AWS Enhancement: Understanding Load Balancing, Their Types, and SSL Certificates

Rawad HossainRawad Hossain
4 min read

Table of contents

In this blog, we will explore load balancing, types of load balancer and their use cases, SSL certificates, and managing multiple SSLs in SNI. Click here to read the previous blog.

Load Balancing

Suppose you're trying to visit a website that gets a lot of visitors. If the website only had one server handling all visitors, it would get overwhelmed, and the site might crash or become very slow.

To manage this, the website can use multiple servers to handle the traffic. This process of distributing traffic across multiple servers to ensure that no single server bears too much load is known as Load Balancing. This helps maintain the availability, responsiveness, and reliability of applications, improving the user experience.

The load balancing service provided by AWS is called Elastic Load Balancer (ELB) which is designed to automatically distribute incoming traffic across multiple targets, such as Amazon EC2 instances, containers, or IP addresses.

Some Key Features of EBL:

  • Auto Scaling Groups, Amazon ECS

  • AWS Certificate Manager (ACM), CloudWatch

  • Route 53, AWS WAF, AWS Global Accelerator

Types of Load Balancer in AWS

  • Classic Load Balancer - HTTP, HTTPS, and TCP traffic support

  • Application Load Balancer - HTTP and HTTPS traffic, WebSocket support

  • Network Load Balancer - TCP, UDP, and TLS termination

  • Gateway Load Balancer - Operates at layer 3 – IP Protocol

Among them, the Classic Load Balancer is an older generation and is used less frequently, so I won't be writing about it in detail.

Application Load Balancer (ALB)

ALB is specifically designed for distributing incoming traffic across multiple targets, in one or more Availability Zones. It operates at the application Layer 7 (HTTP), enabling it to handle HTTP and HTTPS requests efficiently. This makes it highly suitable for web applications that require advanced routing capabilities and flexibility.

ALB can distribute traffic across multiple Availability Zones and route to multiple target groups. It also performs health checks at the target group level. Additionally, it supports SSL termination and works with AWS security groups to securely manage inbound and outbound traffic.

More details about ALB here.

Network Load Balancer (NLB)

NLB is a high-performance load balancer designed to handle large volumes of traffic at ultra-low latencies. NLB operates at (Layer 4) which makes it highly efficient for handling TCP and UDP traffic, which is often essential for applications requiring extremely low latency or high throughput.

NLB supports static IP addresses per Availability Zone and allows Elastic IP associations, simplifying firewall rule management for enterprises. Additionally, NLB preserves the original client IP, enabling precise client tracking and logging for security and compliance.

More details about NLB here.

Gateway Load Balancer (GWLB)

GWLB is a specialized load balancer designed to simplify the deployment, scaling, and management of network virtual appliances in AWS like Firewalls, Intrusion Detection, Payload manipulation, and deep packet inspection tools.

Gateway Load Balancer operates at Layer 3 (Network Layer) - IP Packets and is ideal for processing traffic flows at scale before it reaches applications or other parts of the network.

More about it here.

SSL (Secure Sockets Layer)

SSL is a security protocol used to establish encrypted connections between a client (e.g., a web browser) and a server (e.g., a website). SSL ensures that any data transmitted between the two remains private and secure.

When a browser connects to a website, the SSL certificate verifies that the website’s identity is legitimate and that users are interacting with the intended site. The newer version of it is called TLS (Transport Layer Security). These certificates are managed by ACM (AWS Certificate Manager).

A simple explanation of how SSL/TLS Certificates work

When we access a site, it can have multiple SSL certificates on a single IP address. To manage this, a newer protocol called SNI (Server Name Indication) is used. It allows a server to host multiple SSL certificates for different domain names on a single IP address and port. However, it only works with ALB and NLB, but CLB lacks SNI support.

An example of SNI is when it manages multiple SSL certificates for different domains.

More details about SSL/TLS here.

This is the end of this blog.

In the next one, we will be learning about Auto Scaling Group (ASG), Amazon RDS and more. Click here to read other articles.

0
Subscribe to my newsletter

Read articles from Rawad Hossain directly inside your inbox. Subscribe to the newsletter, and don't miss out.

BlogsWithCC

Written by

Rawad Hossain
Rawad Hossain