A Comprehensive Guide to AWS Network Load Balancer

Amazon Web Services (AWS) has a range of load balancing options, and the Network Load Balancer (NLB) fills a specific niche. It handles TCP and UDP traffic at the connection level, keeping latency low even under heavy load. If you need to distribute traffic for a high-throughput application without the overhead of parsing HTTP semantics, NLB is worth knowing.

Understanding AWS Network Load Balancer basics

How NLB works

The NLB operates at Layer-4, routing packets based on IP protocol data. It distributes incoming connections across your registered targets and can handle millions of requests per second while scaling up and down as traffic changes.

A few things worth knowing about how it behaves:

• It preserves the source IP address of clients, which matters if you need it for logging, geo-location, or access control decisions.
• Each availability zone gets its own static IP address. You can also assign an Elastic IP address per AZ if you need a fixed entry point.
• Health checks run at the connection level. If a target stops responding to health probes, NLB stops sending traffic to it automatically.

How NLB fits with other AWS load balancers

AWS currently offers three load balancers:

1. Classic Load Balancer (CLB) - The original, handles both Layer-4 and Layer-7. In maintenance mode for years now.
2. Application Load Balancer (ALB) - operates at Layer-7, routes based on HTTP headers, path, or host. The choice for microservices and container-based workloads.
3. Network Load Balancer (NLB) - operates at Layer-4, handles TCP/UDP at high throughput with minimal latency.

The main differences come down to what layer you need to inspect and how much you care about latency. NLB is the pick when you want raw speed and don’t need HTTP-level routing logic.

Common NLB use cases

NLB works well when you need to route non-HTTP traffic or when latency is the primary concern. Typical scenarios include:

• Real-time applications - gaming servers, VoIP systems, video streaming
• Large-scale APIs handling millions of connections
• Database replication across Availability Zones
• IoT backends using non-HTTP protocols

Setting up an NLB

Here’s the general process through the AWS Console:

1. Open the EC2 Dashboard and go to Load Balancers.
2. Click Create Load Balancer and select Network Load Balancer.
3. Configure your listener (protocol, port).
4. Create a target group for your instances, setting the health check protocol and thresholds.
5. Register your targets.
6. Review and create.

A few settings worth paying attention to during setup:

• Cross-zone load balancing - enabled by default. Each AZ distributes traffic across targets in all enabled AZs, not just its own.
• Health check configuration - NLB health checks work differently than ALB. Make sure your targets respond appropriately to the chosen protocol and threshold settings.
• Target group settings - you can use instance IDs, IP addresses, or Lambda functions as targets.

Auto Scaling with NLB

NLB integrates with Auto Scaling groups so you can handle traffic spikes without manual intervention. CloudWatch metrics like CPU utilization or request count per target can trigger scaling policies.

The setup is straightforward: attach your Auto Scaling group to the target group, configure the scaling policy, and let EC2 Auto Scaling register and deregister instances automatically.

Security with NLB

A few AWS services work well alongside NLB:

• AWS WAF - attach a Web ACL to filter HTTP/HTTPS requests before they reach your application (ALB integration primarily)
• VPC Flow Logs - capture traffic metadata for analysis and debugging
• Security Groups - restrict access to your targets at the network level

Monitoring and troubleshooting

CloudWatch gives you metrics on active connections, traffic flow, and target health. The default metrics update every 60 seconds, with 15-month retention on the free tier.

Common issues and where to start:

• Targets marked unhealthy - check security group rules and whether the instance is actually responding to health checks
• High latency - look at cross-zone load balancing settings and target group configuration
• Connection failures - verify listener configuration and that the target group protocol matches your traffic type

AWS publishes a load balancer troubleshooting guide that covers the specifics.

NLB is a solid choice when you need Layer-4 routing with minimal overhead. It’s not as feature-rich as ALB for HTTP workloads, but it makes up for that in performance and protocol flexibility.