 targets. With Cross-Zone enabled, each target receives 10% of the traffic. Without it, the 2 targets in AZ-A receive 25% each, and the 8 in AZ-B receive 6.25% each.
• Proxy Protocol: A mechanism to carry connection information (like the original source IP) when using Layer 4 load balancing where headers cannot be modified.
  • Example: A backend logging server needs the actual IP of a user connecting via an NLB over TCP. The NLB adds the Proxy Protocol header so the server can see the user's IP instead of the NLB's private IP.

Worked Examples

Example 1: High-Frequency Trading Platform

Requirement: The application requires the lowest possible latency and must provide three specific static IP addresses to external partners for firewall whitelisting. Solution: Network Load Balancer (NLB).

• Reasoning: NLB operates at Layer 4 (low latency) and supports assigning an Elastic IP to each subnet (static IP requirement). ALB does not support static IPs; its IPs are dynamic and resolved via DNS.

Example 2: Modern Microservices API

Requirement: A single domain api.example.com must route traffic to a 'Users' service for /users and a 'Orders' service for /orders. Solution: Application Load Balancer (ALB).

• Reasoning: ALB supports path-based routing rules. You can create two target groups and use listener rules to direct traffic based on the URL path.

Checkpoint Questions

1. Which load balancer type should you choose if you need to integrate with AWS WAF?
2. What protocol and port does the Gateway Load Balancer use to communicate with security appliances?
3. True or False: The Network Load Balancer is the only ELB that supports a 'Lambda' target type.
4. How does an NLB handle a sudden burst of millions of requests compared to an ALB?

▶Click for Answers

1. Application Load Balancer (ALB).
2. GENEVE protocol on UDP port 6081.
3. False. Both ALB and NLB support Lambda, but ALB is the most common use case for it.
4. NLB scales almost instantaneously to handle bursts; ALB requires a 'warm-up' period or manual pre-scaling by AWS support for massive spikes.

Muddy Points & Cross-Refs

• TLS Termination vs. Passthrough: If you need to inspect HTTP headers (Layer 7), you must terminate TLS at the ALB. If you need end-to-end encryption where the load balancer never sees the decrypted data, use NLB with TLS passthrough.
• Health Checks: ALB health checks are at the application level (e.g., HTTP 200 OK), whereas NLB health checks are typically at the TCP handshake level. An application can have a 'healthy' TCP port but a 'failing' 500 error on HTTP; NLB might not see that failure.

Comparison Tables

[!IMPORTANT] For the exam, remember: If the question mentions Static IP or PrivateLink, think NLB. If it mentions Path/Host routing or WAF, think ALB. If it mentions Transparent Security Inspection or Firewall Fleet, think GWLB.