Understanding AWS Network Load Balancer (NLB) and Gateway Load Balancer (GLB)

Introduction

In the world of cloud computing, ensuring the efficient distribution of incoming traffic to applications is critical for maintaining performance and availability. AWS provides several types of load balancers to handle different traffic patterns and requirements. Among these, the Network Load Balancer (NLB) and the Gateway Load Balancer (GLB) stand out due to their unique features and capabilities. This blog will delve into what NLB and GLB are, how they differ from each other, their specific use cases, and how they can be architected within your AWS infrastructure.

What is a Network Load Balancer (NLB)?

The Network Load Balancer (NLB) operates at the transport layer (Layer 4) of the OSI model. It is designed to handle large volumes of traffic and provide ultra-low latency, making it ideal for real-time applications and workloads that require high performance.

Key Features of NLB:

1. High Throughput and Low Latency: NLB is capable of handling millions of requests per second while maintaining very low latencies.
2. Static IP Support: NLB can assign a static IP for the load balancer, which is beneficial for whitelisting and consistent access.
3. TLS Termination: NLB can handle TLS termination, offloading the decryption work from the application servers.
4. Health Checks: Regularly performs health checks on the registered targets to ensure traffic is only routed to healthy instances.
5. Preserve Client IP: NLB preserves the source IP of the client, which can be useful for logging and regulatory requirements.

What is a Gateway Load Balancer (GLB)?

The Gateway Load Balancer (GLB) operates at the network layer (Layer 3) of the OSI model. It is designed to simplify the deployment, scaling, and management of third-party virtual appliances such as firewalls, intrusion detection systems, and deep packet inspection systems.

Key Features of GLB:

1. Single Entry and Exit Point: GLB provides a single entry and exit point for traffic flowing to your third-party appliances.
2. Traffic Steering: Routes traffic to the appropriate virtual appliances based on configured rules.
3. Elasticity: Automatically scales up or down based on the load, ensuring high availability.
4. Simplified Management: Integrates seamlessly with VPCs, making it easier to manage traffic flows and security policies.
5. Health Checks: Continuously monitors the health of virtual appliances to ensure only healthy appliances receive traffic.

Differences Between NLB and GLB

While both NLB and GLB are designed to handle large volumes of traffic, they serve different purposes and operate at different layers of the OSI model.

1. Operational Layer:

• NLB operates at Layer 4 (Transport Layer), handling TCP/UDP traffic.
• GLB operates at Layer 3 (Network Layer), managing IP traffic and integrating with virtual appliances.

2. Primary Use Case:

• NLB is ideal for distributing large incoming traffic across multiple targets to balance the load.
• GLB is designed for routing traffic through virtual network appliances for inspection, security, and other network services.

3. Client IP Preservation:

• NLB preserves the original client IP, which is useful for logging and regulatory purposes.
• GLB focuses more on routing and inspecting traffic through network appliances rather than preserving the client IP.

Use Cases

Network Load Balancer (NLB)

1. Real-Time Applications: Ideal for applications requiring low latency and high throughput, such as gaming servers or financial transaction systems.
2. TLS Termination: Offloading TLS termination to NLB reduces the burden on application servers.
3. Static IP Requirements: When you need a fixed IP for your load balancer for compliance or whitelisting purposes.

Gateway Load Balancer (GLB)

1. Network Security Appliances: Use GLB to route traffic through firewalls, intrusion detection systems, and other security appliances.
2. Traffic Inspection and Filtering: Ideal for deep packet inspection and ensuring traffic conforms to security policies before reaching the application.
3. Scaling Security Infrastructure: Automatically scales security appliances up or down based on the traffic load, ensuring efficient resource utilization.

Architecting with NLB and GLB

NLB Architecture

1. Network Load Balancer (NLB): Distributes incoming traffic to multiple target groups.
2. Target Groups: Contains multiple EC2 instances across different Availability Zones to ensure high availability.
3. Application Load Balancer (ALB) (Optional): Further distributes traffic to specific microservices or application tiers based on routing rules.
4. Instances: EC2 instances running your application or microservices.

Diagram:

GLB Architecture

1. Gateway Load Balancer (GLB): Routes incoming traffic to various security appliances.
2. Security Appliances: Third-party virtual appliances for firewall, intrusion detection, etc.
3. Target Groups: Post-security inspection, traffic is forwarded to application target groups.
4. Application Load Balancer (ALB) (Optional): Distributes traffic to specific microservices or application tiers.
5. Instances: EC2 instances running your application or microservices.

Combined Architecture

In some scenarios, you may use both NLB and GLB in your architecture to handle different types of traffic and security needs:

1. NLB: Distributes traffic requiring low latency and high throughput.
2. GLB: Routes and inspects traffic needing security and compliance checks.
3. ALB: Manages application-specific routing and load balancing.

Conclusion

AWS provides robust load balancing solutions in the form of Network Load Balancer (NLB) and Gateway Load Balancer (GLB), each serving distinct purposes. NLB is perfect for high-throughput, low-latency applications, while GLB excels in routing traffic through security appliances. Understanding their differences and use cases helps in designing efficient, scalable, and secure architectures tailored to your specific needs. By leveraging the strengths of both NLB and GLB, you can build a resilient and highly available cloud infrastructure that meets performance and security requirements.