🔁 1. Application Load Balancer (ALB)
Feature | Details |
Best for | HTTP/HTTPS traffic (Layer 7) |
Protocol | HTTP, HTTPS |
Routing | Path-based (/api/*), host-based (api.example.com) |
Target Types | EC2, ECS, Lambda, IP |
Use Case Examples | Microservices, REST APIs, web apps |
✅ Use Cases
Route /login to one service, /admin to another
Forward traffic to different target groups based on subdomain or header
Integrate with WAF, OIDC (Cognito/Auth0), and WebSockets
🌐 2. Network Load Balancer (NLB)
Feature | Details |
Best for | TCP/UDP traffic at high throughput and low latency (Layer 4) |
Protocol | TCP, TLS, UDP |
Routing | IP + Port-based |
Target Types | EC2, IP, ALB (TLS passthrough) |
Use Case Examples | Real-time trading, VoIP, database proxies |
✅ Use Cases
Expose a PostgreSQL database using NLB with static IP
Load balance MQTT or financial FIX protocol
Serve millions of requests/sec with extremely low latency
📦 3. Classic Load Balancer (CLB) (Legacy)
Feature | Details |
Best for | Basic load balancing (Layer 4 + 7) |
Protocol | HTTP, HTTPS, TCP, SSL |
Target Types | EC2 only |
Use Case Examples | Legacy monolith applications |
⚠️ Avoid New Use
Only use for legacy apps where re-architecture isn’t possible.
🧠 Comparison Summary Table
Feature | ALB | NLB | CLB |
Layer | 7 (App) | 4 (Transport) | 4 & 7 |
Protocols | HTTP, HTTPS | TCP, UDP, TLS | HTTP, HTTPS, TCP, SSL |
Content Routing | ✅ Yes | ❌ No | Partial |
Sticky Sessions | ✅ (Cookie) | ✅ (IP Hash) | ✅ |
WAF Support | ✅ Yes | ❌ No | ❌ |
Lambda Targets | ✅ Yes | ❌ No | ❌ |
Static IP Support | ❌ | ✅ | ❌ |
Performance | Good | Extreme | Moderate |
IPv6 | ✅ | ✅ | ❌ |
💡 Real-World Use Case Mapping
Use Case | Load Balancer Type |
Public web app with HTTPS & login | ALB |
Real-time TCP-based financial services | NLB |
Internal REST APIs in microservices | ALB (internal) |
GRPC, WebSocket, or TLS passthrough | NLB |
Legacy app with HTTP & TCP mix | CLB |
Trigger Lambda from HTTP requests | ALB |
🔐 Integration Tips
Use ALB + AWS WAF for web security
Use NLB + VPC Link for private API Gateway
Use Internal ALB for intra-VPC microservice routing
ALB supports OIDC authentication (e.g., Cognito) natively