Task Statement 1.3: Design solutions that integrate load balancing to meet high availability, scalability, and security requirements.
📘AWS Certified Advanced Networking – Specialty
Selecting the correct load balancer is an important skill for the AWS Advanced Networking exam. Different applications require different networking capabilities. AWS provides several load balancing services designed for specific workloads and network layers.
Understanding when and why to choose each load balancer is essential for designing scalable, highly available, and secure architectures.
The main AWS load balancing options are:
- Elastic Load Balancing (ELB – umbrella service)
- Application Load Balancer (ALB)
- Network Load Balancer (NLB)
- Gateway Load Balancer (GWLB)
- Classic Load Balancer (CLB – legacy)
1. Understanding AWS Load Balancing Options
AWS offers multiple load balancer types because applications operate at different layers of the network stack.
| Load Balancer | OSI Layer | Primary Purpose |
|---|---|---|
| Application Load Balancer | Layer 7 (Application) | HTTP/HTTPS traffic routing |
| Network Load Balancer | Layer 4 (Transport) | TCP/UDP traffic, ultra-low latency |
| Gateway Load Balancer | Layer 3/4 | Security appliances and traffic inspection |
| Classic Load Balancer | Layer 4 / Layer 7 | Legacy applications |
A network architect must evaluate the application protocol, performance requirements, scalability needs, and security architecture before choosing the correct load balancer.
2. Key Factors When Selecting a Load Balancer
For the exam, AWS expects candidates to understand how architectural requirements influence load balancer selection.
The most important decision factors are:
1. Protocol Type
Different applications use different protocols.
| Protocol | Recommended Load Balancer |
|---|---|
| HTTP / HTTPS | Application Load Balancer |
| TCP / TLS | Network Load Balancer |
| UDP | Network Load Balancer |
| Traffic inspection / firewall appliances | Gateway Load Balancer |
Applications that require application-level routing should use ALB.
Applications that require transport-level performance and speed should use NLB.
2. OSI Layer Requirements
| Layer | Load Balancer | Capability |
|---|---|---|
| Layer 7 | ALB | Content-based routing |
| Layer 4 | NLB | High-performance TCP/UDP routing |
| Layer 3/4 | GWLB | Traffic steering to appliances |
If the design requires routing decisions based on HTTP information, only ALB supports this.
Examples include routing based on:
- URL path
- Host header
- HTTP headers
- Query strings
3. Performance and Latency
Some workloads require extremely high performance and minimal latency.
| Requirement | Best Option |
|---|---|
| Millions of requests per second | NLB |
| Ultra-low latency | NLB |
| Static IP support | NLB |
| Application-level routing | ALB |
Network Load Balancer is optimized for high throughput and low latency, making it suitable for heavy network traffic environments.
4. Application Architecture
Modern architectures often rely on microservices and containers.
| Architecture Type | Recommended Load Balancer |
|---|---|
| Microservices | ALB |
| Containerized services | ALB |
| Kubernetes / EKS | ALB or NLB |
| Security appliance chains | GWLB |
For container platforms like
Amazon Elastic Kubernetes Service, ALB integrates well with Kubernetes ingress controllers.
5. Security Integration
Security features also affect load balancer choice.
| Security Feature | Load Balancer |
|---|---|
| AWS WAF integration | ALB |
| TLS termination | ALB / NLB |
| Appliance-based security inspection | GWLB |
For example, ALB integrates directly with
AWS WAF
to protect web applications from attacks.
6. IP Address Requirements
Some environments require static IP addresses.
| Requirement | Load Balancer |
|---|---|
| Static IP | NLB |
| Elastic IP support | NLB |
| DNS-based only | ALB |
Network Load Balancer allows Elastic IP addresses to be attached to each Availability Zone node.
7. Traffic Inspection Requirements
If the architecture requires deep packet inspection or firewall inspection, the correct solution is:
Gateway Load Balancer
This service distributes traffic to:
- firewalls
- IDS/IPS
- packet inspection tools
- security appliances
3. Application Load Balancer (ALB)
Application Load Balancer operates at Layer 7 of the OSI model.
It is designed for web applications and microservices architectures.
Key Features
- HTTP and HTTPS support
- Content-based routing
- WebSocket support
- HTTP/2 support
- Integration with AWS WAF
- Integration with container platforms
Routing Capabilities
ALB can route traffic using:
- URL paths
- Hostnames
- HTTP headers
- Query strings
Example routing logic:
/api → backend API service
/images → image processing service
/login → authentication service
This allows multiple applications to run behind one load balancer.
When to Choose ALB
Select ALB when:
- The application uses HTTP/HTTPS
- Routing based on URL paths is required
- Microservices architecture is used
- Web application firewall protection is required
- Container platforms are used
4. Network Load Balancer (NLB)
Network Load Balancer operates at Layer 4 (Transport Layer).
It routes traffic using:
- IP addresses
- TCP/UDP ports
Key Features
- Ultra-low latency
- High throughput
- Static IP support
- Elastic IP support
- TLS termination
- Preserves source IP
NLB is capable of handling millions of connections per second.
When to Choose NLB
Use NLB when:
- Applications require TCP or UDP
- High performance networking is required
- Static IP addresses are required
- Source IP must be preserved
- Low latency is critical
5. Gateway Load Balancer (GWLB)
Gateway Load Balancer is designed specifically for security appliance integration.
It distributes traffic across multiple security appliances.
Key Features
- Transparent network gateway
- Traffic inspection
- High availability for appliances
- Scalable security architecture
- Uses the GENEVE protocol
GWLB is commonly used with:
- Firewalls
- Intrusion detection systems
- Packet inspection systems
When to Choose GWLB
Use GWLB when:
- Network traffic must pass through security appliances
- Multiple inspection tools are deployed
- Security services must scale automatically
6. Classic Load Balancer (CLB)
Classic Load Balancer is the original AWS load balancer.
It supports both:
- Layer 4
- Layer 7
However, it lacks many modern features.
Limitations
- No advanced routing
- Limited container support
- No modern security integrations
- No path-based routing
Exam Note
AWS recommends using ALB or NLB instead of CLB.
You may see CLB mainly in legacy architectures.
7. Quick Decision Table (Exam Friendly)
| Use Case | Best Load Balancer |
|---|---|
| HTTP/HTTPS web applications | ALB |
| Path-based routing | ALB |
| Microservices | ALB |
| Kubernetes ingress | ALB |
| TCP/UDP workloads | NLB |
| Ultra-low latency traffic | NLB |
| Static IP requirement | NLB |
| Security appliance inspection | GWLB |
| Legacy EC2 applications | CLB |
8. Exam Tips (Very Important)
For the AWS Advanced Networking exam, remember the following rules:
Rule 1
If the question mentions:
- HTTP
- HTTPS
- URL routing
- microservices
- containers
→ Choose Application Load Balancer
Rule 2
If the question mentions:
- TCP
- UDP
- static IP
- very high performance
- low latency
→ Choose Network Load Balancer
Rule 3
If the question mentions:
- firewall appliances
- packet inspection
- IDS/IPS
- security appliance scaling
→ Choose Gateway Load Balancer
Rule 4
If the question mentions:
- legacy architecture
- older AWS design
→ Classic Load Balancer may appear.
9. Key Takeaways
Selecting the correct AWS load balancer depends on:
- Protocol requirements
- Network layer
- performance needs
- application architecture
- security integration
- IP addressing requirements
The most commonly used load balancers today are:
- Application Load Balancer
- Network Load Balancer
while
- Gateway Load Balancer is specialized for security architectures.
Understanding these differences allows architects to design highly available, scalable, and secure AWS networking solutions, which is a key skill tested in the AWS Certified Advanced Networking – Specialty exam.
