Network Load Balancer (NLB)

=

Features

  • Provides a static IP address for each subnet.

  • Supports being assigned an Elastic IP for each subnet. You can’t change these Elastic IP addresses after you create the load balancer.

  • Handle volatile workloads and scale to millions of requests per second.

  • Supports registering targets by IP address, including targets outside the VPC for the load balancer.

  • Routing requests to multiple applications on a single EC2 instance. You can register each instance or IP address with the same target group using multiple ports.

  • containerized applications

  • monitoring the health of each service independently.

  • Forwarding raw TCP to backends including TLS. Since ALBs terminate the TLS connection, if you need your app to terminate it, then NLB is the way.

Attributes

  • access_logs.s3.enabled

  • access_logs.s3.bucket

  • access_logs.s3.prefix

  • deletion_protection.enabled

  • ipv6.deny_all_igw_traffic

  • load_balancing.cross_zone.enabled

  • dns_record.client_routing_policy

Availability Zones

You can’t disable Availability Zones for a Network Load Balancer after you create it, but you can enable additional Availability Zones

Idle Timeout

We set the idle timeout value for TCP flows to 350 seconds. You can’t modify this value. Clients or targets can use TCP keepalive packets to reset the idle timeout. Keepalive packets sent to maintain TLS connections can’t contain data or payload.

  • TCP: 350s

  • UDP: 120s

Availability Zone DNS Affinity

With the Availability Zone affinity routing policies, client DNS queries favor load balancer IP addresses in their own Availability Zone. This helps improve both latency and resiliency, as clients do not need to cross Availability Zone boundaries when connecting to targets.

Target Groups

Stickiness can be configured at this level.

Health Checks

  • Protocols: HTTP/HTTPS/TCP (NOT UDP). If the target is an ALB only HTTP or HTTPS are allowed.

  • Port

  • (http[s] only) Path

  • Timeout

  • Interval

  • Healthy threshold

  • Unhealthy threshold

  • (http[s] only) Matcher: the HTTP status code to expect from a successful response. It can be *200-499 (HTTP), multiple values or a range can be specified.

Target Types

  • ip

  • instance

  • alb: an Application Load Balancer

Use Cases

  • Unbroken encryption

  • Static IP for whitelisting

  • Top performance

  • Not HTTP/HTTS traffic

  • Privatelink