Gateway load balancers are used with virtual network appliances at the network layer 3 of the OSI model. The listener uses a transparent network gateway to distribute traffic across networking devices such as intrusion detection/prevention systems, firewalls, compliance validation, policy enforcement, and deep packet inspection appliances. On-demand scaling allows for the dynamic allocation of these resources based on the current traffic load. Figure 1.13 lists the gateway load balancer feature sets.
The gateway load balancer listens across all ports in an IP flow and forwards the traffic you define in a listener rule to target groups. Sticky connections are used for session persistence, and UDP and TCP connections are supported. Generic Network Virtualization Encapsulation (GENEVE) is supported; GENEVE is a network encapsulation protocol that uses port 6081. GENEVE encapsulates frames in a special header that overcomes some of the limitations of VxLAN and Generic Routing Encapsulation (GRE) for use in large multitenant cloud deployments such as AWS. The main difference is that the header can contain system state information and is extensible so it can evolve over time to meet future use cases.
Load balancer endpoints are used to exchange traffic across VPC boundaries. This allows a service provider and customer to securely exchange traffic across VPCs. The gateway load balancer is deployed in the VPC where the virtual appliances reside and the appliances are registered with the load balancer using target groups. The traffic flows to the gateway load balancer in the service provider’s VPC from the customer’s VPCs and are routed using standard routing. Figure 1.14 shows the interconnect model.
FIGURE 1.13 Gateway load balancer features
FIGURE 1.14 Gateway load balancer VPC interconnections
There are many AWS networking security partners that offer a wide variety of services that are integrated with the gateway load balancer. A current list can be found at https://aws.amazon.com/elasticloadbalancing/partners.
Gateway load balancer pricing is based on each hour (or partial hour) that the load balancer is running and the number of gateway load balancing capacity units consumed per hour. Charges for the gateway load balancer endpoint that is a VPC private link endpoint and partner service offerings are billed separately.
Acedexam Training Policies
Learning resources
Other resources
Our Training Providers
