AWS Load Balancer Offerings – Network Design – ANS-C01 Study Guide

AWS Load Balancer Offerings

AWS offers three types of elastic load balancers with each designed for a specific use case. In this section we will learn about these AWS service offerings, what they do, how they are different, and which load balancer in the family is the best fit for a given requirement.

Tables 1.1 through 1.6 show a side-by-side feature comparison of the load balancer products currently offered by AWS.

TABLE 1.1 AWS ELB Product Comparisons: ELB Types

FeatureApplication Load BalancerNetwork Load BalancerGateway Load BalancerClassic Load Balancer
Load balancer typeLayer 7Layer 4Layer 3 gateway + layer 4 load balancingLayer 4/7
Target typeIP, instance, LambdaIP, instance, Application Load BalancerIP, instance 
Terminates flow/proxy behaviorYesYesNoYes
Protocol listenersHTTP, HTTPS, gRPCTCP, UDP, TLSIPTCP, SSL/TLS, HTTP, HTTPS
Reachable viaVIPVIPRoute table entryVIP

TABLE 1.2 AWS ELB Product Comparisons: Layer 7

FeatureApplication Load BalancerNetwork Load BalancerGateway Load BalancerClassic Load Balancer
Load balancer typeLayer 7Layer 4Layer 3 gateway + layer 4 load balancingLayer 4/7
Redirects   
Fixed response   
Desync mitigation mode   
HTTP header-based routing   
HTTP/2gRPC   

TABLE 1.3 AWS ELB Product Comparisons: Characteristics

FeatureApplication Load BalancerNetwork Load BalancerGateway Load BalancerClassic Load Balancer
Load balancer typeLayer 7Layer 4Layer 3 gateway + layer 4 load balancingLayer 4/7
Common configurations and characteristics
Slow start   
Outpost support   
Local zone   
IP address – static, elastic   
Connection draining (deregistration delay)
Configurable idle connection timeout  
PrivateLink support ✔ (TCP, TLS)✔ (GWLBe) 
Zonal Isolation  
Session resumption  
Long-lived TCP connection  
Load balancing to multiple ports on the same instance 
Load balancer deletion protection 
Preserve source IP address 
WebSockets 
Supported network/platformsVPCVPCVPCEC2-Classic, VPC
Cross-zone load balancing
IAM permissions(resource, tag based)✔ (Only resource-based)
Flow stickiness (All packets of a flow are sent to one target, and return traffic comes from same target)SymmetricSymmetricSymmetricSymmetric
Target failure behaviorFail close on targets, unless all targets are unhealthy (fail open)Fail close on targets, unless all targets are unhealthy (fail open)Existing flows continue to go to existing target appliances, new flows are rerouted to healthy target appliances 
Health checksHTTP, HTTPS, gRPCTCP, HTTP, HTTPSTCP, HTTP, HTTPSTCP, SSL/TLS, HTTP, HTTPS
Security
SSL offloading 
Server Name Indication (SNI)  
Backend server encryption 
User authentication   
Custom security policy   
ALPN  

TABLE 1.4 AWS ELB Security

FeatureApplication Load BalancerNetwork Load BalancerGateway Load BalancerClassic Load Balancer
Load balancer typeLayer 7Layer 4Layer 3 gateway + layer 4 load balancingLayer 4/7
Security
SSL offloading 
Server Name Indication (SNI)  
Backend server encryption 
User authentication   
Custom security policy   
ALPN  

TABLE 1.5 AWS ELB Kubernetes Controller

FeatureApplication Load BalancerNetwork Load BalancerGateway Load BalancerClassic Load Balancer
Load balancer typeLayer 7Layer 4Layer 3 gateway + layer 4 load balancingLayer 4/7
Kubernetes controller
Direct-to-pod✔ (Fargate pods)  
Load balance to multiple namespaces   
Support for fully private EKS clusters  

TABLE 1.6 AWS ELB Logging and Monitoring

FeatureApplication Load BalancerNetwork Load BalancerGateway Load BalancerClassic Load Balancer
Load balancer typeLayer 7Layer 4Layer 3 gateway + layer 4 load balancingLayer 4/7
Logging and monitoring
CloudWatch metrics
Logging