👋 Hey friend! Got questions while reading? Just ask me — I'm your AI buddy here to explain anything that seems confusing! 💬✨
AWS
Lb

✅ Part 1 — Types of AWS Load Balancers (Interview Must-Know)

✅ Q1 — What are the types of AWS Load Balancers?

Four types:

ALB — Application Load Balancer (Layer 7) HTTP/HTTPS routing, path/host rules

NLB — Network Load Balancer (Layer 4) TCP/UDP, ultra high performance

GWLB — Gateway Load Balancer Traffic inspection appliances

CLB — Classic LB (legacy) Avoid for new systems

If you can’t explain ALB vs NLB clearly — interview red flag.

✅ Part 2 — ALB Deep Dive (Most Used)

✅ Q2 — ALB powers — what makes it strong?

ALB is L7 intelligent router. Supports host-based and path-based routing, header rules, redirects, fixed responses, weighted routing. Supports WebSockets and HTTP/2. Integrates with WAF and Cognito auth. Can route to multiple target groups — perfect for microservices.

✅ Q3 — Real production ALB design pattern

Single ALB per environment with multiple listeners and path rules:

  • /api/* → service A
  • /payments/* → service B
  • /auth/* → service C

Reduces cost and centralizes TLS + WAF. Very common in microservices + EKS.

✅ Q4 — ALB tradeoffs

Higher latency than NLB. Only supports HTTP/HTTPS/gRPC. Not suitable for raw TCP protocols. Can become expensive with many rules + high request rate. Header-based routing increases processing overhead.

✅ Part 3 — NLB Deep Dive (Performance Choice)

✅ Q5 — NLB powers — when is it superior?

NLB is Layer 4 and extremely fast. Handles millions of connections with very low latency. Supports TCP, UDP, TLS passthrough. Preserves source IP by default. Supports static IP and Elastic IP — important for allowlist integrations.

✅ Q6 — Real production NLB use cases

  • gRPC services
  • database proxying
  • high-throughput APIs
  • gaming or streaming protocols
  • partner allowlist integrations
  • TLS passthrough to app

✅ Q7 — NLB tradeoffs

No path routing. No header routing. No WAF directly. No auth layer. Routing is only port/protocol based. You must handle L7 logic in app or proxy behind it.

✅ Part 4 — GWLB (Advanced / Niche but Asked in Senior Interviews)

✅ Q8 — What is Gateway Load Balancer used for?

GWLB is used to route traffic through security appliances like firewalls and IDS/IPS. It sits inline and distributes traffic to inspection tools. Used in security-heavy architectures.

✅ Part 5 — Scaling Behavior (Interview Favorite)

✅ Q9 — Do AWS load balancers scale automatically?

Yes — fully managed and auto-scaling. But scaling is not instant. Sudden extreme spikes can cause initial 5xx or connection drops. Pre-warming is rarely needed now but still exists for extreme cases.

✅ Q10 — What is connection draining (deregistration delay)?

When a target is removed, LB waits before closing connections so in-flight requests finish. Critical for zero-downtime deploys. Must align with app shutdown time.

✅ Part 6 — Health Checks & Failure Behavior

✅ Q11 — Health checks — how do they really affect traffic?

Targets failing health checks are removed from rotation. Bad health check design = false positives = traffic loss. Health endpoint should check critical dependencies — not just “process alive”.

✅ Q12 — Common health check mistake

Checking /health that always returns 200 even if DB is down. That makes LB think service is healthy when it’s not.

✅ Part 7 — Security & TLS Design

✅ Q13 — Where should TLS terminate — LB or app?

Usually at ALB for simplicity and cert management. Terminate at app only if end-to-end encryption required. NLB supports TLS passthrough when needed.

✅ Q14 — ALB + WAF — why common?

ALB integrates directly with WAF for L7 filtering. Blocks attacks before app. Common fintech edge pattern: CloudFront → WAF → ALB → services.

✅ Part 8 — Kubernetes / EKS Patterns

✅ Q15 — ALB vs NLB in EKS — when to use which?

ALB → Ingress for HTTP routing across many services. NLB → Service type LoadBalancer for TCP/gRPC or static IP needs.

Many clusters use both.

✅ Part 9 — Cost Tradeoffs

✅ Q16 — What drives LB cost?

  • hours running
  • LCU usage (new connections, active connections, bytes, rules)
  • NLB data processed

ALB rule count increases LCU cost.

✅ Q17 — Cost optimization pattern

One shared ALB per env instead of many ALBs. Path routing saves cost.

✅ Part 10 — Limits & Quotas

✅ Q18 — Important limits interviewers expect awareness of

  • listener rules limit
  • target group limits
  • targets per group
  • request size limits
  • idle timeout limits

Design must consider rule explosion.

✅ Part 11 — Failure & Debugging

✅ Q19 — LB returns 502 — common causes?

  • backend timeout
  • wrong port
  • TLS mismatch
  • health check mismatch
  • target crashed
  • security group block

✅ Part 12 — When NOT to Use Which

✅ Q20 — When not to use ALB vs NLB

Don’t use ALB for raw TCP. Don’t use NLB when you need path routing or WAF. Don’t put internal east-west traffic through ALB — use cluster networking/service mesh.

LambdaRds
💬 Need a Quick Summary?

Hey! Don't have time to read everything? I get it. 😊
Click below and I'll give you the main points and what matters most on this page.
Takes about 5 seconds • Uses Perplexity AI