AWS core servicesNetworking and storageHigh availability and reliabilityBeginner24 min read

What Is Network Load Balancer in Networking?

Reviewed byJohnson Ajibi· Senior Network & Security Engineer · MSc IT Security
On This Page

Quick Definition

A Network Load Balancer is like a smart traffic cop for your website or application. It sits in front of your servers and decides which one should handle each user request, so no single server gets overwhelmed. This keeps your application running smoothly even during busy times or if a server fails.

Commonly Confused With

Network Load BalancervsApplication Load Balancer

An Application Load Balancer operates at Layer 7 of the OSI model and can inspect HTTP/HTTPS traffic. It supports routing based on URL paths, hostnames, and query strings, and it can terminate SSL and add sticky sessions. In contrast, a Network Load Balancer operates at Layer 4, does not inspect application content, and offers lower latency but no advanced routing features. Use ALB for web applications and NLB for TCP/UDP traffic that needs extreme performance.

For a website with different content at /blog and /shop, use an ALB. For a DNS server or a real-time game using a custom TCP protocol, use an NLB.

Network Load BalancervsClassic Load Balancer

The Classic Load Balancer is the original AWS load balancer and is considered legacy. It operates at both Layer 4 and Layer 7 but with limited features. Unlike the NLB, it does not support static IPs, it does not preserve the client IP by default, and it cannot handle millions of requests per second with the same ultra-low latency. AWS recommends using NLB or ALB instead of CLB for new deployments.

If you are building a new application on AWS, choose NLB or ALB. Only use CLB if you are migrating an old application that already depends on it.

Network Load BalancervsAWS Global Accelerator

Global Accelerator is not a load balancer but a service that improves application performance and availability by directing user traffic to the optimal AWS endpoint (like an NLB or an ALB) based on the user's location and the health of the endpoints. It uses the AWS global network and provides static IP addresses. Unlike an NLB, it does not perform load balancing itself; it just routes traffic to the best load balancer or endpoint. You can use Global Accelerator in front of an NLB to get both static IPs and improved global performance.

Use Global Accelerator when you have users around the world and want to route them to the nearest AWS region. Use an NLB for actually distributing traffic among servers in that region.

Must Know for Exams

For IT certification exams, the Network Load Balancer is a frequent topic, especially in AWS certification paths like the AWS Certified Solutions Architect Associate (SAA-C03), AWS Certified Developer Associate (DVA-C02), and AWS Certified SysOps Administrator Associate (SOA-C02). It also appears in the AWS Certified Advanced Networking Specialty (ANS-C01) and various CompTIA Network+ and Cloud+ exams.

In AWS exams, you are expected to know the key differences between the three types of load balancers: Classic Load Balancer (CLB), Application Load Balancer (ALB), and Network Load Balancer (NLB). The NLB is the one you choose when you need the highest performance, lowest latency, and you are working with TCP, UDP, or TLS protocols. Exam questions often test your ability to select the right load balancer for a given scenario, such as when you need static IP addresses, when you are handling millions of requests per second, or when you need to preserve the client IP address.

Another common exam objective is understanding how health checks work. You may be asked why a load balancer is routing traffic to an unhealthy server, or why a target is being marked unhealthy even though the application responds correctly. The exam will test your knowledge of health check parameters like the interval, timeout, healthy threshold, and unhealthy threshold.

In CompTIA Network+ and Cloud+, the focus is more on the general concept of load balancing, the OSI layer at which different load balancers operate, and the benefits of load balancing for availability and performance. You may be asked about load balancing algorithms such as round robin, least connections, or flow hashing.

To prepare, you should practice configuring an NLB in a lab environment. Know how to set up listeners, target groups, and health checks. Understand cross-zone load balancing and how it affects traffic distribution. Also, be ready for scenarios that combine NLBs with other services like Auto Scaling, AWS Global Accelerator, and Elastic IPs. Correctly answering these questions requires not just memorization, but a practical understanding of how an NLB behaves under different conditions.

Simple Meaning

Imagine you run a very popular pizza restaurant. Customers call in orders constantly. If only one person answered the phone, they would get overwhelmed, calls would be dropped, and customers would get frustrated. That is what happens to a single web server when too many people visit your site at once. A Network Load Balancer is like having a team of phone operators who work together. When a call comes in, the operator at the front desk instantly decides which kitchen station is least busy and routes the call there.

In computer terms, a Network Load Balancer sits between your users and your servers. It listens for incoming network traffic, like web page requests or API calls. For every request, it checks which server in your pool has the least load, then forwards the request to that server. This happens in tiny fractions of a second, so users never notice the work behind the scenes. The load balancer also watches the health of each server. If one server crashes or becomes slow, the load balancer stops sending traffic to it and reroutes everything to the healthy ones.

The key difference between a regular traffic cop and a Network Load Balancer is that the load balancer operates at the network level, handling millions of requests per second with very low delay. It can also handle sudden spikes in traffic, like when a product launches or a sale goes live, by distributing the load evenly. For IT beginners, think of it as the secret ingredient that makes large websites feel fast and reliable, even when millions of people are using them at the same time.

Full Technical Definition

A Network Load Balancer (NLB) is a fully managed, high-performance traffic distribution service that operates at Layer 4 of the OSI model, the transport layer. It is designed to handle millions of requests per second with ultra-low latency, typically measured in single-digit milliseconds. Unlike Application Load Balancers, which inspect HTTP headers, an NLB works with TCP, UDP, and TLS traffic, making it ideal for latency-sensitive and high-throughput applications.

Under the hood, an NLB maps incoming traffic from a static IP address or a dedicated Elastic IP to a target group of servers, containers, or IP addresses. It uses a flow hashing algorithm to distribute connections. For each connection, the load balancer computes a hash based on the source IP, source port, destination IP, destination port, and protocol. This hash determines which target server receives the connection, ensuring that all packets from the same session go to the same server, preserving session state without needing sticky sessions.

Health checks are critical. The NLB periodically sends health check requests to each target, such as a TCP handshake or a simple ping. If a target fails a configurable number of checks, it is marked unhealthy and traffic is rerouted to remaining healthy targets. This provides automatic failover and high availability across multiple Availability Zones.

In AWS, the NLB can be internet-facing or internal. Internet-facing NLBs have public IPs and route traffic from the internet to your VPC resources. Internal NLBs have private IPs and are used for internal service-to-service communication. The NLB supports cross-zone load balancing, which distributes traffic evenly across all targets in all enabled Availability Zones, not just within a single zone.

For real IT implementation, NLBs are often used behind a Content Delivery Network (CDN) or as the entry point for microservices architectures. They can also handle WebSocket traffic and SSL/TLS termination at the network layer, offloading encryption processing from backend servers. When configured with AWS Global Accelerator, the NLB can provide static IP addresses that act as a fixed entry point for global traffic, improving performance and simplifying firewall rules.

On the exam, key points include that NLBs are not for HTTP routing, they preserve the client IP address, they support health checks, and they scale automatically based on traffic. They are often compared to Application Load Balancers (Layer 7) and Classic Load Balancers (legacy).

Real-Life Example

Picture a huge concert venue with several entrance gates. Thousands of fans are arriving at the same time. If there is only one gate, a massive line forms, fans wait for hours, and some may even give up and leave. Now imagine the venue has a team of security guards at every gate who are constantly communicating with each other. The main organizer, standing at the front, sees how long each line is. When a new fan arrives, the organizer directs them to the shortest line. That way, everyone gets inside quickly and the venue stays safe and orderly.

In this analogy, the Network Load Balancer is the smart organizer plus the communication system between gates. The servers are the individual entrance gates where people actually go. The fans are the data packets from users visiting your website. The organizer decides which gate (server) can handle another person without causing a delay. If one gate has a problem, like a broken turnstile, the organizer stops sending people there and directs them to other gates. This keeps the concert going smoothly even when thousands arrive at once.

The load balancer also works incredibly fast, just like a well-trained security team. It does not slow down the flow of people. It makes decisions in the blink of an eye, so fans feel like they are walking straight in. For an online store, this means shoppers never see a spinning wheel or an error message, even during a flash sale. The load balancer ensures that every request gets to a server that can handle it, and if demand grows, you simply add more servers, which is like opening more entrance gates.

This analogy captures the core idea of a Network Load Balancer: distributing traffic efficiently to keep everything running fast and reliably, no matter how many users show up.

Why This Term Matters

In the real world of IT, reliability and speed are not just nice-to-haves, they are business-critical. If a website goes down during a major sale or a critical application becomes slow, companies can lose thousands of dollars per minute and damage their reputation. A Network Load Balancer is one of the most effective tools to prevent that.

First, it provides high availability. By distributing traffic across multiple servers, usually in different data centers or Availability Zones, the load balancer ensures that if one server or even an entire data center fails, the application continues running on the remaining healthy servers. Users never notice the failure. This is called fault tolerance, and it is a fundamental requirement for any serious production system.

Second, it enables scalability. When traffic increases, you can add more servers to your target group, and the load balancer automatically starts sending traffic to them. No manual reconfiguration needed. This is called horizontal scaling. For an IT professional, this means you can design systems that grow from handling a few hundred users to millions, without changing the architecture.

Third, it improves security. A Network Load Balancer can act as a single point of entry, hiding the IP addresses of your backend servers from the public internet. This reduces the attack surface. Attackers cannot target individual servers directly because they only see the load balancer. Combined with Web Application Firewalls and security groups, NLBs form a strong first line of defense.

For system administrators and DevOps engineers, knowing how to configure and troubleshoot a Network Load Balancer is a core skill. It appears in job roles like cloud architect, network engineer, and site reliability engineer. If you are studying for AWS certifications or general networking exams, understanding NLBs is essential because they are a fundamental building block of almost every cloud application in production today.

How It Appears in Exam Questions

Exam questions about Network Load Balancers usually follow a few distinct patterns. The most common is scenario-based selection, where you are given a description of an application's requirements and must choose the correct load balancer type. For example, a question might say:

A company runs a real-time multiplayer game that uses TCP for communication. They need the lowest possible latency and a static IP address that clients can whitelist. Which load balancer should they use? The correct answer is Network Load Balancer because it operates at Layer 4, provides static IPs via Elastic IPs, and offers ultra-low latency. The wrong options would often be Application Load Balancer (which works at Layer 7 with HTTP) or Classic Load Balancer (which does not support static IPs).

Another pattern is health check troubleshooting. A question might describe a scenario where a load balancer marks a target as unhealthy even though the application is responding. The learner must identify that the health check is using a TCP ping, but the application only responds on a specific path, or that the security group on the target is blocking the health check traffic.

Configuration questions are also common. You might be asked to choose the correct settings for a listener: for an NLB, the protocol could be TCP, UDP, or TLS, and the port should match the backend service. A common mistake is configuring an HTTP listener on an NLB, which is not supported.

In advanced exams, you may encounter questions about flow hashing and session persistence. For instance, an NLB by default uses a hash of the 5-tuple (source IP, source port, destination IP, destination port, and protocol) to send all packets of a connection to the same target. If a question asks how to ensure that all requests from a client go to the same server, you need to know that with an NLB, the flow hash already achieves that for the lifetime of the connection. For long-lived sessions, you might choose an Application Load Balancer with stickiness, or use a proxy protocol.

Finally, integration questions test your knowledge of how NLBs work with other AWS services. For example, how does an NLB interact with Auto Scaling groups? It automatically distributes traffic to new instances launched by an Auto Scaling group. Or, how does an NLB work with AWS PrivateLink? It can be used as a VPC endpoint service, allowing other VPCs to connect to your application privately. Being able to map these integrations is key to scoring high.

Practise Network Load Balancer Questions

Test your understanding with exam-style practice questions.

Practise

Example Scenario

Imagine you are a cloud architect for a popular online video game called "Galaxy Racers." The game has millions of players worldwide who connect to the game servers over the internet using a custom TCP-based protocol. The game needs to handle sudden spikes when new maps are released, and players expect virtually no lag. You decide to use a Network Load Balancer to manage traffic.

You create an NLB in the AWS us-east-1 region. You assign an Elastic IP to it so players can always connect to the same IP address, no matter which servers are currently active. You then create a target group containing multiple game server instances running in different Availability Zones. You configure health checks to send a TCP SYN packet to the game port. If a server does not respond within 5 seconds, it is marked unhealthy and traffic is diverted.

When a player launches the game, the client sends a connection request to the NLB's static IP. The NLB uses flow hashing to select one of the healthy game servers and forwards the TCP connection. All subsequent packets from that player go to the same server, ensuring the game state remains consistent. During the release of a new track, thousands of players log in simultaneously. The NLB distributes the connections evenly across all servers. If one server crashes, the NLB stops sending new connections to it, and the existing connections are dropped only if they fail, but new ones go to healthy servers.

Behind the scenes, you set up an Auto Scaling group that launches additional game servers when CPU utilization exceeds 70%. The new servers automatically register with the NLB and start receiving traffic within minutes. This ensures that even a massive player surge does not cause lag or downtime. The NLB handles millions of connections per second with under 5 milliseconds of overhead. Players experience smooth gameplay, and your company avoids expensive server overprovisioning. This scenario shows how a Network Load Balancer enables high performance, high availability, and automatic scalability for a demanding real-time application.

Common Mistakes

Choosing a Network Load Balancer for an HTTP-based application that needs routing based on URL paths.

NLBs operate at Layer 4 (TCP/UDP) and cannot inspect HTTP headers. They cannot route traffic to different target groups based on URL paths or hostnames. For that, you need an Application Load Balancer.

If your application requires path-based routing, host-based routing, or HTTP header inspection, use an Application Load Balancer instead.

Assuming a Network Load Balancer automatically provides a fixed DNS name that cannot change.

NLBs do provide a DNS name, but it can change if you attach or detach an Elastic IP. For a truly static endpoint, you must explicitly assign an Elastic IP to the NLB and use that IP in your client configuration.

If you need a static entry point, assign an Elastic IP to each NLB subnet. Then use that IP address as the connection endpoint.

Forgetting to open health check ports in the security group of the target servers.

The NLB sends health checks from its own IP addresses, which are within the VPC. If the target security group does not allow inbound traffic from the NLB's subnet range on the health check port, the health check fails and the target is marked unhealthy.

Add an inbound rule to the target security group that allows traffic from the NLB's VPC CIDR or from the NLB's security group (if using security group references) on the health check port.

Believing that a Network Load Balancer can distribute traffic based on the content of the request (like cookies or headers).

NLBs do not decrypt or inspect packet contents. They make routing decisions solely based on the network and transport layer headers (IP addresses, ports, protocol). Content-based routing requires Layer 7 inspection, which only Application Load Balancers provide.

When content-based routing is needed, always use an Application Load Balancer. If you need both high performance and content awareness, you can place an ALB behind an NLB.

Assuming that NLB health checks use HTTP or HTTPS requests like an ALB.

NLB health checks are Layer 3/4 based. They can be TCP handshakes, ICMP pings, or UDP tests. They do not check application-level responses. An HTTP 200 response is not validated by an NLB.

For application-level health checks, use an Application Load Balancer or use a TCP health check and ensure your server responds quickly to a TCP SYN.

Exam Trap — Don't Get Fooled

{"trap":"An exam scenario says an application needs to support sticky sessions (session affinity) and the architect chooses a Network Load Balancer for high performance.","why_learners_choose_it":"Learners see 'high performance' and 'low latency' and jump to NLB as the correct answer. They may also believe that all load balancers support sticky sessions by default."

,"how_to_avoid_it":"Remember that NLB does not have a native sticky session feature. It uses flow hashing which ensures that all packets of the same TCP connection go to the same target, but that does not persist across new connections unless the client uses the same source IP and port. For session stickiness across multiple connections, use an Application Load Balancer with cookie-based stickiness.

Always check the specific requirement: if the question explicitly says 'session stickiness' or 'sticky sessions', choose ALB, not NLB."

Step-by-Step Breakdown

1

Client sends a connection request

A user's application, such as a web browser or a game client, initiates a TCP or UDP connection to the Network Load Balancer's IP address or DNS name. This is the entry point for traffic into your infrastructure.

2

Load balancer receives the packet

The NLB examines the packet's 5-tuple: source IP, source port, destination IP, destination port, and protocol. It does not look at the packet payload. This allows for very fast processing with minimal overhead.

3

Flow hashing maps the connection to a target

The NLB uses a consistent hashing algorithm on the 5-tuple to select a target from the target group. All packets belonging to the same TCP or UDP flow land on the same target, preserving connection integrity.

4

Packet forwarded to healthy target

Before forwarding, the NLB checks the health status of the selected target. If the target is healthy, the packet is forwarded with the client IP address preserved (unlike some other load balancers that replace it). If the target is unhealthy, the connection is mapped to a different healthy target using the same hash but with a different mapping.

5

Target processes the request and sends a response

The backend server receives the forwarded packet and processes it normally. It sends the response back to the client. The response path goes directly from the server to the NLB, which then forwards it to the client. The NLB modifies only the destination IP of the return packet to match the client's address.

6

Health check runs continuously

The NLB periodically sends health checks (e.g., TCP SYN, UDP ping, or ICMP) to each target. If a target fails a configurable number of health checks, it is removed from the rotation. New connections are no longer sent to it until it passes health checks again. This ensures only healthy servers receive traffic.

7

Auto scaling and cross-zone distribution

If Auto Scaling is configured, new instances launch and automatically register with the NLB. The NLB also supports cross-zone load balancing, which distributes traffic evenly across all targets in all Availability Zones. This prevents one zone from being overloaded while another has spare capacity.

Practical Mini-Lesson

In a real production environment, configuring a Network Load Balancer involves several key decisions that directly impact performance, security, and cost. First, you must choose between an internet-facing and an internal NLB. An internet-facing NLB requires public subnets and an Elastic IP if you need a static IP. An internal NLB uses private IPs and is only reachable within the VPC. This is critical for security: never expose internal services directly to the internet.

Next, you configure listeners. Each listener defines the protocol and port on which the NLB accepts traffic. For example, a listener on TCP port 443 for TLS traffic. You must then create a target group and specify the target type: instance IDs, IP addresses, or an Application Load Balancer (for NLB to ALB chaining). The target group also defines the health check settings. A common mistake is using a health check interval that is too long, which delays detection of a failed server. A good starting point is an interval of 10 seconds with a timeout of 5 seconds.

Professionals must also understand how security groups interact with NLBs. Unlike ALBs, NLBs do not use security groups. Instead, you control access using network ACLs and by configuring the source IP whitelisting on the target security group. The NLB sends health checks from the VPC's private IP range, so you must allow that range in the target security group. Also, if you want to preserve the client IP, ensure that the target group attribute is set to preserve client IP (which is the default for NLB). What can go wrong? The most common issue is health check failures due to misconfigured security groups or firewalls. Another issue is cross-zone load balancing being disabled, leading to uneven traffic distribution. If one Availability Zone has more targets than another, that zone can become overloaded. Enabling cross-zone load balancing fixes this. Also, if you attach an Elastic IP to an NLB, be aware that the NLB's DNS name will still resolve to the underlying network interfaces, and the Elastic IP is used only if you manually configure clients to use that IP.

Finally, monitoring is essential. Use Amazon CloudWatch metrics like ActiveFlowCount, ProcessedBytes, and HealthyHostCount. Set up alarms for unhealthy hosts. Also, enable VPC Flow Logs to capture traffic that reaches the NLB. This helps in troubleshooting connectivity issues and security incidents. For high-traffic applications, consider using AWS Global Accelerator to route traffic to the nearest NLB endpoint, reducing latency for global users.

Memory Tip

Think 'Network' for Network Layer (Layer 4), 'Load Balancer' for distributing traffic. Remember: NLB = No Header inspection, Low Latency, Big throughput.

Covered in These Exams

Current Exam Context

Current exam versions that test this topic — use these objectives when studying.

Related Glossary Terms

Frequently Asked Questions

What is the difference between a Network Load Balancer and an Application Load Balancer?

A Network Load Balancer operates at Layer 4 (TCP/UDP) and routes traffic based on IP addresses and ports. It offers extremely low latency and preserves client IP. An Application Load Balancer operates at Layer 7 (HTTP/HTTPS) and can route based on URL paths, headers, and hostnames. Use NLB for performance-critical TCP/UDP traffic and ALB for web applications.

Does a Network Load Balancer support sticky sessions?

No, NLB does not have a sticky session feature. It uses flow hashing to ensure all packets of a single TCP connection go to the same target. If you need session persistence across multiple connections (e.g., for a shopping cart), you should use an Application Load Balancer with cookie-based stickiness.

Can I use a Network Load Balancer for HTTP traffic?

Technically yes, because HTTP runs over TCP. However, an NLB cannot inspect HTTP headers, so you cannot do path-based routing or host-based routing. For most HTTP use cases, an Application Load Balancer is the better choice.

How does a Network Load Balancer handle health checks?

NLBs perform health checks at the network level, such as TCP SYN handshakes, UDP pings, or ICMP echo requests. They do not check application-level responses. If a target does not respond within the configured timeout, it is marked unhealthy and traffic is stopped.

Does a Network Load Balancer have a static IP address?

By default, an NLB gets a DNS name that resolves to a changing set of IP addresses. To get a static IP, you must assign an Elastic IP to each subnet where the NLB is deployed. This is a common requirement for enterprise customers who need to whitelist IPs.

Is a Network Load Balancer zone-redundant?

Yes, you can deploy an NLB in multiple Availability Zones. It automatically distributes traffic across healthy targets in all zones. For full fault tolerance, you should enable cross-zone load balancing so that traffic is distributed evenly, not just within each zone.

Summary

The Network Load Balancer is a powerful, high-performance traffic distributor that operates at the transport layer of the OSI model. It is designed to handle millions of requests per second with ultra-low latency, making it ideal for real-time applications, gaming, DNS, and any TCP or UDP-based service that demands the highest performance.

In the IT industry, understanding the NLB is essential for building fault-tolerant and scalable architectures. It works by using flow hashing to map connections to backend servers, automatically rerouting traffic when servers fail or become overloaded. Its ability to preserve client IP addresses and support static IPs via Elastic IPs makes it a favorite for security-conscious enterprises.

For certification exams, particularly AWS certifications, the NLB is a frequent topic. You must know when to choose an NLB over other load balancers, how health checks work, and how it integrates with services like Auto Scaling and Global Accelerator. Common exam traps include confusing NLB with ALB features like sticky sessions and content-based routing. The key takeaway for learners: always match the load balancer type to the protocol and feature requirements. If you need Layer 4 performance and simplicity, choose NLB. If you need Layer 7 intelligence, choose ALB. Master this distinction, and you will handle load balancer questions with confidence.