Introduction
In today's fast-paced digital world, where user expectations for speed and reliability are higher than ever, load balancing plays a pivotal role in ensuring application performance and availability. Whether it's a global e-commerce platform, a video streaming service, or a small business website, managing traffic efficiently across servers is crucial to avoid downtime, optimize resource utilization, and maintain a seamless user experience.
AWS Load Balancers provide a robust solution to handle diverse traffic patterns and application needs. From HTTP routing with Application Load Balancers (ALB) to ultra-low latency traffic management with Network Load Balancers (NLB) and advanced traffic inspection with Gateway Load Balancers (GWLB), AWS offers the flexibility to build scalable, secure, and reliable infrastructures tailored to modern application requirements.
In this blog, we’ll dive into the various types of AWS Load Balancers and share hands-on insights from a recent project using the Network Load Balancer to manage high-throughput TCP traffic. Let’s get started! 🚀
👉Types of Load balancer
1️⃣ Application Load Balancer (ALB)
Use Case: Ideal for managing HTTP and HTTPS traffic.
Key Features:
Advanced Layer 7 routing, including host-based and path-based routing.
Supports WebSocket connections for real-time communication.
Perfect for microservices-based architectures.
2️⃣ Network Load Balancer (NLB)
Use Case: Designed for ultra-low latency and high-throughput TCP/UDP traffic.
Key Features:
Operates at the Transport Layer (Layer 4) of the OSI model.
Scales to handle millions of requests per second.
Provides static IPs for consistent DNS configurations.
3️⃣ Gateway Load Balancer (GWLB)
Use Case: Suitable for traffic inspection and scalable management.
Key Features:
Ideal for third-party virtual appliances like firewalls and deep packet inspection.
Simplifies deployment and scaling of network appliances.
🛠️ Hands-On with AWS Network Load Balancer (NLB)
Recently, I worked on setting up an NLB for a real-world project involving three private EC2 instances running Nginx across multiple Availability Zones. This setup ensured fault tolerance, ultra-low latency, and high availability.
Step-by-Step Workflow
1. Create an ACM Certificate
- I Generated an SSL certificate using AWS Certificate Manager (ACM) for secure traffic handling.
Steps to Generate an SSL Certificate Using AWS Certificate Manager (ACM)
SSL certificates are essential for ensuring secure communication over the Internet. AWS Certificate Manager (ACM) simplifies the process of creating and managing these certificates. Here's how you can generate an SSL certificate using ACM for your secure traffic needs:
A: Open the AWS Certificate Manager Console
Log in to your AWS Management Console.
Navigate to Certificate Manager under the Security, Identity, and Compliance section.
B: Request a Certificate
In the ACM console, click on Request a certificate.
Choose Request a public certificate for publicly accessible websites or applications.
- Alternatively, select Request a private certificate if you’re using AWS Private CA.
C: Specify Domain Names
Enter the fully qualified domain name (FQDN) you want the certificate to secure.
- For example:
www.example.com.
- For example:
To include multiple domains, use additional entries (e.g.,
example.comor*.example.comfor a wildcard certificate).
D: Validate Domain Ownership
You can validate domain ownership using one of the following methods:
DNS Validation (Preferred):
ACM provides a CNAME record that you add to your domain’s DNS settings.
AWS automatically validates the domain after detecting the DNS record.
Email Validation:
ACM sends an email to the domain's registered contact.
The email contains a validation link; clicking it completes the process.
E: Review and Request
Review your domain entries and validation method.
Click Request to start the certificate creation process.
F: Wait for Validation
If you choose DNS Validation, AWS will monitor the DNS record and validate it automatically (usually within minutes to a few hours).
For Email Validation, the certificate will be issued once you confirm via the validation link.
G: Use the Certificate
Once the certificate is issued, you can:
Attach it to services like Application Load Balancers (ALB), Network Load Balancers (NLB), or CloudFront.
Manage and renew the certificate automatically through ACM.
Pro Tip
DNS Validation is recommended because it’s automated and doesn’t require manual intervention for future renewals.
Keep your domain's DNS records accessible for easier configuration.
After completing these steps, your SSL certificate will be ready to secure traffic for your application or website, ensuring encrypted communication and boosting user trust.
2. Configure VPC and NAT Gateway
I created a VPC with subnets across multiple Availability Zones.
Set up a NAT Gateway to enable secure internet access for private instances.
3. Edit the Security Group
- Edit inbound rules as shown in the screenshot.
4. Set Up Private EC2 Instances
Launched three EC2 instances in private subnets.
Installed Nginx on each instance to serve web traffic.
Command to Install Nginx:
#!/bin/bash sudo apt update sudo apt install nginx -y sudo systemctl restart nginx sudo systemctl enable nginx echo "<h1>$(cat /etc/hostname)</h1>" >> /var/www/html/index.nginx-debian.html echo "<h1>US-EAST-1A-SERVERS</h1>" >> /var/www/html/index.nginx-debian.html
5. Create a Target Group
Defined a target group to register the private EC2 instances.
Configured health checks for TCP traffic to ensure only healthy instances receive requests.
- select all three private servers and check to include as pending below
- Create target groups
5. Configure the Network Load Balancer
An NLB was deployed and linked to the target group.
Then assigned Elastic IPs to provide consistent and reliable DNS configurations.
Configured listener rules to forward traffic to registered targets.
6. Update Route 53
Added a DNS record in Route 53 to route traffic through the NLB.
Linked the ACM certificate for HTTPS traffic.
Check the Result
Enter your registered domain name- now we are in the 1A server and the load balancer is working.
This is how that ACM role plays.
Now check whether the load is passing correctly. Enter the command below instead of giving complete IP used only gave 2 digits because entire instances around 10.0 only.
With the below command, we have created the awsnlb.log file.
Check the packets sent to each private server with the below commands
🎯Outcome and Benefits
Ultra-Low Latency: Achieved stable performance for high-traffic loads.
Fault Tolerance: The multi-AZ deployment ensured high availability.
Simplified DNS Management: Leveraged static IPs provided by the NLB.
Enhanced Security: Integrated ACM for encrypted communication.
Why Choose NLB for Layer 4 Traffic?
The NLB is a game-changer for applications requiring:
Stable Throughput: Ideal for TCP-heavy applications, such as database clusters or financial services.
Static IP Support: Simplifies DNS configurations and ensures reliable routing.
High Availability: With health checks and multi-AZ support, it keeps your applications running seamlessly.
🎯Conclusion
In conclusion, AWS Load Balancers, when paired with SSL certificates from AWS Certificate Manager (ACM), provide a robust framework for developing scalable, secure, and high-performance applications. By selecting the appropriate Load Balancer type—be it Application, Network, or Gateway—you can tailor traffic distribution to meet your application's specific requirements. Whether you're managing a straightforward web application or handling intricate enterprise workloads, AWS Load Balancers deliver the flexibility and dependability essential for contemporary cloud-based solutions.