Elastic Load Balancer Cheat Sheet

Elastic Load Balancer (ELB): managed load balancer. Health checks. 

1. Classic Load Balancer (CLB)
2. Application Load Balancer (ALB)
3. Network Load Balancer (NLB)
4. Gateway Load Balancer

Classic Load Balancer (CLB):

old generation. HTTP, HTTPS, SSL & TLS. . Layer 4 and layer 7. Health check and fixed hostname.

Application Load Balancer (ALB):

HTTP, HTTPS & web socket. Layer 7. Support redirects from http to https. Routing based on path in URL, hostname in URL & query string. Has port mapping features to redirect dynamic port on ECS. Great for micro services and container based application. ALB targets are EC2 Instances, ECS tasks(HTTP), Lambda function (HTTP) & IP address. Health check and fixed hostname.

IP= X-Forwarded-FOR

Port = X-Forwarded-Port

Prototype = X-Forwarded-Proto

Network Load Balancer (NLB):

Layer 4. TCP, TLS and UDP. Handles millions of requests per second. Latency is ~100ms. NLB has one static IP per AZ. NLB are used for extreme performance and TCP or UDP traffic. Target groups are – EC2 Instances, IP Address and ALB.

Gateway Load Balancer:

Operates at layer 3 – IP packets. Deploy, scale and manages a fleet of 3rd party network appliance in AWS. Uses GENEVE protocol on 7081 port. Target groups are EC2 Instances and IP addresses.

Sticky Session (Session Affinity): works for ALB and NLB. The cookie used for stickiness has expiration date. Cookie Names are

Application Based Cookie:

1. Custom Cookie: generated by target. Don’t use AWSALB, AWSALBAPP and AWSALBTG
2. Reserved Cookie: generated by load balancers. Cookie name is always AWSALBAPP.
3. Duration Based Cookie: generated by load balancer. Cookier names are AWSALB for ALB and AWSELB for CLB.

Connection Draining (Deregistration Delay):

CLB: Connection Draining

ALB & NLB: Deregistration Delay

Is the time to complete “in-flight” requests which instance is unhealthy. Default is 300 sec.

Cross Zone Load Balancing:

With cross zone load balancing: distributes evenly across all registered instances in AZ.

Without cross zone load balancing: Requests are distributed in the instances of node of ELB.

ALB	NLB	CLB
Enabled by default.	Disabled by default.	Disable by default.
No charges for inter AZ data.	You pay charges for inter AZ data if enabled.	No charges for inter AZ data if enabled.

Load Balancer – SSL Certificates:

uses X.509 certificates. Can manage certificates using ACM. Can upload your own certificates. Client uses SNI – Server Name Indicator to specify the hostname. It is newer protocol. Works with ALB, NLB and cloudfront. Does not work with CLB.

CLB: supports only one SSL certificate.

ALB and NLB: supports multiple listner for multiple certificate and uses SNI to make it work.