Task Statement 1.3: Design solutions that integrate load balancing to meet high availability, scalability, and security requirements.
📘AWS Certified Advanced Networking – Specialty
1. What Is Load Balancing?
Load balancing is the process of distributing incoming network traffic across multiple servers or resources.
Instead of sending all traffic to one server, a load balancer:
- Receives client traffic
- Decides which backend target should handle it
- Forwards the request
- Returns the response to the client
This helps achieve:
- High Availability (HA) – If one server fails, traffic goes to others.
- Scalability – Add or remove servers automatically.
- Security – Control, inspect, and filter traffic.
In AWS, load balancing is primarily provided by:
- Elastic Load Balancing (ELB)
- AWS Global Accelerator
- Amazon CloudFront
2. Elastic Load Balancing (ELB) Overview
Elastic Load Balancing automatically distributes incoming traffic across multiple targets such as:
- EC2 instances
- Containers (ECS)
- IP addresses
- Lambda functions
There are three main types of load balancers in ELB:
- Application Load Balancer (ALB) – Layer 7
- Network Load Balancer (NLB) – Layer 4
- Gateway Load Balancer (GWLB) – Layer 3 / Layer 4
3. Application Load Balancer (ALB)
Application Load Balancer
Operates at:
- Layer 7 (Application Layer)
Understands:
- HTTP
- HTTPS
- WebSocket
- gRPC
Key Features
1. Content-Based Routing
ALB can route traffic based on:
- URL path
Example:/api→ API servers/images→ Image servers
- Host header
Example:app.example.com→ App serversadmin.example.com→ Admin servers
This is called host-based routing and path-based routing.
2. SSL/TLS Termination
ALB can:
- Terminate HTTPS
- Decrypt traffic
- Forward traffic internally as HTTP or HTTPS
It integrates with:
- AWS Certificate Manager (ACM)
3. Integration with Auto Scaling
Works directly with:
- Amazon EC2 Auto Scaling
When traffic increases:
- New EC2 instances are launched
- ALB automatically starts routing traffic to them
4. Web Application Firewall (WAF) Integration
ALB integrates with:
- AWS WAF
You can:
- Block SQL injection
- Block cross-site scripting (XSS)
- Restrict traffic by IP
5. Authentication Support
ALB supports authentication via:
- OIDC
- Amazon Cognito
When to Use ALB (Exam Focus)
Use ALB when:
- Application uses HTTP/HTTPS
- Need path-based routing
- Need host-based routing
- Need WAF integration
- Need authentication at load balancer
- Microservices architecture
4. Network Load Balancer (NLB)
Network Load Balancer
Operates at:
- Layer 4 (Transport Layer)
Works with:
- TCP
- UDP
- TLS
Key Features
1. Ultra-High Performance
- Millions of requests per second
- Very low latency
- Preserves source IP address
Preserving client IP is important for:
- Logging
- Security policies
- Firewall rules
2. Static IP Support
NLB provides:
- Static IP addresses
- Can associate Elastic IP addresses
This is important when:
- External firewall requires fixed IP
- Partner systems whitelist IP
3. TLS Termination
NLB can terminate TLS connections.
4. Cross-Zone Load Balancing
Distributes traffic across Availability Zones.
When to Use NLB (Exam Focus)
Use NLB when:
- Need extreme performance
- Non-HTTP traffic
- Need static IP
- Need source IP preservation
- Financial or gaming systems with low latency
- Hybrid connectivity with on-premises systems
5. Gateway Load Balancer (GWLB)
Gateway Load Balancer
Operates at:
- Layer 3 and Layer 4
Purpose:
Designed for network security appliances
What It Does
GWLB allows you to deploy:
- Firewalls
- Intrusion Detection Systems (IDS)
- Intrusion Prevention Systems (IPS)
- Deep packet inspection tools
And scale them automatically.
It uses:
- GENEVE protocol
- Transparent traffic redirection
Why GWLB Is Important for Exam
Use GWLB when:
- You need centralized inspection
- You are building a security VPC
- You want third-party firewall appliances
- You want scalable inline inspection
Common in:
- Hub-and-spoke architectures
- Multi-account environments
- AWS Organizations deployments
6. AWS Global Accelerator
AWS Global Accelerator
Works differently from ELB.
What It Does
- Uses AWS global network
- Provides static anycast IP addresses
- Routes traffic to optimal AWS Region
Improves:
- Availability
- Failover speed
- Global performance
When to Use It
- Multi-region architecture
- Need fast failover
- Global users
- Disaster recovery setup
7. Amazon CloudFront as a Load Balancer
Amazon CloudFront
CloudFront is a CDN, but also distributes traffic.
It:
- Caches content at edge locations
- Reduces load on origin servers
- Supports HTTPS
- Integrates with WAF
- Protects against DDoS
Works with:
- AWS Shield
8. High Availability Design with Load Balancers
To meet HA requirements:
1. Use Multiple Availability Zones
- Always deploy targets in at least 2 AZs.
- ELB is automatically multi-AZ.
2. Health Checks
Load balancers:
- Monitor target health
- Remove unhealthy targets automatically
3. Cross-Zone Load Balancing
Distributes traffic evenly across AZs.
4. Multi-Region Strategy
Combine:
- ALB or NLB
- AWS Global Accelerator
- Route 53
For global failover.
9. Scalability Design
Load balancers support:
- Horizontal scaling
- Auto Scaling groups
- Container scaling
- Serverless backends
Key exam concept:
Load balancer does not scale manually — AWS manages scaling automatically.
10. Security Design with Load Balancing
1. TLS Termination
Encrypt traffic.
2. WAF Integration
Use AWS WAF with ALB or CloudFront.
3. DDoS Protection
Use:
- AWS Shield
- CloudFront
- NLB for high volume traffic
4. Security Groups
ALB:
- Has security groups
NLB:
- Does NOT use security groups (important exam point)
5. Private Load Balancer
Internal load balancers:
- Not internet-facing
- Used inside VPC
11. Internet-Facing vs Internal Load Balancer
Internet-Facing
- Public IP
- Accepts internet traffic
Internal
- Private IP
- Used for:
- Internal services
- Microservices communication
- Database tier routing
12. Target Types
Load balancers can route to:
- EC2 instances
- IP addresses
- Lambda functions (ALB only)
- Containers (ECS, EKS)
13. Comparison Summary (Exam Critical)
| Feature | ALB | NLB | GWLB |
|---|---|---|---|
| OSI Layer | 7 | 4 | 3/4 |
| Protocol Awareness | HTTP/HTTPS | TCP/UDP | Any IP |
| Static IP | No | Yes | Yes |
| WAF Support | Yes | No | No |
| Best For | Web apps | High-performance traffic | Security appliances |
| Source IP preserved | No (X-Forwarded-For) | Yes | Yes |
14. Exam Scenario Tips
If question says:
- “Path-based routing” → ALB
- “Static IP required” → NLB
- “Third-party firewall scaling” → GWLB
- “Multi-region failover with static IP” → Global Accelerator
- “Need WAF” → ALB or CloudFront
- “Very high throughput, low latency TCP” → NLB
15. Common Architecture Patterns
1. Web Application
CloudFront → ALB → EC2 Auto Scaling
2. Microservices
ALB with path routing → ECS/EKS
3. Hybrid
On-premises → Direct Connect → NLB
4. Security Hub-and-Spoke
Spoke VPC → GWLB → Central firewall VPC
16. Final Exam Checklist
Make sure you understand:
- Differences between ALB, NLB, GWLB
- When to use each
- High availability best practices
- Multi-AZ design
- Health checks
- Security integration (WAF, Shield)
- TLS termination
- Internal vs Internet-facing
- Cross-zone load balancing
- Multi-region strategy
