AWS Elastic Load Balancing: Choosing the Right Strategy
Determining an appropriate load balancing strategy (for example, Application Load Balancer [Layer 7] compared with Network Load Balancer [Layer 4] compared with Gateway Load Balancer)
AWS Elastic Load Balancing: Choosing the Right Strategy
This study guide focuses on determining the appropriate load balancing strategy within AWS, specifically comparing Application Load Balancers (ALB), Network Load Balancers (NLB), and Gateway Load Balancers (GWLB).
Learning Objectives
- Differentiate between Layer 3, Layer 4, and Layer 7 load balancing.
- Identify specific use cases for ALB, NLB, and GWLB.
- Explain how path-based and host-based routing function in an ALB.
- Understand the high-performance capabilities of the Network Load Balancer.
- Describe the role of Gateway Load Balancers in managing security appliances.
Key Terms & Glossary
- OSI Model: A conceptual framework used to understand network interactions in seven layers.
- Layer 7 (Application): The layer where high-level protocols like HTTP/HTTPS operate.
- Layer 4 (Transport): The layer responsible for end-to-end communication and error recovery (TCP/UDP).
- Layer 3 (Network): The layer responsible for packet forwarding including routing through intermediate routers.
- Target Group: A logical grouping of targets (EC2 instances, containers, or IP addresses) that receive traffic from a load balancer.
- GENEVE Protocol: The encapsulation protocol used by Gateway Load Balancers to wrap original traffic for inspection by virtual appliances.
The "Big Idea"
Load balancing is the architectural "glue" that enables high availability and scalability. By sitting between the client and the infrastructure, a load balancer decouples the client from individual servers. This allows you to add or remove servers (Scaling) or bypass failed ones (Fault Tolerance) without the end-user ever knowing. Choosing the right balancer is a trade-off between feature richness (ALB), raw performance (NLB), and security inspection (GWLB).
Formula / Concept Box
| Feature | Application (ALB) | Network (NLB) | Gateway (GWLB) |
|---|---|---|---|
| OSI Layer | Layer 7 (Application) | Layer 4 (Transport) | Layer 3 (Network) |
| Protocols | HTTP, HTTPS, gRPC | TCP, UDP, TLS | IP (GENEVE) |
| Routing Basis | URL Path, Hostname, Cookies | IP Address, Port | IP Packets |
| Static IP | No (uses DNS name) | Yes (Elastic IP support) | No |
| Latency | Milliseconds | Microseconds | Variable (Inspection) |
Hierarchical Outline
- I. Application Load Balancer (ALB)
- Path-based Routing: Route
/imagesto one target group and/apito another. - Host-based Routing: Route
mobile.example.comdifferently thanweb.example.com. - Target Types: EC2 instances, Lambda functions, and IP addresses.
- Path-based Routing: Route
- II. Network Load Balancer (NLB)
- Performance: Designed for millions of requests per second.
- Static IPs: Provides a single fixed IP per Availability Zone (AZ).
- Use Case: Non-HTTP protocols, gaming servers, and massive traffic spikes.
- III. Gateway Load Balancer (GWLB)
- Appliance Management: Simplifies the deployment of 3rd-party firewalls and IDS/IPS.
- Transparency: Acts as a bump-in-the-wire for all traffic in/out of a VPC.
Visual Anchors
Load Balancer Decision Flow
OSI Layer Mapping
Definition-Example Pairs
- Path-Based Routing: Routing requests to different backend services based on the URL path content.
- Example: A streaming site routes
/videorequests to high-bandwidth compute nodes and/commentsto a low-cost microservice.
- Example: A streaming site routes
- Preservation of Source IP: The ability for the backend server to see the actual IP address of the client rather than the load balancer's IP.
- Example: A security-focused TCP application uses an NLB to log the original client IP for audit trails without complex headers.
- GENEVE Encapsulation: A protocol that wraps a packet with extra metadata so it can be sent to a security appliance and returned.
- Example: A GWLB receives a packet, wraps it in a GENEVE header, sends it to a Palo Alto Firewall instance for inspection, and then unwraps it to continue to its destination.
Worked Examples
Example 1: The Microservices Architecture
Scenario: You are hosting a web application with three distinct services: Login, Search, and Checkout. You want to save costs by using a single load balancer for all three. Solution: Use an Application Load Balancer.
- Step 1: Create three Target Groups (one for each service).
- Step 2: Configure Listener Rules.
- Step 3: Set a rule where path
/login/*forwards to the Login Target Group,/search/*to the Search group, etc.
Example 2: The Ultra-High Speed Stock Ticker
Scenario: An application requires handling 5 million TCP connections per second with the lowest possible latency and needs a whitelistable static IP. Solution: Use a Network Load Balancer.
- Reasoning: ALBs introduce more latency because they must inspect the HTTP header. NLBs operate at the Transport layer, making them faster and capable of assigning an Elastic IP that partners can whitelist.
Checkpoint Questions
- Which load balancer type would you use for a WebSocket-based application that requires high performance? (Answer: NLB)
- If you need to route traffic based on a custom cookie, which load balancer is required? (Answer: ALB)
- At which OSI layer does the Gateway Load Balancer operate? (Answer: Layer 3)
- True or False: The Application Load Balancer provides a static IP address. (Answer: False; it provides a DNS name)
- Which protocol does GWLB use to communicate with virtual appliances? (Answer: GENEVE)