Section: Exam Notes
Section: Practice Tests
Designing Load-Balanced Solutions
This section maps directly to core exam objectives related to building scalable, highly available, and secure network architectures.
Domain 1: Network Design
Task Statement 1.3: Design solutions that incorporate load balancing to achieve high availability, scalability, and security.
1. Load Balancing Across OSI Layers (Layers 3, 4, and 7)
OSI Model Perspective on Load Balancing
| OSI Layer | Load Balancer Category | Core Function | AWS Example |
|---|---|---|---|
| Layer 3 (Network) | Routing-based load balancing | Routes traffic based on IP addressing | AWS Global Accelerator |
| Layer 4 (Transport) | TCP/UDP load balancing | Distributes traffic using IP and port | Network Load Balancer (NLB) |
| Layer 7 (Application) | HTTP/HTTPS load balancing | Routes requests using headers, paths, or cookies | Application Load Balancer (ALB) |
Layer 3 focuses on network-level routing, Layer 4 optimizes connection-based traffic, and Layer 7 enables application-aware routing decisions.
Exam Tips
- Clearly distinguish Layer 3, Layer 4, and Layer 7 load balancing.
- Remember that AWS Global Accelerator operates at Layer 3 for optimized global routing.
- Know that ALB supports advanced routing and TLS termination at Layer 7.
- Recognize NLB as the best choice for ultra-low latency, high-throughput workloads.
2. AWS Load Balancer Types and Common Use Cases
| Load Balancer | OSI Layer | Primary Use Case |
|---|---|---|
| Application Load Balancer (ALB) | Layer 7 | Web applications, APIs, microservices |
| Network Load Balancer (NLB) | Layer 4 | High-performance, real-time, TCP/UDP workloads |
| Classic Load Balancer (CLB) | Layer 4 & 7 | Legacy applications (not recommended for new designs) |
| Gateway Load Balancer (GWLB) | Layer 3 | Traffic distribution across security appliances |
Feature Comparison
| Feature | ALB | NLB | GWLB |
|---|---|---|---|
| Protocols | HTTP/HTTPS | TCP/UDP | GENEVE |
| Latency | Moderate | Very low | Low |
| TLS termination | Supported | Passthrough only | Not supported |
| Ideal workloads | Web & API traffic | Real-time, high-scale traffic | Firewalls, IDS/IPS |
Exam Tips
- Use ALB for application-aware routing.
- Use NLB for high-throughput and low-latency traffic.
- Associate GWLB exclusively with security appliances and GENEVE encapsulation.
3. Connectivity and Deployment Patterns
| Pattern | Description |
|---|---|
| Internal ALB/NLB | Handles private traffic within a VPC |
| Internet-facing ALB/NLB | Exposes applications to the public internet |
| Multi-region load balancing | Uses AWS Global Accelerator for optimal routing |
| Hybrid load balancing | Uses Route 53 to distribute traffic between on-premises and AWS |
Exam Tips
- Know when to deploy internal versus internet-facing load balancers.
- Recognize Global Accelerator as the preferred solution for cross-region performance.
- Understand Route 53’s role in hybrid and DNS-based routing.
4. Scaling Characteristics of AWS Load Balancers
Key Scaling Considerations
- ALB scales automatically based on incoming request volume.
- NLB scales elastically but requires correct subnet configuration.
- Cross-Zone Load Balancing
- Enabled by default on ALB.
- Disabled by default on NLB but can be enabled for multi-AZ traffic distribution.
Connection Handling
- ALB supports millions of requests per second.
- NLB supports millions of concurrent connections with minimal latency.
- GWLB scales dynamically alongside deployed security appliances.
Exam Tips
- Understand default cross-zone behavior for ALB and NLB.
- Recognize NLB as the optimal choice for massive connection volumes.
5. Integration with Other AWS Services
| AWS Service | Purpose |
|---|---|
| AWS Global Accelerator | Routes users to the nearest healthy ALB or NLB |
| Amazon CloudFront | Caches content before it reaches the load balancer |
| AWS WAF | Protects ALB and CloudFront from Layer 7 attacks |
| Amazon Route 53 | DNS-based traffic distribution and failover |
| Amazon EKS (Load Balancer Controller) | Automates ALB/NLB provisioning for Kubernetes |
| AWS Certificate Manager (ACM) | Manages TLS certificates |
Exam Tips
- Know how AWS WAF integrates with ALB for application-layer protection.
- Understand CloudFront’s role in reducing load on ALB/NLB.
- Be comfortable configuring ACM for TLS on ALB.
6. Load Balancer Configuration Options
| Configuration | Description | Typical Use |
|---|---|---|
| Proxy Protocol | Preserves client source IP | NLB backends requiring client IP |
| Cross-Zone Load Balancing | Evenly distributes traffic across AZs | High-availability designs |
| Sticky Sessions | Maintains session affinity | Stateful web applications |
| Routing Algorithms | Round-robin, least outstanding requests | Backend performance optimization |
Exam Tips
- Use Proxy Protocol with NLB when source IP visibility is required.
- Understand when sticky sessions are necessary and when to avoid them.
7. Target Group Configuration
| Target Type | Supported Load Balancer | Use Case |
|---|---|---|
| EC2 instances | ALB, NLB | Traditional compute workloads |
| IP addresses | ALB, NLB | Containers, on-prem targets |
| Lambda functions | ALB only | Serverless backends |
| GENEVE targets | GWLB | Security appliance integration |
Exam Tips
- Remember that only ALB supports Lambda targets.
- Associate GENEVE exclusively with Gateway Load Balancer.
8. Load Balancing for Kubernetes (Amazon EKS)
The AWS Load Balancer Controller integrates ALB and NLB with Amazon EKS. It automatically provisions load balancers based on Kubernetes service or ingress definitions and supports advanced HTTP routing through ALB-based Ingress resources.
Exam Tips
- Know how ALB Ingress works with EKS.
- Understand automatic provisioning through the Load Balancer Controller.
9. Encryption and Authentication Strategies
| Feature | Description |
|---|---|
| TLS termination | ALB decrypts traffic at the load balancer |
| TLS passthrough | NLB forwards encrypted traffic to backends |
| Mutual TLS (mTLS) | Both client and server authenticate each other |
Exam Tips
- ALB supports TLS termination; NLB supports passthrough.
- Recognize mTLS as a higher-security authentication model.
Key Exam Strategies
Approach Scenario-Based Questions Methodically
- Determine whether Layer 4 or Layer 7 load balancing is required.
- Look for global or hybrid keywords to differentiate Global Accelerator from Route 53.
Selecting the Right Load Balancer
| Requirement | Recommended Service |
|---|---|
| Web and API traffic | Application Load Balancer |
| High-performance, real-time traffic | Network Load Balancer |
| Multi-region failover | AWS Global Accelerator |
| Security appliance traffic | Gateway Load Balancer |
Final Exam Checklist
- Understand the roles of ALB, NLB, GWLB, and Global Accelerator.
- Know how load balancers integrate with Auto Scaling.
- Be able to combine load balancers with Route 53, CloudFront, and AWS WAF.
- Clearly distinguish TLS termination from TLS passthrough.
