SAABlog
KOEN
NetworkingIntermediate

ALB vs NLB vs GLB vs CLB: Which Load Balancer Should You Choose?

ALB for HTTP/HTTPS apps, NLB for TCP/UDP high-performance workloads, GLB for security appliances. Master ELB type differences for SAA-C03 exam.

PHILOLAMB-Updated: January 31, 2026
ELBALBNLBGLBLoad Balancer

Related Exam Domains

  • Domain 2: Design Resilient Architectures

Key Takeaway

ALB is for HTTP/HTTPS web applications (L7), NLB is for TCP/UDP high-performance workloads (L4), GLB is for third-party security appliances. Choose ALB for web/API services, NLB when you need ultra-low latency or static IPs, GLB for firewall/IDS integration. CLB is legacy and not recommended for new deployments.

Exam Tip

Exam Essential: ALB = L7 + HTTP + path routing, NLB = L4 + TCP/UDP + static IP + low latency, GLB = security appliances

What are AWS Load Balancers?

Elastic Load Balancing (ELB) is a service that automatically distributes incoming traffic across multiple targets (EC2, containers, Lambda, etc.). It provides high availability and fault tolerance with 4 types available.

Client Request → Load Balancer → Target Group (EC2, Containers, Lambda)
                      ↓
              Health Check excludes unhealthy instances

ELB 4 Types at a Glance

ComparisonALBNLBGLBCLB
OSI LayerLayer 7Layer 4Layer 3Layer 4/7
ProtocolHTTP, HTTPS, gRPCTCP, UDP, TLSIPTCP, HTTP, HTTPS
Latency~10ms~100μs (ultra-low)-Medium
Static IP
Path-based Routing
Host-based Routing
Lambda Target
PrivateLink
Released2016201720202009
Recommended✅ Yes✅ Yes✅ Yes❌ Legacy

Application Load Balancer (ALB)

What is ALB?

ALB operates at OSI Layer 7 (application layer). It understands HTTP/HTTPS traffic and can route based on URL paths, host headers, HTTP headers, and more.

Key Features

1. Path-based Routing

example.com/api/*    → API server target group
example.com/images/* → Image server target group
example.com/*        → Web server target group

2. Host-based Routing

api.example.com  → API target group
www.example.com  → Web target group

3. Various Target Types

  • EC2 instances
  • IP addresses (including on-premises)
  • Lambda functions
  • ECS/EKS containers

ALB Ideal Workloads

  • Web applications (HTTP/HTTPS)
  • Microservices architecture
  • Container-based applications (ECS, EKS)
  • API Gateway alternative
  • Lambda function invocation

Exam Tip

Exam Pattern: "In a microservices setup, route /users to User Service and /orders to Order Service?" → ALB path-based routing

Network Load Balancer (NLB)

What is NLB?

NLB operates at OSI Layer 4 (transport layer) and provides ultra-high-performance load balancing at the TCP/UDP protocol level. It can handle millions of requests per second with less than 100 microseconds latency.

Key Features

1. Static IP Addresses

  • One static IP per AZ
  • Elastic IP attachable
  • Useful for firewall whitelisting

2. Ultra-low Latency

  • ~100x lower latency than ALB
  • Millions of requests per second

3. Source IP Preservation

  • Maintains client's original IP address
  • No X-Forwarded-For header needed

4. Long-lived TCP Connections

  • WebSocket
  • Database connections
  • Game servers

NLB Ideal Workloads

  • Real-time game servers (UDP)
  • IoT device connections
  • Financial trading systems (ultra-low latency)
  • Media streaming
  • VoIP services
  • Services requiring static IPs
  • Direct TCP/UDP protocol usage

Exam Tip

Exam Pattern: "Customer needs to whitelist specific IPs. Which load balancer?" → NLB (provides static IP)

Gateway Load Balancer (GLB)

What is GLB?

GLB operates at Layer 3 (network layer) and is used to deploy and scale third-party virtual appliances (firewalls, IDS/IPS, etc.).

Key Features

1. Transparent Network Gateway

  • All traffic passes through appliances
  • Single entry/exit point

2. Auto Scaling

  • Scale appliances based on traffic
  • Health Check excludes failed appliances

3. GENEVE Protocol

  • Encapsulates original packets
  • Returns after appliance inspection

GLB Ideal Workloads

  • Third-party firewalls (Palo Alto, Fortinet, etc.)
  • Intrusion Detection/Prevention Systems (IDS/IPS)
  • Deep Packet Inspection (DPI)
  • Network monitoring

Exam Tip

Exam Pattern: "Inspect all VPC traffic through third-party firewall appliances?" → Gateway Load Balancer

Classic Load Balancer (CLB)

What is CLB?

CLB is AWS's original load balancer (2009) that provides basic load balancing at both Layer 4 and Layer 7. Not recommended for new deployments.

CLB Limitations

  • No path/host-based routing
  • Limited WebSocket support
  • Single SSL certificate only
  • No container targets

AWS recommends migrating from CLB to ALB or NLB:

  • HTTP/HTTPS → ALB
  • TCP/UDP → NLB

ALB vs NLB: When to Choose Which?

Selection Criteria Summary

RequirementChoice
HTTP/HTTPS trafficALB
URL path-based routingALB
Host-based routingALB
Lambda function invocationALB
gRPC protocolALB
TCP/UDP trafficNLB
Static IP address neededNLB
Ultra-low latency requiredNLB
Millions of requests/secNLB
Source IP preservationNLB
WebSocket (long-lived)NLB

Real-World Scenario Selection

Scenario 1: Web Application

Requirement: HTTP/HTTPS traffic, separate /api and /web routing
→ ALB (path-based routing)

Scenario 2: Online Gaming

Requirement: UDP protocol, ultra-low latency, massive concurrent connections
→ NLB (L4, UDP support, high performance)

Scenario 3: Microservices

Requirement: Different URL paths per service, ECS containers
→ ALB (path-based routing, container support)

Scenario 4: Financial Trading System

Requirement: TCP, ultra-low latency, fixed IP for partner integration
→ NLB (static IP, ultra-low latency)

Scenario 5: Security Inspection

Requirement: Route all traffic through third-party firewall
→ GLB (appliance integration)

ELB Common Features

Features available across all ELB types:

FeatureDescription
Health CheckMonitor target status, exclude unhealthy targets
High AvailabilityAuto-distribute across multiple AZs
Auto Scaling IntegrationAutomatic integration with EC2 Auto Scaling
SSL/TLS TerminationHandle encryption at load balancer
CloudWatch MetricsPerformance monitoring
Access LogStore request logs in S3
Connection DrainingRemove instances after completing existing connections

SAA-C03 Exam Focus Points

  1. ALB vs NLB selection: HTTP → ALB, TCP/UDP → NLB
  2. Static IP requirement: Only NLB supports static IP and Elastic IP
  3. Path-based routing: Only ALB supports
  4. Lambda targets: Only ALB supports
  5. GLB use case: Third-party security appliances
  6. CLB migration: ALB/NLB recommended for new deployments

Exam Tip

Sample Exam Question: "An application needs to route /api path traffic to API servers and /web path to web servers. What is the most appropriate solution?" → Answer: ALB path-based routing (NLB is L4 and cannot recognize URL paths)

Frequently Asked Questions

Q: Which is faster, ALB or NLB?

NLB is much faster. NLB operates at Layer 4, forwarding packets directly with ~100 microseconds latency. ALB parses HTTP at Layer 7, taking ~10 milliseconds.

Q: Can I use static IP with ALB?

Not directly. ALB only provides dynamic IPs. If you need static IPs, place NLB in front of ALB, or use Global Accelerator.

Q: Can I use ALB and NLB together on one load balancer?

Yes. NLB → ALB configuration lets you use both static IPs and L7 routing. This pattern is useful when combining PrivateLink with ALB.

Q: Which load balancer should I use for WebSocket?

Both support it. ALB natively supports WebSocket, and NLB handles it as TCP connections. NLB may be more suitable for long-lived connections.

Q: Can I continue using CLB?

Technically yes, but not recommended. AWS only adds new features to ALB/NLB and recommends migrating from CLB. The console provides a migration wizard.

Q: What is Cross-Zone Load Balancing?

A feature that distributes traffic evenly across all targets in all AZs. ALB has it enabled by default (free), NLB has it disabled by default (enabling incurs inter-AZ data transfer costs).

References