Application Load Balancer (ALB) vs Network Load Balancer (NLB)

When building on AWS, managing traffic efficiently is a core requirement. Whether you're deploying a web application, a streaming service, or a high-frequency trading system, load balancing ensures high availability, fault tolerance, and performance.
Two of the most commonly used AWS Load Balancer types are:
🔷 Application Load Balancer (ALB)
🔶 Network Load Balancer (NLB)
But what really sets them apart? Let's break it down in detail — from OSI layers to latency, use cases, and configurations.
What is a Load Balancer?
A Load Balancer distributes incoming network traffic across multiple targets (EC2 instances, containers, IP addresses, Lambda, etc.) to:
Prevent server overload
Improve responsiveness
Ensure fault tolerance
Scale horizontally
AWS Elastic Load Balancing (ELB) offers:
Application Load Balancer (ALB) – Layer 7
Network Load Balancer (NLB) – Layer 4
Gateway Load Balancer (GLB) – Layer 3/Transparent
(Classic Load Balancer is legacy)
Today, we focus on ALB and NLB.
1. Application Load Balancer (ALB) – The Smart HTTP Router
ALB is Layer 7 in the OSI model — it understands HTTP and HTTPS traffic. This means it can inspect headers, cookies, methods, paths, hostnames, and even query strings.
📌 Features of ALB:
Feature | Details |
Layer | L7 (HTTP/HTTPS) |
Routing | Path-based, Host-based, Header-based |
Protocols | HTTP, HTTPS, WebSockets, gRPC |
Target Types | EC2, IP, Lambda, ECS/EKS services |
Health Checks | HTTP/HTTPS with customizable path (e.g., /health ) |
SSL Termination | Yes (with ACM integration or custom certs) |
Redirects & Fixed Responses | Supported |
Authentication | OIDC, Cognito |
Load Balancing Algorithm | Round Robin (with stickiness option) |
🔄 Real-world Use Cases for ALB:
Microservices-based apps: Route
/users
to User service,/orders
to Order service.Multi-tenant apps: Different domains for different customers.
Single-page apps (React/Angular): Handle deep linking and fallback routes.
Serverless apps: ALB can directly invoke Lambda functions.
Kubernetes on AWS (EKS): ALB Ingress Controller is widely used.
🧰 Configuration Tips:
Set up Target Groups for each microservice or task.
Use Listener Rules to define how traffic gets routed.
Attach an SSL certificate from ACM for HTTPS traffic.
Ensure your app exposes a
/health
endpoint (important for Target Group health checks!).
⚡️ 2. Network Load Balancer (NLB) – The Ultra-fast Packet Dispatcher
NLB works at Layer 4 – the Transport layer. It doesn't inspect HTTP headers — it simply forwards TCP or UDP packets to targets. It's built for extremely high performance and low latency scenarios.
Features of NLB:
Feature | Details |
Layer | L4 (TCP/UDP/TLS) |
Routing | Port-based (no path/host logic) |
Protocols | TCP, UDP, TLS (with optional termination) |
Target Types | EC2, IP, PrivateLink, ECS |
Health Checks | TCP-based or HTTP if needed |
TLS Termination | Yes (optional) |
Preserve Client IP | Yes (ideal for logging & auditing) |
Elastic IP Support | Yes (up to 1 per AZ) |
Cross-zone Load Balancing | Optional |
🚀 When to Use NLB:
Gaming or Streaming apps: Where latency and throughput are critical.
IoT or custom TCP apps: That don’t use HTTP.
Financial trading apps: Require static IPs and super-low latency.
Internal load balancing: Between services inside a VPC.
Lift-and-shift legacy apps: That aren’t web-based.
🧰 Configuration Tips:
Choose TCP or UDP listeners.
You can assign static IPs or Elastic IPs per AZ.
Health checks can be just a simple TCP handshake (much faster).
🧾 Comparison Table: ALB vs NLB
Feature | Application Load Balancer (ALB) | Network Load Balancer (NLB) |
OSI Layer | 7 (Application) | 4 (Transport) |
Protocol Support | HTTP, HTTPS, gRPC, WebSocket | TCP, UDP, TLS |
Routing | Path, Host, Headers | Port/IP-based |
SSL Termination | Yes | Yes (optional) |
WebSocket Support | Yes | No |
Sticky Sessions | Yes (via cookies) | No (unless app handles it) |
Static IP Support | No | Yes |
Preserve Source IP | No (X-Forwarded-For needed) | Yes |
Health Checks | HTTP/HTTPS | TCP/HTTP |
Latency | Low | Ultra-low |
Pricing | Slightly higher for L7 features | Lower at L4 |
Target Types | EC2, IP, Lambda, ECS/EKS | EC2, IP, PrivateLink |
Interview Insights
ALB Target Group Health Checks expect a valid HTTP status (200–399). If you don’t expose a
/health
endpoint, EC2 will be marked unhealthy.NLB Target Group Health Checks are TCP handshakes unless HTTP is configured.
NLB is ideal for hybrid or on-premise integrations via PrivateLink.
ALB supports redirects, fixed responses, and even OIDC authentication flows – extremely useful for SaaS platforms.
🧩 Final Thoughts
Both ALB and NLB are powerful, but they solve very different problems.
Use ALB if… |
You need smart routing based on URL, host, or headers |
Your application uses HTTP, HTTPS, or gRPC |
You want SSL termination and path-based routing |
You're working with ECS, EKS, or Lambda |
Use NLB if… |
You need ultra-low latency and high throughput |
You want to support TCP/UDP or legacy protocols |
You need static IPs or preserve client IPs |
You have strict SLA or real-time traffic |
Subscribe to my newsletter
Read articles from Shourya Yadav directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by
