Introduction
Load balancing is essential for building scalable, available cloud applications. It distributes traffic across multiple resources, improves response times, and provides resilience against failures. Modern load balancers offer sophisticated traffic management capabilities beyond simple distribution.
Understanding load balancing options and their appropriate use cases is crucial for architects and engineers. The right load balancing strategy improves performance, enables high availability, and supports modern deployment patterns like blue-green and canary releases.
This comprehensive guide examines load balancing across major cloud providers. We explore types of load balancers, configuration patterns, traffic management strategies, and operational considerations. Whether designing your first load-balanced architecture or optimizing existing deployments, this guide provides the knowledge necessary for success.
Understanding Load Balancer Types
Cloud providers offer multiple load balancer types, each optimized for different use cases.
Load Balancer Types Comparison
| Type | Layer | Use Case | Key Features |
|---|---|---|---|
| Application Load Balancer (ALB) | Layer 7 | HTTP/HTTPS | Path routing, host-based routing, SSL termination |
| Network Load Balancer (NLB) | Layer 4 | TCP/UDP | High performance, static IP, cross-zone |
| Gateway Load Balancer | Layer 3/4 | Traffic inspection | Inline security, firewalling |
| Classic Load Balancer | Layer 4/7 | Legacy | Basic distribution, deprecated |
Application Load Balancer
ALB operates at layer 7, enabling sophisticated routing based on HTTP/HTTPS properties.
ALB Configuration
# AWS Application Load Balancer
resource "aws_lb" "main" {
name = "main-alb"
internal = false
load_balancer_type = "application"
security_groups = [aws_security_group.alb.id]
subnets = [aws_subnet.public_1a.id, aws_subnet.public_2a.id]
enable_deletion_protection = true
tags = {
Name = "main-alb"
}
}
resource "aws_lb_target_group" "web" {
name = "web-tg"
port = 80
protocol = "HTTP"
vpc_id = aws_vpc.main.id
health_check {
enabled = true
healthy_threshold = 2
unhealthy_threshold = 2
timeout = 5
interval = 30
path = "/health"
matcher = "200"
}
}
resource "aws_lb_listener" "front_end" {
load_balancer_arn = aws_lb.main.arn
port = "443"
protocol = "HTTPS"
ssl_policy = "ELBSecurityPolicy-2016-08"
certificate_arn = aws_acm_certificate.cert.arn
default_action {
type = "forward"
target_group_arn = aws_lb_target_group.web.arn
}
}
ALB Routing Rules
# ALB Listener Rules
resource "aws_lb_listener_rule" "api" {
listener_arn = aws_lb_listener.front_end.arn
priority = 100
action {
type = "forward"
target_group_arn = aws_lb_target_group.api.arn
}
condition {
path_pattern {
values = ["/api/*"]
}
}
}
resource "aws_lb_listener_rule" "static" {
listener_arn = aws_lb_listener.front_end.arn
priority = 200
action {
type = "forward"
target_group_arn = aws_lb_target_group.static.arn
}
condition {
host_header {
values = ["static.example.com"]
}
}
}
Azure Application Gateway
# Azure Application Gateway
$appgw = @{
ResourceGroupName = 'rg-app'
Name = 'appgw'
Sku = @{
Name = 'Standard_v2'
Tier = 'Standard_v2'
Capacity = 2
}
GatewayIPConfigurations = @{
Name = 'gateway-ip'
SubnetId = '/subscriptions/sub-id/resourceGroups/rg-app/providers/Microsoft.Network/virtualNetworks/vnet/subnets/appgw-subnet'
}
FrontendIPConfigurations = @{
Name = 'public-ip'
PublicIPAddressId = '/subscriptions/sub-id/Microsoft.Network/publicIPAddresses/appgw-pip'
}
BackendAddressPools = @{
Name = 'backend-pool'
BackendAddresses = @(
@{ IpAddress = '10.0.1.5' },
@{ IpAddress = '10.0.1.6' }
)
}
BackendHttpSettings = @{
Name = 'http-settings'
Port = 80
Protocol = 'Http'
CookieBasedAffinity = 'Disabled'
}
HttpListeners = @{
Name = 'http-listener'
FrontendIPConfigurationId = $appgw.FrontendIPConfigurations[0].Id
FrontendPortId = $appgw.FrontendPorts[0].Id
Protocol = 'Http'
}
RequestRoutingRules = @{
Name = 'routing-rule'
RuleType = 'Basic'
HttpListenerId = $appgw.HttpListeners[0].Id
BackendAddressPoolId = $appgw.BackendAddressPools[0].Id
BackendHttpSettingsId = $appgw.BackendHttpSettings[0].Id
}
}
New-AzApplicationGateway @appgw
Network Load Balancer
NLB operates at layer 4, providing ultra-low latency and high throughput for TCP/UDP traffic.
NLB Configuration
# AWS Network Load Balancer
resource "aws_lb" "main" {
name = "main-nlb"
internal = false
load_balancer_type = "network"
subnets = [aws_subnet.public_1a.id, aws_subnet.public_2a.id]
enable_deletion_protection = true
tags = {
Name = "main-nlb"
}
}
resource "aws_lb_target_group" "tcp" {
name = "tcp-tg"
port = 443
protocol = "TCP"
vpc_id = aws_vpc.main.id
health_check {
enabled = true
healthy_threshold = 2
unhealthy_threshold = 2
timeout = 10
interval = 30
protocol = "TCP"
}
}
resource "aws_lb_listener" "tcp" {
load_balancer_arn = aws_lb.main.arn
port = "443"
protocol = "TLS"
ssl_policy = "ELBSecurityPolicy-TLS13-1-2-2021-06"
certificate_arn = aws_acm_certificate.cert.arn
default_action {
type = "forward"
target_group_arn = aws_lb_target_group.tcp.arn
}
}
NLB with Static IP
# NLB with Elastic IP
resource "aws_lb" "main" {
name = "main-nlb"
load_balancer_type = "network"
subnets = [aws_subnet.public_1a.id]
# Preserve source IP
enable Preserve_source_ip = true
tags = {
Name = "main-nlb"
}
}
# Global Accelerator for static anycast IPs
resource "aws_globalaccelerator_accelerator" "main" {
name = "main-accelerator"
ip_address_type = "IPV4"
enabled = true
}
resource "aws_globalaccelerator_listener" "tcp" {
accelerator_arn = aws_globalaccelerator_accelerator.main.id
protocol = "TCP"
port_range {
from_port = 443
to_port = 443
}
default_action {
type = "forward"
target_group_arn = aws_lb_target_group.main.arn
}
}
Traffic Management Patterns
Modern applications require sophisticated traffic distribution beyond simple round-robin.
Weighted Routing
# Weighted target groups for canary deployment
resource "aws_lb_target_group" "canary" {
name = "canary-tg"
port = 80
protocol = "HTTP"
vpc_id = aws_vpc.main.id
}
resource "aws_lb_listener_rule" "weighted" {
listener_arn = aws_lb_listener.main.arn
priority = 100
action {
type = "forward"
target_group_arn = aws_lb_target_group.production.arn
# Weight: 90% to production
forward {
target_group {
arn = aws_lb_target_group.production.arn
weight = 90
}
target_group {
arn = aws_lb_target_group.canary.arn
weight = 10
}
}
}
condition {
http_request_method {
values = ["GET"]
}
}
}
Geolocation Routing
# Route based on user location
resource "aws_lb_listener_rule" "eu" {
listener_arn = aws_lb_listener.main.arn
priority = 100
action {
type = "forward"
target_group_arn = aws_lb_target_group.eu.arn
}
condition {
geo_match {
country_codes = ["DE", "FR", "IT", "ES", "NL", "BE"]
}
}
}
resource "aws_lb_listener_rule" "na" {
listener_arn = aws_lb_listener.main.arn
priority = 200
action {
type = "forward"
target_group_arn = aws_lb_target_group.na.arn
}
condition {
geo_match {
country_codes = ["US", "CA", "MX"]
}
}
}
Header-Based Routing
# Route based on custom headers
resource "aws_lb_listener_rule" "mobile" {
listener_arn = aws_lb_listener.main.arn
priority = 100
action {
type = "forward"
target_group_arn = aws_lb_target_group.mobile.arn
}
condition {
http_header {
http_header_name = "X-Client-Type"
values = ["mobile", "ios", "android"]
}
}
}
Health Checks
Health checks ensure traffic routes only to healthy instances.
# Advanced health check configuration
resource "aws_lb_target_group" "web" {
name = "web-tg"
port = 80
protocol = "HTTP"
vpc_id = aws_vpc.main.id
health_check {
enabled = true
healthy_threshold = 3
unhealthy_threshold = 3
timeout = 5
interval = 30
path = "/health"
method = "GET"
matcher = "200,201,202"
# Expected HTTP response codes for health
response_code_matcher = "200"
}
# Slow start for new instances
slow_start = 30
# Connection termination
deregistration_delay = 300
tags = {
Name = "web-tg"
}
}
High Availability Patterns
graph TB
subgraph "Multi-Region HA"
User[User] --> Global[Global Accelerator]
subgraph "Region A (Primary)"
ALB_A[ALB]
ASG_A[Auto Scaling Group]
ALB_A --> ASG_A
end
subgraph "Region B (Failover)"
ALB_B[ALB]
ASG_B[Auto Scaling Group]
ALB_B --> ASG_B
end
Global --> ALB_A
Global -.->|Health Check Fail| ALB_B
end
Failover Configuration
# Route 53 failover configuration
resource "aws_route53_record" "primary" {
zone_id = aws_route53_zone.main.zone_id
name = "www.example.com"
type = "A"
failover_routing_policy {
type = "PRIMARY"
}
set_identifier = "primary"
health_check_id = aws_route53_health_check.primary.id
alias {
name = aws_lb.primary.dns_name
zone_id = aws_lb.primary.zone_id
evaluate_target_health = true
}
}
resource "aws_route53_record" "secondary" {
zone_id = aws_route53_zone.main.zone_id
name = "www.example.com"
type = "A"
failover_routing_policy {
type = "SECONDARY"
}
set_identifier = "secondary"
alias {
name = aws_lb.secondary.dns_name
zone_id = aws_lb.secondary.zone_id
evaluate_target_health = true
}
}
SSL/TLS Management
# ALB with SSL/TLS
resource "aws_lb_listener" "https" {
load_balancer_arn = aws_lb.main.arn
port = "443"
protocol = "HTTPS"
ssl_policy = "ELBSecurityPolicy-2023-01"
certificate_arn = aws_acm_certificate.cert.arn
default_action {
type = "forward"
target_group_arn = aws_lb_target_group.web.arn
}
# Mutual TLS (mTLS)
authentication {
certificate_authority_arns = [aws_acm_certificate.ca.arn]
}
}
Monitoring and Troubleshooting
# CloudWatch metrics for ALB
aws cloudwatch get-metric-statistics \
--namespace AWS/ApplicationELB \
--metric-name TargetResponseTime \
--start-time 2026-03-01T00:00:00Z \
--end-time 2026-03-05T00:00:00Z \
--period 3600 \
--statistics Average,Maximum \
--dimensions Name=LoadBalancer,Value=app/main/50dc6c495c0c9188
Key Metrics
| Metric | Description | Alert Threshold |
|---|---|---|
| TargetResponseTime | Time from LB to target | > 1 second |
| HealthyHostCount | Number of healthy targets | < 2 |
| UnhealthyHostCount | Number of unhealthy targets | > 0 |
| RequestCount | Total requests | Trend analysis |
| TargetConnectionErrorCount | Connection errors | > 0 |
Conclusion
Load balancing is fundamental to building available, scalable cloud applications. Understanding the different load balancer types—Application Load Balancer for HTTP/HTTPS traffic, Network Load Balancer for high-performance TCP/UDP—enables appropriate architecture decisions.
Key capabilities including sophisticated routing rules, health checks, and traffic management patterns support modern deployment strategies like canary releases and blue-green deployments. Combined with monitoring and observability, these tools enable resilient, manageable architectures.
Invest time in understanding load balancing options and configuring appropriate health checks. The result is more available, performant applications that gracefully handle failures and support modern deployment practices.
Resources
- AWS Application Load Balancer
- AWS Network Load Balancer
- Azure Load Balancer
- GCP Cloud Load Balancing
Comments