What Does NLB Mean?
On This Page
Quick Definition
A network load balancer acts like a smart traffic cop for your servers. It receives incoming requests from users and sends each request to the least busy or most appropriate server. This helps keep applications fast and available, even if a server fails or traffic surges.
Commonly Confused With
An ALB operates at Layer 7 and can route traffic based on HTTP headers, URLs, and hostnames. It is best for HTTP/HTTPS traffic where you need content-based routing. NLB operates at Layer 4 and is faster but less intelligent. Use ALB for microservices with multiple path-based routes, and NLB for raw TCP/UDP or extremely high throughput.
An e-commerce site uses ALB to send requests starting with '/api' to an API server and '/images' to an image server. A gaming site uses NLB to forward all UDP traffic to game servers without inspecting the packet contents.
CLB is the legacy AWS load balancer that operates at both Layer 4 and Layer 7 but lacks advanced features like path-based routing and native HTTP/2. It is being phased out. NLB is much more performant for Layer 4, while ALB is better for Layer 7. Avoid CLB in new designs.
An old application that expects HTTP traffic on port 80 may still use CLB, but a new high-traffic TCP service should use NLB for lower latency and better scaling.
GWLB is used for transparent network gateways (like firewalls, IDS/IPS). It operates at Layer 3/Geneve protocol and forwards traffic to virtual appliances. NLB is for standard TCP/UDP load balancing to application servers. GWLB is for inline traffic inspection.
A company deploys a virtual firewall cluster. GWLB sits in the network path and sends traffic through the firewalls before reaching the NLB that distributes to web servers.
DNS round-robin is a simple load distribution method where a DNS server returns multiple IP addresses in random order. It does not monitor server health and cannot reroute traffic if a server fails. NLB actively checks health and automatically removes failed servers.
Using DNS round-robin for three web servers, half of users may get a server that is down and see an error. NLB would detect the failure and avoid that server.
Must Know for Exams
NLB appears in multiple certification exams, most notably in AWS Certified Solutions Architect, AWS Certified Advanced Networking, and the CompTIA Cloud+ and Network+ exams. In AWS specifically, the Network Load Balancer is one of three core Load Balancer types (Classic, Application, Network). Exam objectives expect you to know that NLB operates at Layer 4, handles TCP/UDP, and can handle millions of requests per second. You must understand when to choose NLB over ALB (for real-time streaming, VPN, or IoT) and when to use a Gateway Load Balancer.
In CompTIA Network+, NLB concepts appear under network availability and load balancing, often in questions about high availability and redundancy. You may be asked to interpret a network diagram showing an NLB distributing traffic to a server cluster, or to describe the benefits of using multiple servers with a load balancer.
In the Microsoft Azure world, similar concepts appear under Azure Load Balancer (L4) and Azure Application Gateway (L7). The exam objectives for AZ-104 require you to configure a load balancer and understand its health probes, backend pools, and load balancing rules.
Typical exam questions test your ability to choose the correct load balancing solution based on requirements. For example: "You need to support millions of concurrent connections for a gaming application with very low latency. Which AWS load balancer should you use?" The answer is NLB because of its L4 performance and low overhead. Another common question type involves troubleshooting: "Users report intermittent disconnections from a financial trading platform. The backend servers have sufficient capacity. What should you check?" The answer may involve verifying the NLB’s health check configuration or session stickiness settings.
Make sure you can distinguish between round-robin, least connections, and source IP hash algorithms. Also know that NLBs do not terminate TLS; they pass the encrypted traffic through to the backend. For TLS termination, you would use an ALB or a reverse proxy in front of the NLB.
Simple Meaning
Imagine a busy pizza shop that gets dozens of delivery orders every minute. If only one person took all the orders, they would get overwhelmed and orders would be slow. Now imagine that the shop hires a team of order takers. But then the problem shifts: which order taker should the next customer call? If everyone calls the first number, that person is still overloaded. A Network Load Balancer (NLB) is like a smart phone system that automatically routes each incoming call to the order taker who is currently free or has the shortest queue. It keeps the system efficient and prevents any single worker from being bombarded.
In the same way, an NLB sits in front of a group of servers (called a server pool). When a user wants to visit a website or use an app, their request first hits the NLB. The NLB examines the request and, using a set of rules (like which server has the fewest active connections), forwards the request to the best server behind it. If one server becomes too busy or crashes, the NLB redirects traffic to the remaining healthy ones. This makes the whole system more resilient, faster, and able to handle more users at once. The user never knows which server handled their request, they just get a smooth experience.
Full Technical Definition
A Network Load Balancer (NLB) operates at Layer 4 (Transport layer) of the OSI model, meaning it makes routing decisions based on TCP/UDP protocols, source and destination IP addresses, and port numbers. Unlike application load balancers (ALBs) that inspect HTTP headers, NLBs work with raw TCP/UDP traffic, making them ideal for handling millions of requests per second with extremely low latency.
Architecturally, an NLB is deployed in front of a target group, which consists of one or more servers (physical or virtual) running the same application or service. The NLB uses a predefined algorithm, most commonly round-robin, least connections, or source IP hash, to decide which target should receive each connection. In round-robin, requests are rotated evenly across servers. In least connections, the server with the fewest active sessions gets the next request. Source IP hash ensures that a given user is always sent to the same server, which is useful for session persistence.
NLBs can be either hardware-based (like a dedicated appliance from F5 or Citrix) or software-based (such as AWS Network Load Balancer, HAProxy, or NGINX). In cloud environments, NLBs are fully managed services that scale automatically. They also support health checks, which are periodic probes sent to each target server to verify it is still online and responsive. If a server fails a health check, the NLB stops sending traffic to it until it recovers.
Modern NLBs also offer cross-zone load balancing, which distributes traffic evenly across servers in multiple availability zones for fault tolerance. Sticky sessions (session affinity) can be implemented using the source IP hash algorithm or by inserting a cookie (though NLBs are limited compared to ALBs in this regard). Because NLBs operate at such a high speed, they are often used for real-time applications like gaming, VoIP, streaming, and financial trading platforms where every millisecond counts.
Real-Life Example
Think about a highway with multiple toll booths. Without a traffic management system, all cars would naturally head to the first booth, causing a long line there while other booths sit empty. The NLB is like a smart electronic sign above the highway that tells drivers to proceed to booth 3 or booth 5 based on current queue lengths. This keeps traffic moving smoothly and prevents any single toll booth from being a bottleneck.
Now imagine that one toll booth operator takes a break or a machine breaks. The smart sign automatically stops sending cars to that booth and reroutes them to the others. Drivers barely notice the change, they just get through a bit faster. This is exactly how an NLB handles server failure: it detects that a server is down (via health checks) and stops sending requests there until it recovers.
Also consider how a busy airport check-in system works. Instead of herding everyone to one counter, the airline’s system distributes passengers among multiple open counters. If a passenger has a special request (like extra baggage), the system might send them to a specific counter. That is similar to the NLB’s ability to route certain types of traffic based on source IP or port. The goal is always the same: keep the line moving, prevent overload, and make sure every user gets served without delay.
Why This Term Matters
In modern IT infrastructure, applications must be always-on and responsive. A single server can only handle a limited number of simultaneous connections. Without an NLB, the server would become overloaded, response times would increase, and users would experience timeouts or errors. Worse, if that single server fails, the entire application goes down. NLBs solve both problems by spreading the load across multiple servers and providing automatic failover.
For IT professionals, understanding NLB is critical because nearly every production deployment uses some form of load balancing. Whether you are setting up a web application, a database cluster, or a microservices architecture, you will likely need to configure an NLB. It ensures high availability (the application stays up even if some servers fail) and scalability (you can add more servers to handle increased traffic without changing the user-facing address).
From a cost perspective, NLBs allow you to use standard, less expensive servers instead of one giant supercomputer. They also make maintenance easier, you can take a server offline for updates while the NLB continues routing traffic to the others. This is often called a rolling update. Without an NLB, you would have to schedule downtime or accept a degraded user experience during maintenance.
How It Appears in Exam Questions
Exam questions about NLB fall into three main categories: architecture choice, feature identification, and troubleshooting.
Architecture choice questions present a scenario and ask you to pick the right load balancer. Example: "A company runs a real-time multiplayer game on EC2 instances. They need a load balancer that can handle 20 million concurrent connections with minimal latency. Which type of load balancer should they use?" The correct answer is Network Load Balancer because it operates at Layer 4 and can handle millions of requests per second with extremely low latency, unlike Application Load Balancers which operate at Layer 7 and introduce more overhead.
Feature identification questions may ask: "Which of the following is a characteristic of a Network Load Balancer? A) It can route based on HTTP headers B) It can perform TLS termination C) It operates at Layer 4 of the OSI model D) It can only be used with HTTP traffic." The correct answer is C. You must know that NLB does not inspect application-layer data.
Troubleshooting questions often involve health checks. Example: "After deploying an NLB, users report that some requests fail. The backend servers are running. What is the most likely cause?" The answer could be that the health check target is incorrectly configured, so the NLB marks healthy servers as unhealthy and stops sending traffic to them. Another tricky point: NLBs support cross-zone load balancing, but if it is disabled, traffic may be unevenly distributed even if backend servers are healthy.
Configuration questions may ask: "You need to ensure that a user’s session is always routed to the same server during the session. Which load balancing algorithm should you configure?" Answer: source IP hash. Or they might ask about sticky sessions, remember that NLBs support sticky sessions using source IP hashing, not cookies (that is ALB’s domain).
Finally, expect questions that ask you to compare NLBs with ALBs or Classic Load Balancers. Know the OSI layer, supported protocols (TCP/UDP vs HTTP/HTTPS), performance characteristics, and pricing model. NLB is typically more expensive per hour but cheaper per request at high scale.
Practise NLB Questions
Test your understanding with exam-style practice questions.
Example Scenario
Scenario: A medium-sized e-commerce website named ShopFast has been growing rapidly. They started with a single web server, but now during flash sales, the server gets overwhelmed and users see “502 Bad Gateway” errors. Customers are complaining, and the company is losing money. The IT team decides to add two more identical web servers and use a Network Load Balancer to distribute traffic.
They deploy the NLB with a public IP address. The NLB’s target group includes all three web servers. They configure round-robin load balancing so that each new connection is sent to the next server in line. They also set up a health check that pings a simple health page on each server every 30 seconds.
During the next flash sale, thousands of users visit the site simultaneously. The NLB receives every request and distributes them evenly across the three servers. No single server gets more than its fair share. The site remains fast and responsive. Then one of the servers unexpectedly crashes during the sale. The NLB’s health check detects that the failing server is no longer responding after three consecutive failed checks. The NLB automatically removes that server from the target group. New connections are now split between the two remaining servers. The site stays up, though it may slow down a bit. The IT team receives an alert and restores the crashed server. Once it passes the health check, the NLB adds it back to the pool without any manual restart.
This scenario illustrates how an NLB provides both load distribution and automatic failover, which are critical for production services that cannot afford downtime.
Common Mistakes
Believing NLB operates at Layer 7 (Application) like ALB.
NLB operates strictly at Layer 4 (Transport). It does not inspect HTTP headers, cookies, or application data. It only looks at TCP/UDP headers, IP addresses, and ports.
Remember: NLB = Network = Layer 4. ALB = Application = Layer 7. The name tells you the layer.
Assuming NLB can terminate TLS/SSL certificates.
NLBs do not decrypt traffic; they pass encrypted traffic straight through to the backend servers. Only Application Load Balancers and Classic Load Balancers (listener mode) can terminate TLS.
If you need TLS termination, use an ALB or put a TLS-terminating reverse proxy (like NGINX) behind the NLB.
Thinking that round-robin is always the best algorithm.
Round-robin works well when servers have identical capacity and request processing times are similar. In reality, servers may have different specs or handle requests of varying complexity. Least connections is often better for uneven loads.
Understand the trade-offs: round-robin for equal-capacity servers, least connections for variable workloads, source IP hash for session persistence.
Ignoring cross-zone load balancing setting.
If cross-zone load balancing is disabled, traffic may be directed only to servers in the same Availability Zone as the NLB node. This can lead to uneven distribution across zones, especially if you have many servers in one zone and few in another.
Enable cross-zone load balancing unless you have a specific cost or latency reason not to. Check exam scenario details for zone-level distribution requirements.
Confusing health check timeout with health check interval.
The interval is how often the NLB sends a health check. The timeout is how long it waits for a response. If the timeout is too short, healthy servers may be marked unhealthy. If too long, unhealthy servers may keep receiving traffic.
Set the timeout slightly longer than the typical server response time. Ensure the interval is shorter than your acceptable failure detection time.
Exam Trap — Don't Get Fooled
{"trap":"The exam presents a scenario where performance is critical and asks for a 'Layer 4' load balancer. Many learners instinctively choose ALB because they know ALB is newer and more modern, but ALB operates at Layer 7 and introduces more latency.","why_learners_choose_it":"Learners often associate 'Application' with newer features and assume it is always better.
They may also be more familiar with ALB from web application deployments and forget that NLB is designed for high-performance, low-latency TCP/UDP traffic.","how_to_avoid_it":"Always read the requirement carefully. If the scenario mentions 'millions of requests', 'low latency', 'real-time gaming', or 'TCP/UDP', think NLB.
If it mentions HTTP routing, host-based routing, or WebSockets, think ALB. Also memorize: NLB = Layer 4, ALB = Layer 7."
Step-by-Step Breakdown
Client sends a request
A user types a URL in their browser or an application initiates a TCP/UDP connection. The DNS resolves the domain name to the NLB’s public IP address. The client then sends the connection request to the NLB.
NLB receives the connection
The NLB listens on a specific port (e.g., 80 for HTTP, 443 for HTTPS, or a custom port like 3306 for MySQL). It accepts the TCP handshake (SYN, SYN-ACK, ACK) at the network interface level. The NLB maintains a flow table to track active connections.
Load balancing algorithm selection
The NLB uses the configured algorithm (round-robin, least connections, or source IP hash) to select a target server from the target group. For source IP hash, the NLB computes a hash of the client’s IP address to map it consistently to the same server, preserving session state.
Forward traffic to chosen target
The NLB encapsulates the original packet (preserving the client IP) or rewrites the destination IP to the chosen server’s IP address. It then forwards the packet over the internal network. The backend server processes the request and sends the response back through the NLB, which forwards it to the client.
Health check validation
Periodically, the NLB sends health check probes (e.g., TCP SYN, or HTTP GET to a configured path) to each target. If a target does not respond within the timeout and threshold, it is marked unhealthy. The NLB stops sending new connections to that target until it recovers and passes the next health checks.
Practical Mini-Lesson
When you start working with a Network Load Balancer in a real cloud environment, the first thing you need to understand is the target group. The target group is a logical grouping of your backend servers (EC2 instances, IP addresses, or Lambda functions). You define which port the servers listen on (e.g., 443 for HTTPS) and the protocol (TCP). Each target group can have a single health check configuration that applies to all its targets.
After creating the target group, you create the NLB itself. You must specify a scheme: internet-facing (public IP) or internal (private IP only for internal VPC traffic). You also choose IP address type (IPv4 or dual-stack). For internet-facing NLBs, AWS automatically assigns a public IP address per Availability Zone. This is important: an NLB is always zone-bound. If you enable multiple Availability Zones, you get an NLB node in each zone, and traffic is distributed across those nodes.
One common configuration pitfall is forgetting to configure the listener. A listener checks for connection requests on a specified port and protocol. For example, you create a TCP listener on port 443. Then you define a default action: forward requests to the target group you created. You can also define a default action that returns a fixed response (like 503) if you want to block traffic temporarily.
Health checks require careful tuning. The health check protocol can be TCP, HTTP, or HTTPS. For TCP health checks, the NLB tries to open a TCP connection to the target port. If the server accepts the connection within the timeout, it is considered healthy. For HTTP health checks, the server must return a 2xx or 3xx status code. The interval is how often the check runs (default 10 seconds). The unhealthy threshold is how many consecutive failures before marking the server as unhealthy (default 2). Setting these values too aggressive can cause healthy servers to be removed during brief pauses; setting them too lax can keep dead servers in the pool longer than necessary.
What can go wrong? First, security groups. The backend servers’ security groups must allow traffic from the NLB’s IP addresses (or from the VPC CIDR if cross-zone is disabled). Second, route tables: if the NLB is internet-facing, it must be deployed in a public subnet with an Internet Gateway. Third, timeouts: some applications have idle timeouts that drop connections if no data is sent for a while. NLB has an idle timeout of 350 seconds by default. If your application sends long-lived connections, you may need to adjust that.
In practice, professionals often pair NLB with Auto Scaling groups to automatically add or remove servers based on demand. The NLB’s target group can be attached to an Auto Scaling group so that new instances are automatically registered as targets, and terminated instances are deregistered. This creates a fully elastic, highly available architecture.
Memory Tip
NLB = Network Layer 4. Think 'No HTTP inspection', NLB is for speed, not smarts.
Covered in These Exams
Current Exam Context
Current exam versions that test this topic — use these objectives when studying.
Related Glossary Terms
A 2-in-1 laptop is a portable computer that can switch between a traditional laptop form and a tablet form, usually by detaching or rotating the keyboard.
The 24-pin motherboard connector is the main power cable that connects the computer's power supply unit (PSU) to the motherboard, supplying electricity to the motherboard and its components.
Two-factor authentication (2FA) is a security method that requires two different types of proof before granting access to an account or system.
A 3D printer is a device that creates physical objects by depositing layers of material based on a digital model.
5G is the fifth generation of cellular network technology, designed to deliver faster speeds, lower latency, and support for many more connected devices than previous generations.
The 8-pin CPU connector is a power cable from the power supply that delivers dedicated electricity to the processor on a computer's motherboard.
802.1Q is the networking standard that allows multiple virtual LANs (VLANs) to share a single physical network link by tagging Ethernet frames with VLAN identification information.
802.1X is a network access control standard that authenticates devices before they are allowed to connect to a wired or wireless network.
Frequently Asked Questions
Does NLB support SSL/TLS termination?
No. NLB does not terminate TLS. It passes encrypted traffic through to the backend servers. For TLS termination, use an Application Load Balancer or a reverse proxy.
Can I use NLB with HTTP traffic?
Yes, NLB can handle HTTP traffic, but it will treat it as raw TCP. It cannot inspect HTTP headers or route based on paths. If you need path-based routing, use ALB.
How does NLB handle sticky sessions?
NLB supports sticky sessions using the source IP hash load balancing algorithm. It does not use cookies. This ensures a given client IP always goes to the same server.
Is NLB available in all cloud providers?
The term NLB is specific to AWS. Other providers have equivalent services: Azure Load Balancer (L4), Google Cloud Load Balancer (Proxy and Passthrough). The core L4 concept is universal.
What is the difference between a listener and a target group?
A listener defines the protocol and port on which the NLB accepts traffic (e.g., TCP:443). A target group defines which backend servers receive that traffic and includes health check settings.
Can NLB distribute traffic to servers in different VPCs?
NLB can distribute traffic to servers in the same VPC or, with cross-VPC connectivity (like VPC peering or Transit Gateway), to servers in another VPC. Direct cross-region is not supported.
What is the maximum throughput of an NLB?
AWS NLB can handle up to 20 million concurrent connections per Availability Zone and 100 Gbps throughput. Exact limits depend on the region and configuration.
Summary
The Network Load Balancer (NLB) is a critical component in modern cloud and on-premises architectures that require high performance, low latency, and robust scalability. Operating at the transport layer (Layer 4), it efficiently distributes TCP and UDP traffic across multiple backend servers, enabling applications to handle millions of concurrent connections without degradation. By automatically detecting and routing around failed servers via health checks, an NLB ensures high availability and fault tolerance.
For IT certification candidates, mastering NLB means understanding its place in the load balancer ecosystem, especially how it differs from Application Load Balancers (Layer 7) and other alternatives. Exam questions frequently test your ability to choose the right load balancer for a given scenario, interpret health check configurations, and troubleshoot common problems like cross-zone distribution or timeout settings. The best way to prepare is to practice configuring an NLB in a lab environment, experiment with different algorithms, and observe how traffic flows change when a backend server fails.
Beyond exams, the ability to design and manage NLB deployments is a valuable skill for any IT professional working with scalable systems. Whether you are setting up a web application, an API server, a database cluster, or a real-time communication platform, the NLB is often the first line of defense against overload and downtime. By understanding its strengths and limitations, you can build systems that are resilient, efficient, and ready to grow.