AWS Load Balancer Offerings – Network Design – ANS-C01 Study Guide

AWS Load Balancer Offerings

AWS offers three types of elastic load balancers with each designed for a specific use case. In this section we will learn about these AWS service offerings, what they do, how they are different, and which load balancer in the family is the best fit for a given requirement.

Tables 1.1 through 1.6 show a side-by-side feature comparison of the load balancer products currently offered by AWS.

TABLE 1.1 AWS ELB Product Comparisons: ELB Types

FeatureApplication Load BalancerNetwork Load BalancerGateway Load BalancerClassic Load Balancer
Load balancer typeLayer 7Layer 4Layer 3 gateway + layer 4 load balancingLayer 4/7
Target typeIP, instance, LambdaIP, instance, Application Load BalancerIP, instance
Terminates flow/proxy behaviorYesYesNoYes
Protocol listenersHTTP, HTTPS, gRPCTCP, UDP, TLSIPTCP, SSL/TLS, HTTP, HTTPS
Reachable viaVIPVIPRoute table entryVIP

TABLE 1.2 AWS ELB Product Comparisons: Layer 7

FeatureApplication Load BalancerNetwork Load BalancerGateway Load BalancerClassic Load Balancer
Load balancer typeLayer 7Layer 4Layer 3 gateway + layer 4 load balancingLayer 4/7
Redirects
Fixed response
Desync mitigation mode
HTTP header-based routing
HTTP/2gRPC

TABLE 1.3 AWS ELB Product Comparisons: Characteristics

FeatureApplication Load BalancerNetwork Load BalancerGateway Load BalancerClassic Load Balancer
Load balancer typeLayer 7Layer 4Layer 3 gateway + layer 4 load balancingLayer 4/7
Common configurations and characteristics
Slow start
Outpost support
Local zone
IP address – static, elastic
Connection draining (deregistration delay)
Configurable idle connection timeout
PrivateLink support ✔ (TCP, TLS)✔ (GWLBe)
Zonal Isolation
Session resumption
Long-lived TCP connection
Load balancing to multiple ports on the same instance
Load balancer deletion protection
Preserve source IP address
WebSockets
Supported network/platformsVPCVPCVPCEC2-Classic, VPC
Cross-zone load balancing
IAM permissions(resource, tag based)✔ (Only resource-based)
Flow stickiness (All packets of a flow are sent to one target, and return traffic comes from same target)SymmetricSymmetricSymmetricSymmetric
Target failure behaviorFail close on targets, unless all targets are unhealthy (fail open)Fail close on targets, unless all targets are unhealthy (fail open)Existing flows continue to go to existing target appliances, new flows are rerouted to healthy target appliances
Health checksHTTP, HTTPS, gRPCTCP, HTTP, HTTPSTCP, HTTP, HTTPSTCP, SSL/TLS, HTTP, HTTPS
Security
SSL offloading
Server Name Indication (SNI)
Backend server encryption
User authentication
Custom security policy
ALPN

TABLE 1.4 AWS ELB Security

FeatureApplication Load BalancerNetwork Load BalancerGateway Load BalancerClassic Load Balancer
Load balancer typeLayer 7Layer 4Layer 3 gateway + layer 4 load balancingLayer 4/7
Security
SSL offloading
Server Name Indication (SNI)
Backend server encryption
User authentication
Custom security policy
ALPN

TABLE 1.5 AWS ELB Kubernetes Controller

FeatureApplication Load BalancerNetwork Load BalancerGateway Load BalancerClassic Load Balancer
Load balancer typeLayer 7Layer 4Layer 3 gateway + layer 4 load balancingLayer 4/7
Kubernetes controller
Direct-to-pod✔ (Fargate pods)
Load balance to multiple namespaces
Support for fully private EKS clusters

TABLE 1.6 AWS ELB Logging and Monitoring

FeatureApplication Load BalancerNetwork Load BalancerGateway Load BalancerClassic Load Balancer
Load balancer typeLayer 7Layer 4Layer 3 gateway + layer 4 load balancingLayer 4/7
Logging and monitoring
CloudWatch metrics
Logging