MultiCloud Classroom notes 20/June/2026

Load Balancing in AWS

1. Layer 4 Load Balancing

AWS provides a Network Load Balancer (NLB) which operates at Layer 4 of the OSI model.

What Layer 4 understands:

Attribute Detail
IP Source/Destination IP address
Protocol TCP / UDP
Ports Port numbers (e.g., 80, 443)

Layer 4 does not inspect HTTP headers, paths, or cookies — that’s Layer 7 (ALB).

Key Characteristics:

  • AWS load balancers can be internal (private) or external (public)
  • AWS supports Auto Scaling Groups — instances can be added/removed dynamically based on load
  • Load balancers forward requests only to healthy EC2 instances using health checks

2. Core Concepts

Target Group

  • A logical grouping of EC2 instances that receive traffic from the load balancer
  • Instances can be scattered across multiple subnets within a VPC
  • Health checks are configured at the target group level

Load Balancer Components

Component Description
Target Group Set of backend EC2 instances
Listener Rules that define how traffic is routed (protocol + port)

Health Checks

  • NLB periodically checks each target in the target group
  • Only healthy instances receive traffic
  • Unhealthy instances are automatically taken out of rotation

3. Lab: End-to-End NLB Setup

Architecture Overview

Internet
    │
    ▼
[Network Load Balancer]  ← external, public
    │           │
    ▼           ▼
[EC2 - AZ-1] [EC2 - AZ-2]   ← no public IP
 (Subnet-1)   (Subnet-2)
    └─────┬─────┘
          │
        [VPC]
   (2 public subnets)

Step 1: Create a Custom AMI with Nginx Website

Launch a base Ubuntu EC2 instance and run:

sudo apt update
sudo apt install nginx unzip -y

# Download and deploy a sample website
cd /tmp
wget https://templatemo.com/tm-zip-files-2020/templatemo_604_christmas_piano.zip
unzip templatemo_604_christmas_piano.zip
cd templatemo_604_christmas_piano
sudo cp -R . /var/www/html/
  • Verify: Access http://<public-ip> — website should load
  • Once verified, create an AMI from this instance
  • After AMI is ready, delete the EC2 instance (AMI retains the snapshot)

Step 2: Create VPC and Networking

  1. Create a VPC with 2 public subnets (in different Availability Zones)
  2. Attach an Internet Gateway to the VPC
  3. Update route tables so both subnets route 0.0.0.0/0 → Internet Gateway
  4. Create a Security Group that allows:
Type Protocol Port Source
HTTP TCP 80 0.0.0.0/0

Step 3: Launch Two EC2 Instances (No Public IP)

  • Use the custom AMI created in Step 1
  • Launch one instance per subnet (Subnet-1 and Subnet-2)
  • Set Auto-assign Public IP → Disabled (instances are private, accessed only via LB)
  • Attach the security group created above

Step 4: Create a Target Group

  1. Go to EC2 → Target Groups → Create Target Group
  2. Settings:
    • Target type: Instances
    • Protocol: TCP
    • Port: 80
    • VPC: Select the VPC created above
  3. Health check:
    • Protocol: TCP (or HTTP)
    • Port: 80
  4. Register both EC2 instances as targets
  5. Verify targets show healthy status

Step 5: Create a Network Load Balancer

  1. Go to EC2 → Load Balancers → Create Load Balancer → Network Load Balancer
  2. Settings:
    • Scheme: Internet-facing (external/public)
    • IP address type: IPv4
    • VPC: Select the VPC
    • Mappings: Select both subnets (one per AZ)
  3. Listener:
    • Protocol: TCP
    • Port: 80
    • Forward to: Target Group created in Step 4
  4. Review and Create

Step 6: Verify

  • Copy the DNS name of the NLB (e.g., my-nlb-xxxx.elb.amazonaws.com)
  • Access http://<NLB-DNS> in a browser
  • Traffic is distributed between the two private EC2 instances
  • Stop one instance → NLB health check marks it unhealthy → traffic routes to remaining instance

4. Internal vs External Load Balancer

Type Scheme Use Case
External (Internet-facing) Public Accepts traffic from the internet
Internal (Private) Private Traffic between internal services (microservices, backend)

5. NLB vs ALB — Quick Comparison

Feature NLB (Layer 4) ALB (Layer 7)
OSI Layer 4 7
Protocol TCP/UDP HTTP/HTTPS
Routing IP + Port URL path, headers, host
Use case High-performance, low latency Web apps, microservices
Static IP Yes No
TLS termination Yes Yes

6. Task

Repeat the entire lab end-to-end:

  1. Create custom AMI with nginx
  2. Set up VPC with 2 public subnets
  3. Launch 2 EC2 instances (no public IP) using the AMI
  4. Create Target Group and register instances
  5. Create Network Load Balancer with listener on port 80
  6. Test via NLB DNS — confirm both instances serve traffic

Leave a ReplyCancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Please turn AdBlock off
Animated Social Media Icons by Acurax Wordpress Development Company

Discover more from Direct DevOps from Quality Thought

Subscribe now to keep reading and get access to the full archive.

Continue reading

Exit mobile version
%%footer%%