AWS Network Load Balancer (NLB)

What is AWS Network Load Balancer (NLB)?

AWS Network Load Balancer (NLB) is an Amazon Web Services tool that distributes high-performance traffic across multiple cloud instances and provides automatic scaling of resources to ensure low latency and high throughput for applications. This is made possible by its ability to manage millions of end-user queries per second while maintaining extremely low levels of latency.

AWS NLB operates at Layer 4, or the transport layer, of the Open Systems Interconnection (OSI) model. It uses certain protocols and processes -- such as the Transmission Control Protocol (TCP), User Datagram Protocol (UDP), TCP_UDP listeners and Transport Layer Security listeners -- to support the load balancing of applications.

Components of AWS NLB

A load balancer serves as the single point of contact for clients. The following are the two main components of the AWS NLB:

Listeners. Before an AWS NLB can be used, an admin must add one or more listeners. A listener is essentially a process that uses the configured protocol and port number to look for connection requests. The rules defined for a listener dictate how an NLB routes traffic to the target groups.

Target groups. A target group consists of multiple registered targets that the listener can route traffic to, such as Amazon EC2 instances, IP addresses, microservices and containers. A target can be registered with multiple target groups, which increases the availability of the application, especially if demand spikes.

How does load balancing work in AWS?

The network load balancer performs health checks on targets to ensure traffic is routed to only high-performing resources. When a target becomes slow or unresponsive, the NLB routes traffic to a different target. If no healthy targets are detected within a given availability zone (AZ), traffic can fail over to resources in another AZ. If the NLB itself becomes unresponsive, integrating it with Amazon Route 53 can direct traffic to an alternate load balancer in another AWS Region.

An admin can set up load balancing using the AWS Management Console or AWS Command Line interface. First, they must define one or more listeners to receive connection requests from end users through the port and protocol they defined. The listeners then forward requests to a target group that the admin has created.

The NLB provides one static IP address per AZ that applications can use as the front-end IP to connect to the NLB. The load balancer also lets AWS customers assign an elastic IP address per AZ and it records end-user IP addresses for back-end application processing. The NLB is an application programming interface (API) compatible with the application load balancer (ALB) to give IT teams more programmatic load balancing control. It also integrates with other Amazon services, such as Auto Scaling and CloudFormation.

AWS load balancing timeline
This timeline shows the history and evolution of AWS load balancing.

What are the types of AWS load balancing?

AWS uses different load-balancing techniques to address various traffic-shaping scenarios. The following are the major load-balancing types AWS supports:

  • Application load balancing. The ALB supports path-based routing when operating at the application layer, or the Layer 7 of the OSI model. Once it receives a request, the ALB examines the listener rules in order of priority to determine which rule should be applied and selects a target from the target group for the rule action. Based on the content of the application traffic, the listener rules can be routed to different target groups. The default routing algorithm used in this type of load balancing is round robin, but a different routing algorithm can be specified at the target group level.
  • Global server load balancing (GSLB). GSLB is the process of efficiently load-balancing traffic across geographically distributed servers. In terms of AWS, GSLB is carried out to distribute data among multiple data centers and clouds to deliver, fast and scalable applications. It provides data center failover and enhances end-user performance by directing user requests to a data center closest to their physical location. This is achieved by using geolocation and manipulating the domain name system (DNS) response based on the availability and performance profile of the data centers.
  • Classic load balancing. This load balancing method provides basic load balancing across multiple Amazon EC2 instances in multiple AZs and works at both the request and connection levels. However, AWS retired classic load balancing on August 15, 2022 and the classic load balancers of AWS customers were migrated from the EC2 Classic network to a virtual private cloud (VPC).
Load balancing diagram
This image shows how the load balancing process works.

What are the features and benefits of using an NLB?

The following are popular features and advantages of using AWS NLB:

  • Connection-based layer 4 load balancing. The AWS NLB enables load balancing of both TCP and UDP traffic and routes connections to targets, such as EC2 instances, microservices and containers.
  • High availability. A network load balancer provides high availability of resources, as it distributes incoming traffic across targets within the same AZ and monitors the health of registered targets to ensure traffic is only routed to the healthy ones. If the NLB is configured for cross-zone load balancing or multiple AZs and sees a failed target, it routes traffic to healthy targets in the other AZs.
  • High throughput. The NLB is designed to handle extreme amounts of traffic and can load balance millions of requests per second. It's also capable of handling sudden volatile traffic peaks.
  • Low latency. The NLB provides little to no latency for highly critical and latency-sensitive applications.
  • Cross-zone load balancing. Cross-zone load balancing is disabled by default in AWS and can only be enabled after creating the NLB. Certain charges are applied for traffic distributed between different zones.
  • Sticky sessions. Also known as source IP affinity, this mechanism routes requests from the same client to the same target. The stickiness of a session is typically configured at the target group level.
  • Preserves source IP address. The NLB preserves the client-side source IP address to prevent the backend from seeing the client's IP address. This is helpful during application processing.
  • Static IP support. The NLB automatically provides a static IP address for an AZ. This is the application's front-end IP on the load balancer.
  • Elastic IP support. Through a fixed IP, the NLB provides the option of an elastic IP per AZ.
  • Integration with AWS services. The NLB is integrated with a variety of AWS services, including Auto Scaling, EC2 Container Service (ECS), CloudFormation, CodeDeploy and AWS Config.
  • DNS failover. If there are no healthy targets with the NLB, or the NLB itself is unhealthy, then the NLB integrates with Amazon Route 53, which directs traffic load balancer nodes in other AZs.
  • Central API support. The NLB uses the same API as the application load balancer. This supports containerized applications as it lets admins work with target groups, health checks and load balancing across multiple ports on the same EC2 instance.
  • Long-lived TCP connections. These support long-lived TCP connections, making it ideal for WebSocket-type applications.
  • Powerful monitoring and auditing. NLB is integrated with both CloudWatch and CloudTrail, which helps with monitoring and auditing of resources. CloudTrail provides metrics such as active flow count, healthy host count, new flow count and processed bytes. CloudTrail tracks API calls to the NLB.

What are some limitations of an NLB?

Along with its many benefits, a network load balancer also comes with the following limitations:

  • Security groups can't be associated with NLB.
  • An AZ can't be removed or disabled once it's been enabled.
  • The elastic network interfaces (ENIs) created in each AZ can't be modified.
  • There's no option to change the Elastic IP addresses and private IPs attached to the ENIs after NLB creation.
  • EC2 instances can't be registered by instance ID for instances in another VPC, even if VPC peering is done.

The pricing structure of AWS NLB

According to the AWS website, customers are charged for each hour or partial hour that a network load balancer is running and by the number of NLB Capacity Units (NLCUs) the balancer uses per hour or partial hour.

Here's a breakdown of the charges:

  • $0.0225 per network load balancer-hour or partial hour; and
  • $0.006 per NLCU hour or partial hour.

Load balancing in the cloud is unlike traditional network distribution. Learn about the different types of cloud-based load-balancing techniques and algorithms.

This was last updated in March 2023

Continue Reading About AWS Network Load Balancer (NLB)

Dig Deeper on AWS management

App Architecture
Cloud Computing
Software Quality