Next up in terms of Load Balancers in AWS is the Network Load Balancer. This operates on layer 4 utilizing TCP and UDP in order to forward traffic. A NLB is a high performance load balancer that can handle millions of requests per second with ~100 millisecond delay. You create target groups just like with an ALB utilizing EC2 instances or private IPS, these can be IPs of machines within your datacenter so you can load balance between AWS and on-prem resources. You can even have an application load balancer as a target group, a reason you may do this is an NLB allows one static IP per AZ which is useful if you need to whitelist the NLB on any route tables and can be less complicated then using the ALB which you can forward traffic to from the NLB. The health check support TCP, HTTP and HTTPS in order to check the health of instances as long as your instance utilizes any of the three then the NLB target groups can verify the health of those instances. It is important to note as well, if you do use just an NLB, you don’t define security groups on the NLB itself. It simply forwards traffic directly to your target groups and utilizes the security groups you have defined on the instances. You cannot attach your NLB to your security group like you can with ALB. A good way to think of it is imagine with an NLB the user is connecting directly to your instance from their machine and not through the NLB, so if you’re utilizing HTTP simply allow HTTP from anywhere whereas if you were just using an ALB you would only allow HTTP from the SG that the ALB is on. I will go more into security you can setup for your NLB in a later post.