Application Load Balancer vs Network Load Balancer: Choosing the Right AWS LB for Your Workload
ALB and NLB solve different problems. Using the wrong one adds latency, cost, or complexity. Here's when to use each — and how QuickInfra configures both correctly.
QuickInfra Team
QuickInfra Cloud Solution
AWS offers four types of load balancers. Two of them — ALB and NLB — cover the vast majority of production use cases. Understanding which one to use matters because they operate at different OSI layers, have different performance profiles, and cost differently.
Application Load Balancer (ALB)
ALB operates at Layer 7 (HTTP/HTTPS). It terminates TLS, reads the HTTP request, and routes based on content: URL path, hostname, HTTP headers, query parameters. This is what enables you to run multiple services on a single ALB — /api/* routes to one target group, /static/* routes to another.
ALB supports WebSockets, gRPC, and HTTP/2. It integrates with AWS WAF for application-layer protection. It can authenticate users via Cognito or OIDC before the request reaches your application.
Use ALB for: web applications, REST APIs, microservices that need path-based routing, workloads that benefit from WAF integration.
Network Load Balancer (NLB)
NLB operates at Layer 4 (TCP/UDP). It forwards packets at the transport layer without terminating connections. It doesn't read HTTP headers — it routes based on IP and port. This makes it significantly faster than ALB with lower latency (single-digit milliseconds) and higher throughput.
NLB supports static IPs and can be used as a target for AWS PrivateLink. It handles extreme traffic volumes without warm-up time (ALB needs time to scale capacity).
Use NLB for: TCP applications, UDP workloads (gaming, streaming, IoT), workloads requiring static IPs for firewall whitelisting, PrivateLink endpoints.
QuickInfra's Load Balancer Configuration
QuickInfra provisions ALBs with:
- TLS termination with an ACM certificate
- HTTP to HTTPS redirect on port 80
- Security group restricting inbound to 443 only
- Deletion protection enabled
- Access logging to S3
For NLBs, QuickInfra configures cross-zone load balancing, preserves client IP addresses, and sets appropriate health check configurations for TCP workloads.
Choosing in QuickInfra
When adding a load balancer to an Infrastructure Project, QuickInfra's service selector asks three questions: Do you need content-based routing? Do you need sub-millisecond latency? Do you need a static IP? The answers point to ALB or NLB.
More Posts
View all
AWS Landing Zone with QuickInfra: Multi-Account Architecture Done Right
Connecting Your AWS Cloud Account to QuickInfra in 5 Minutes
