ALB vs NLB
ALB (Application Load Balancer) operates at Layer 7 (HTTP/HTTPS) and routes based on URL paths, hostnames, headers, and query strings. NLB (Network Load Balancer) operates at Layer 4 (TCP/UDP/TLS) with ultra-low latency and static IPs.
ALB is a smart mail sorter — reads the address (URL, headers) to decide which bin (target group). NLB is a super-fast conveyor belt — doesn't read labels, just moves massive volume at high speed.
ALB: content-based routing (route /api to one target group, /web to another), supports WebSockets, gRPC, HTTP/2, sticky sessions via cookies, WAF integration, Lambda as a target. NLB: handles millions of requests per second at ultra-low latency, static IPs (one per AZ), preserves source IP, ideal for gaming, IoT, financial trading. NLB supports TLS termination and TCP passthrough. GLB (Gateway Load Balancer) routes traffic through virtual appliances (firewalls, IDS) at Layer 3.
ALB connection draining (deregistration delay) gracefully completes in-flight requests before removing a target — default 300 seconds. NLB's static IP enables whitelisting by clients with strict IP firewall rules. NLB can use Elastic IPs for fixed public addresses. ALB access logs stream to S3; NLB uses Flow Logs. ALB provides native authentication via Cognito or OIDC identity providers. ALB has a hard limit of 100 rules per listener; NLB is simpler (one rule type). For microservices, ALB with path routing replaces a need for many NLBs. ALBs preserve client IP in the X-Forwarded-For header; NLBs preserve it at the TCP layer (no header modification).
ALB for HTTP/HTTPS workloads where I need path-based routing, header inspection, WebSockets, or WAF integration. NLB for TCP/UDP workloads needing ultra-low latency, static IPs, or source IP preservation — databases proxies, gaming servers, financial feeds. NLB is also the choice when clients need to whitelist specific IPs. For most web applications, ALB is the right default.
Using NLB for a web application that needs path-based routing. NLB has no concept of HTTP paths — it routes purely on port/IP. You'd need ALB for URL-based routing.