NLB(Network Load Balancer)

Leave a Comment / By /

Back to: AWS-Basics-Advanced

0

AWS Network Load Balancer (NLB) — From Basics to Advanced

While ALB operates at Layer 7 (Application Layer), a Network Load Balancer (NLB) works at Layer 4 (Transport Layer). It is designed for high-performance, low-latency, and TCP/UDP-based traffic.

NLB is ideal for applications that require extreme performance, static IPs, or TLS termination at the network layer.

1️⃣ What is a Network Load Balancer (NLB)?

Definition:
An NLB is a highly scalable, ultra-low latency load balancer that can handle millions of requests per second while maintaining TCP/UDP connections.

Key Benefits:

  • Operates at Layer 4 (TCP/UDP)

  • Handles volatile workloads with high throughput

  • Provides static IPs per AZ (Elastic IP optional)

  • Supports TLS termination

  • Integrates with Auto Scaling groups, ECS, and Lambda

Example Use Case:

  • Game servers

  • Real-time trading applications

  • IoT data ingestion services

  • Any service needing static IPs or extreme performance

2️⃣ Core Components of NLB

Component Role
Network Load Balancer Receives incoming traffic and routes it to targets.
Listeners Protocol and port configuration (TCP, UDP, TLS).
Target Groups Groups of targets (EC2, IP, Lambda) receiving traffic.
Targets Actual resources serving the application.
Health Checks Monitor the availability of targets.
Elastic IPs Optional static IPs per AZ for clients.

3️⃣ Advanced Features

  1. Static IP per AZ – Useful for firewall whitelisting

  2. TLS Termination – Offload TLS at NLB and forward decrypted traffic

  3. Preserve Source IP – Target can see the original client IP

  4. Zonal Isolation – One NLB per AZ improves fault tolerance

  5. Cross-Zone Load Balancing – Optional, spreads traffic across AZs

  6. High Throughput – Millions of requests per second

  7. Integration with ECS/EKS & Auto Scaling

4️⃣ Step-by-Step NLB Creation

Step 1: Create Network Load Balancer

  1. Go to EC2 → Load Balancers → Create Load Balancer → Network Load Balancer

  2. Configure:

    • Name: MyNLB

    • Scheme: Internet-facing / Internal

    • IP Address Type: IPv4 / Dualstack

    • Optional: Assign Elastic IPs per AZ for static IP

Step 2: Configure Listeners

  • Add listener(s) for TCP, UDP, or TLS (e.g., TCP 80, TLS 443)

  • TLS: Choose ACM certificate for TLS termination

Step 3: Configure Target Groups

  1. Create target group(s):

    • Protocol: TCP/UDP/TLS

    • Target type: Instance, IP, Lambda

    • Health check protocol: TCP (Layer 4) or HTTP/HTTPS (if TLS is terminated)

Step 4: Register Targets

  • Add your EC2 instances, IP addresses, or Lambda functions to the target group.

Step 5: Set Up Health Checks

  • Protocol: TCP (default) or custom

  • Port: Fixed or traffic port

  • Healthy threshold / Unhealthy threshold

Step 6: Attach Target Groups to Listeners

  • Go back to the listener → forward traffic to the target group(s)

  • You can also configure weighted target groups if needed

5️⃣ Sticky Sessions in NLB

Unlike ALB, NLB does not support HTTP cookies for sticky sessions because it works at Layer 4 (TCP/UDP).

Option for session stickiness:

  • Enable source IP affinity: NLB will consistently route traffic from the same client IP to the same target.

Steps to Enable Source IP Stickiness:

  1. Open the target group → Attributes

  2. Enable Source IP session stickiness

  3. Set timeout (1–3600 seconds)

6️⃣ TLS Termination in NLB

  1. NLB supports TLS termination at listener level

  2. Steps:

    • Choose TLS listener (e.g., port 443)

    • Attach ACM certificate

    • Forward decrypted traffic to target group via TCP

  3. Useful for reducing SSL overhead on backend servers

7️⃣ Monitoring NLB

  • CloudWatch Metrics:

    • ActiveFlowCount, NewFlowCount, ProcessedBytes, HealthyHostCount

  • Access Logs: NLB logs TCP/UDP flows to S3

  • Health Checks: Ensure targets are reachable

8️⃣ Best Practices

  1. Use Elastic IPs for static IP requirements

  2. Enable cross-zone load balancing for better distribution

  3. Use TLS termination if backend instances cannot handle TLS

  4. Monitor with CloudWatch alarms for traffic spikes and target failures

  5. Combine NLB with ALB for hybrid architectures: NLB handles TCP/UDP traffic, ALB handles HTTP/S traffic

9️⃣ Comparison: ALB vs NLB

Feature ALB NLB
OSI Layer 7 (Application) 4 (Transport)
Protocol HTTP/HTTPS TCP/UDP/TLS
Routing Host/Path/Header/Query Source IP / Port
Sticky Sessions Cookie-based Source IP
TLS Termination Yes Yes
Static IP No Yes (Elastic IP)
Use Case Web apps, microservices Game servers, IoT, real-time apps

10️⃣ Conclusion

AWS Network Load Balancer (NLB) is perfect for high-performance, low-latency applications:

  • Supports TCP/UDP protocols

  • Offers static IP addresses per AZ

  • Can terminate TLS at the network layer

  • Supports source IP-based session stickiness

Use NLB when your application demands ultra-fast, scalable, and fault-tolerant network-level traffic routing, and combine with ALB when you need advanced Layer 7 features.

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to Top