Application Load Balancer (ALB) vs Network Load Balancer (NLB)

Shourya YadavShourya Yadav
5 min read

When building on AWS, managing traffic efficiently is a core requirement. Whether you're deploying a web application, a streaming service, or a high-frequency trading system, load balancing ensures high availability, fault tolerance, and performance.

Two of the most commonly used AWS Load Balancer types are:

  • 🔷 Application Load Balancer (ALB)

  • 🔶 Network Load Balancer (NLB)

But what really sets them apart? Let's break it down in detail — from OSI layers to latency, use cases, and configurations.


What is a Load Balancer?

A Load Balancer distributes incoming network traffic across multiple targets (EC2 instances, containers, IP addresses, Lambda, etc.) to:

  • Prevent server overload

  • Improve responsiveness

  • Ensure fault tolerance

  • Scale horizontally

AWS Elastic Load Balancing (ELB) offers:

  • Application Load Balancer (ALB) – Layer 7

  • Network Load Balancer (NLB) – Layer 4

  • Gateway Load Balancer (GLB) – Layer 3/Transparent

  • (Classic Load Balancer is legacy)

Today, we focus on ALB and NLB.


1. Application Load Balancer (ALB) – The Smart HTTP Router

ALB is Layer 7 in the OSI model — it understands HTTP and HTTPS traffic. This means it can inspect headers, cookies, methods, paths, hostnames, and even query strings.

📌 Features of ALB:

FeatureDetails
LayerL7 (HTTP/HTTPS)
RoutingPath-based, Host-based, Header-based
ProtocolsHTTP, HTTPS, WebSockets, gRPC
Target TypesEC2, IP, Lambda, ECS/EKS services
Health ChecksHTTP/HTTPS with customizable path (e.g., /health)
SSL TerminationYes (with ACM integration or custom certs)
Redirects & Fixed ResponsesSupported
AuthenticationOIDC, Cognito
Load Balancing AlgorithmRound Robin (with stickiness option)

🔄 Real-world Use Cases for ALB:

  1. Microservices-based apps: Route /users to User service, /orders to Order service.

  2. Multi-tenant apps: Different domains for different customers.

  3. Single-page apps (React/Angular): Handle deep linking and fallback routes.

  4. Serverless apps: ALB can directly invoke Lambda functions.

  5. Kubernetes on AWS (EKS): ALB Ingress Controller is widely used.


🧰 Configuration Tips:

  • Set up Target Groups for each microservice or task.

  • Use Listener Rules to define how traffic gets routed.

  • Attach an SSL certificate from ACM for HTTPS traffic.

  • Ensure your app exposes a /health endpoint (important for Target Group health checks!).


⚡️ 2. Network Load Balancer (NLB) – The Ultra-fast Packet Dispatcher

NLB works at Layer 4 – the Transport layer. It doesn't inspect HTTP headers — it simply forwards TCP or UDP packets to targets. It's built for extremely high performance and low latency scenarios.

Features of NLB:

FeatureDetails
LayerL4 (TCP/UDP/TLS)
RoutingPort-based (no path/host logic)
ProtocolsTCP, UDP, TLS (with optional termination)
Target TypesEC2, IP, PrivateLink, ECS
Health ChecksTCP-based or HTTP if needed
TLS TerminationYes (optional)
Preserve Client IPYes (ideal for logging & auditing)
Elastic IP SupportYes (up to 1 per AZ)
Cross-zone Load BalancingOptional

🚀 When to Use NLB:

  1. Gaming or Streaming apps: Where latency and throughput are critical.

  2. IoT or custom TCP apps: That don’t use HTTP.

  3. Financial trading apps: Require static IPs and super-low latency.

  4. Internal load balancing: Between services inside a VPC.

  5. Lift-and-shift legacy apps: That aren’t web-based.


🧰 Configuration Tips:

  • Choose TCP or UDP listeners.

  • You can assign static IPs or Elastic IPs per AZ.

  • Health checks can be just a simple TCP handshake (much faster).


🧾 Comparison Table: ALB vs NLB

FeatureApplication Load Balancer (ALB)Network Load Balancer (NLB)
OSI Layer7 (Application)4 (Transport)
Protocol SupportHTTP, HTTPS, gRPC, WebSocketTCP, UDP, TLS
RoutingPath, Host, HeadersPort/IP-based
SSL TerminationYesYes (optional)
WebSocket SupportYesNo
Sticky SessionsYes (via cookies)No (unless app handles it)
Static IP SupportNoYes
Preserve Source IPNo (X-Forwarded-For needed)Yes
Health ChecksHTTP/HTTPSTCP/HTTP
LatencyLowUltra-low
PricingSlightly higher for L7 featuresLower at L4
Target TypesEC2, IP, Lambda, ECS/EKSEC2, IP, PrivateLink

Interview Insights

  • ALB Target Group Health Checks expect a valid HTTP status (200–399). If you don’t expose a /health endpoint, EC2 will be marked unhealthy.

  • NLB Target Group Health Checks are TCP handshakes unless HTTP is configured.

  • NLB is ideal for hybrid or on-premise integrations via PrivateLink.

  • ALB supports redirects, fixed responses, and even OIDC authentication flows – extremely useful for SaaS platforms.


🧩 Final Thoughts

Both ALB and NLB are powerful, but they solve very different problems.

Use ALB if…
You need smart routing based on URL, host, or headers
Your application uses HTTP, HTTPS, or gRPC
You want SSL termination and path-based routing
You're working with ECS, EKS, or Lambda
Use NLB if…
You need ultra-low latency and high throughput
You want to support TCP/UDP or legacy protocols
You need static IPs or preserve client IPs
You have strict SLA or real-time traffic

0
Subscribe to my newsletter

Read articles from Shourya Yadav directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Written by

Shourya Yadav
Shourya Yadav