How to configure the Application Load Balancer | Somesh Srivastava

Shape Image One
How to configure the Application Load Balancer | Somesh Srivastava

Type Target Group for Network Load Balancer

While Application Load Balancer (ALB)has advanced routing features like query string, path, and host-based routing, etc. but the IP addresses of the application load balancer are dynamic in nature, which makes the implementation of use cases difficult, where you need static IPs to be whitelisted in your data center’s firewall or any other use case where you need static IPs to connect to.

As a workaround, to get the private IP address, we front the ALB with the Network Load Balancer (NLB), also implement a Lambda watcher which does the DNS lookup of ALB DNS to get the latest IPs and update the NLB target group. refer to the AWS blog here.

Recently this year, AWS has introduced a new target group type for Network Load Balancer — ‘Application Load Balancer’. This new feature allows you to directly register an ALB as an NLB target, eliminating the need to actively manage changing ALB IP addresses.

You can now easily combine the benefits of NLB, including PrivateLink and zonal static IP addresses, with the advanced routing offered by ALB to load balance traffic to your applications.

There are a few things to keep in mind when making use of this feature:

  1. TLS listeners on Network Load Balancers cannot forward to ALB-type target groups. If you have a use case to terminate TLS, we recommend using HTTPS listeners on your ALB.
  2. You are only able to configure a single ALB in an ALB-type target group for NLB.
  3. You can associate an Application Load Balancer as a target of a maximum of two Network Load Balancers. To do this, the Application Load Balancer must reside in separate target groups, and be assigned to two different Network Load Balancers.
  4. The communication between an NLB and ALB only happens over IPv4 even though you can configure dualstack scheme for your ALB.
  5. You are unable to delete an ALB while it’s registered behind an NLB. The ALB will first have to be removed from the ALB Target Group to break the dependency.
  6. AWS strongly recommend that ALB target Availability Zones match those enabled for your NLB to optimize availability, scaling, and performance.
  7. ALB (Internet-facing or internal) and NLB (Internet-facing or internal) must be in the same VPC and same account when using the ALB-type target group.
  8. If ALB (Internet-facing or internal) and NLB (Internet-facing or internal) are in different accounts or different VPC’s, then please refer to the AWS Lambda based solution described.
  9. AWS recommend that you keep the cross-zone load balancing attribute on NLB disabled (default option) for better performance and to prevent cross-zone data transfer charges.

Leave a Reply

Your email address will not be published. Required fields are marked *