Network Load Balancer

Learn how to distribute incoming TCP and UDP traffic across multiple targets using Network Load Balancer.

We'll cover the following

Internet vs. internal facing load balancers
Target groups in NLB
- Using ALB as a target
Security groups for NLBs
Main features of NLB

Press + to interact

Once a Network Load Balancer receives a request from a client, it tries to open a connection with a target from the target group on the port specified in the targets’ listener rule. The protocols Network Load Balancers support are TCP, TLS, UDP, and TCP_UDP. NLB supports zonal isolation, which means it was created for architectures residing in a single AZ. However, using multiple zones is recommended as it increases the availability of our applications.

Internet vs. internal facing load balancers

We can create internet and internal facing Network Load Balancers in the AWS Cloud. The internet-facing NLBs are used to route the traffic coming from the public internet to the backend AWS resources such as EC2 instances or other web and application servers. While creating an internet-facing load balancer, we can specify an Elastic IP address that provides us with static IP addresses that will not change during the life of the load balancer.

Internal-facing load balancers are created to route client requests within a private network or a VPC (virtual private cloud) to access resources that are not accessible directly from the public internet. These types of load balancers don't have a public IP address and are accessed through a private static IP address, which does not change during the life of a load balancer. Once a load balancer is created, we can not change its IP address.

Target groups in NLB

Targets of a Network Load Balancer are registered in a target group, which is then used to route requests. When a listenerA listener uses the port and protocol we define to check for incoming connection requests. Multiple rules can be added to a listener to let them know which request needs to be sent to which target. is created, we define a target group in this listener to specify the target group we want to send our traffic to. A target group performs regular health checks on the registered targets to ensure they are fit to receive incoming requests. Requests are only sent to a target if its status is “Healthy.”

Network Load Balancers support EC2 instances, private IP addresses, and Application Load Balancers as their targets. We can use on-premises servers as targets if the selected target type is IP by connecting them to the AWS cloud using AWS Direct Connect or AWS Site-to-Site VPN.

Press + to interact

Using ALB as a target

Network Load Balancers can forward the requests it receives to an Application Load Balancer. Following are some use cases where ALBs are added as targets for NLBs:

Multimedia services: A combination of NLB and ALB can be used in multimedia services where a single endpoint is required for multiple protocols, such as HTTP for signaling and RTP to stream content.
AWS PrivateLink: An NLB can be used to create a route between clients and an ALB over AWS PrivateLink.

Security groups for NLBs

Security groups are virtual firewalls that control the incoming and outgoing traffic for AWS resources. In a Network Load Balancer, it is optional to add a security group. However, it is recommended to add a security group to your load balancer and specify the ports and IP addresses that can access our load balancers. If we don’t associate a security group with our NLB, all client traffic can reach the load balancer listeners, and all traffic can leave the load balancer.

Main features of NLB

Following are some of the main features of an NLB that distinguish it from an ALB:

Client IP preservation: By default, the IP address of a client is replaced with the IP address of the load balancer before the request is forwarded to a target. However, Network Load Balancers have a client IP preservation feature. This means the IP address of the client who made the connection request is preserved and can be forwarded to the target. This feature is useful in applications where we need to process the IP address of the client. For example, the IP address of the client can be used to monitor and analyze the pattern of the requests received.
Health checks: We can only use TCP, HTTP, or HTTPS protocols to create health checks for the target groups associated with our NLBs.
Low latency: NLBs can be used in applications that require low latency.

Get hands-on with 1300+ tech skills courses.

Introduction

AWS Fundamentals

Understanding Cloud Computing Essentials— From Zero to Hero

Identity and Access Management

Securing AWS Resources: Managing Access with IAM

AWS IAM Permission Boundaries

Using AWS IAM Access Analyzer

Compute Services

Understanding AWS Compute Services — From Zero to Hero

Amazon EC2: Elastic Compute Cloud

Working with Instances: An Amazon EC2 Walkthrough

Managing Instance Volumes Using EBS

Networking

Understanding Networking Services in AWS—From Zero to Hero

Controlling VPC Traffic Using Network ACLs

Managing Peer Connections between Amazon Virtual Private Clouds

Accessing AWS Services over AWS PrivateLink Using VPC Endpoints

Monitoring IP Traffic Using VPC Flow Logs

Route 53

Serverless Computing

Getting to Know AWS Lambda

Building and Deploying Serverless Applications with AWS SAM

Developing RESTful Microservices with API Gateway and DynamoDB

Building a WebSocket-Based Chat Application Using API Gateway

Mastering AWS AppSync Lambda Resolvers

Application Integration

Getting Started with Amazon Simple Queue Service (SQS)

Handling Amazon SNS Notifications with AWS Lambda

Build a Fanout Serverless Architecture using SNS, SQS, and Lambda

Decoupling Serverless Applications with Amazon EventBridge

Getting Started with AWS Step Functions

Containers

Getting Started with Amazon ECS

Create an EKS Cluster and Deploy an Application

High Availability and Scalability

Managing Application Traffic Using Elastic Load Balancers

Understanding Auto Scaling Group (ASG) in AWS

Mastering Amazon EC2 Dynamic Scaling Policies

Storage

Understanding AWS Storage Options—From Zero to Hero

Simple Storage Service (S3)

Working with AWS S3 Cross-Region Replication

Resizing Images with S3 Batch Operations and AWS Lambda

Managing Data Access with Amazon S3 Access Points

File Storage and Transfer

Getting Started with Amazon FSx for Windows File Server

Databases

Working with Relational Databases: A Beginner's Guide to AWS RDS

Getting Started with Amazon Aurora Database Engine

Working with NoSQL Databases: A Beginner's Guide to AWS DynamoDB

Exploring Graphs with Amazon Neptune

Getting Started with Amazon Keyspaces

Achieving Ultra-Fast Performance Using Amazon MemoryDB for Redis

Improving Database Performance with Amazon ElastiCache for Redis

Migration and Transfer

Use of AWS Database Migration Service from Aurora MySQL to S3

Security and Compliance

Getting Started with AWS Key Management Service (KMS)

Encrypting S3 Buckets and EBS Volumes Using KMS

Protecting Web Applications Using AWS WAF

Managing Aurora DB Credentials and API Keys Using Secrets Manager

Finding Vulnerabilities on EC2 Instances Using AWS Inspector

Deployment Services

Mastering AWS Deployment Services—From Zero to Hero

CloudFormation

Getting to Know AWS CloudFormation

AWS CloudFormation Updates: Change Sets and Stack Policies

Mastering AWS CloudFormation Helper Scripts

Machine Learning

Understanding Machine Learning Services on AWS—From Zero to Hero

Deploying a Machine Learning Model with Amazon SageMaker

Getting Started with Amazon Fraud Detector

Build an Educative Chatbot with Conversational AI Using AWS Lex

Content Delivery and Optimization

Analytics

Analyzing S3 Data and CloudTrail Logs Using Amazon Athena

Getting Started with Amazon EMR

Getting Started with Amazon Redshift

Building ETL Pipelines on AWS

Create a Data Lake with Lake Formation and Analyze It with Athena