Load Balancing on AWS: Know Your Options

Despite a vast range of uses, platforms, and technologies, most applications share some common needs: They must be kept online and insulated from hardware failures, they must scale to meet demand, and they must be defended from compromise and attack.

Ever since applications began to migrate from mainframe computers to open systems, organizations have used load balancers to manage the scalability and availability of applications. When faced with complex problems and more sophisticated security threats, load balancers developed richer feature sets, with added security and optimization capabilities.

Over time, the simple load balancer has evolved into the powerful application delivery controller (ADC). Around the world, thousands of organizations rely on ADCs to make the applications that run our lives secure, fast, and available. From emergency medical services and banking to gaming and dating, ADCs provide the technology that helps apps perform at their best.

As applications move from traditional on-premises models to cloud services, their needs for scale, security, and availability have not diminished. It’s no surprise, therefore, that all cloud platforms—both public and private—provide load balancing services as part of their core infrastructure-as-a-service (IaaS) offerings.

The Amazon Web Services (AWS) Elastic Load Balancing (ELB) service helps organizations deliver hundreds of thousands of applications, including some of the internet’s largest. And just as on-premises load balancers added capabilities to meet customer needs, load balancing services in AWS continue to incorporate new features and functions.

While ELB can be a great choice for many organizations, others require additional functionality to best support their critical applications. In addition, some enterprises have already deployed ADCs and load balancers to scale and manage their on-premises applications. For these organizations, adopting the same platform on AWS as in the data center can reduce the time, costs, and risk of a cloud migration. Before making a decision about which load balancing service is right for your organization, let’s take a look at the various load balancing options available on AWS.

Amazon Web Services offers the broadest set of services of any of the mainstream IaaS providers, spanning a huge range of functionality and uses, from simple compute and block storage to advanced databases and machine-learning environments. A key component of many AWS customer architectures is the load balancer, of which AWS offers two distinct services (both under the name “Elastic Load Balancing) for use in virtual private cloud (VPC) environments.

Amazon's Application Load Balancer (ALB) provides load balancing, health monitoring, and URL-based request routing on the AWS cloud. ALB offers HTTP and HTTPS protocol load balancing with customer SSL certificates loaded from one of the AWS certificate management services, and also supports load balancing WebSocket traffic. In addition, ALB allows auto scaling of backend Elastic Compute Cloud (EC2) server resources: when traffic demands increase, ALB can trigger additional severs to be deployed, and can then remove them when demand subsides.

The ALB service also scales to cope with additional load. As application network traffic increases, additional ALB instances are created and registered with DNS, and traffic is then distributed to the ALB instances using DNS round robin. For best performance under sudden workloads, pre-warming of ALB instances is recommended since the spin up time for new instances can be between one and seven minutes.

ALB can be deployed via web console, CLI, API, cloud formation templates (CFTs), and many automation tools such as Ansible.

The latest addition to the AWS elastic load balancing family is the Network Load Balancer (NLB). Like the “classic” load balancer, this operates at layer 4 and offers connection-based load balancing and network- and application-layer health checks. NLB is designed to cope well with traffic spikes and high volumes of connections. In addition, NLB allows targets to be RFC 1918 private IP addresses as well as EC2 instances. The autoscaling, self-scaling, and deployment options are similar to ALB.

AWS also still offers their “classic” Elastic Load Balancer, which supports basic layer 4 load balancing for TCP traffic, but no layer 7 traffic balancing or steering. The autoscaling, self-scaling, and deployment options are similar to ALB.

The F5® BIG-IP® ADC platform represents the other end of the load balancing spectrum from the lightweight AWS classic load balancer. With a suite of features addressing a huge range of security, application optimization, and availability challenges, BIG-IP can solve problems and manage application traffic that simpler solutions just can’t.

BIG-IP offers comprehensive application traffic management, which includes full traffic inspection, control, and manipulation. This extends to both the application layer request and the response, which enables data loss prevention and server response content manipulation. This capability has proven to be a fast, reliable, and invaluable problem-solving tool for thousands of organizations. In addition, the full programmatic inspection and manipulation of application traffic offers developers an additional architectural layer to enhance application behavior at a critical strategic point of control.

With all this programmable, problem-solving capability comes some baggage that needs to be acknowledged. Firstly, BIG-IP operates at a different infrastructure level from both the AWS classic load balancer and ALB. BIG-IP is deployed as an EC2 instance within your VPC, which has both advantages and disadvantages. Being part of the VPC enables the ADC to manage traffic effectively between all components within an availability zone, and gives you significant control over communication between components in the VPC.

At the same time, it creates additional EC2 instances to manage and maintain. High availability of what will become a mission-critical component—while easy to configure—now becomes your responsibility. Managing the underlying platform in terms of software updates and general management is not handled by AWS but by the customer, while new features are delivered by versions released into the AWS Marketplace, as opposed to essentially seamless service upgrades.

Finally, BIG-IP can be both scaled on demand and can auto-scale application server instances, but almost inevitably more of the configuration efforts will fall to the customer when compared to using a core AWS service.

Choosing the right solution for your organization essentially depends on your application and platform needs. Some applications and use cases are well suited to AWS ELB, while others require the advanced capabilities of BIG-IP.

ALB is designed for applications requiring simple load balancing with some basic URI-to-destination-mapping rules. ALB will meet the basic traffic distribution and scaling services for many AWS-native applications. When developers or application suppliers are available to fix security or functionality issues in a timely manner—or the overall risk of security compromises is lower—ALB is an obvious choice.

For similar applications using other TCP protocols and needing robust but simple load balancing services, the classic load balancer will often suffice.

There are other use cases where an organization may prefer to take advantage of the power of a full-fledged ADC on AWS. Some of the benefits of using BIG-IP on AWS include the following:

• Improved security
• Greater traffic control
• Traffic optimization
• True application layer programmability

The platform architecture of BIG-IP gives you complete visibility into and control over application traffic. With a huge range of features, a BIG-IP instance in your AWS environment gives you a powerful toolkit to address application performance, security, or availability problems. BIG-IP can direct individual application-layer requests to any routable resource, from a local EC2 instance or a sever instance in another cloud to an API-based service or an on-premises device.

For example, ALB can steer traffic to back-end resources based on the requested URL, but if you need to steer traffic based on more complex characteristics—such as device type, connection speed, or client location—BIG-IP is better equipped for the task.

This advanced problem-solving capability becomes highly relevant when enterprise applications are being migrated to the cloud or where developers are not readily available to mitigate application vulnerabilities or behavior problems. When your application needs urgent protection, misbehaves with a new client type (or even client operating system change), or crashes on certain requests, BIG-IP often offers a fast, simple, and reliable fix.

Another significant factor is the need for consistency between the data center and the cloud. Thousands of organizations rely on BIG-IP devices to deliver critical applications in their data centers. The AWS BIG-IP Virtual Edition offers the same application layer services on AWS as on a physical BIG-IP in a data center. Using a BIG-IP VE, organizations can migrate applications faster, cheaper and with greater confidence, while staff can focus their re-skilling efforts elsewhere, and organizational knowledge and investment in BIG-IP is maintained.

As a native service, deploying AWS ELB is as simple as checking a box. Getting a BIG-IP VE up and running on AWS involves deploying the instance from the Amazon Marketplace using either a utility-billing or bring-your-own-license model. Deploying the BIG-IP image can be managed manually or by using automation options such as AWS CFTs, of which F5 offers a number of fully supported templates (as well as some “experimental” ones). These are available from the F5 Github repository, which also contains a Python SDK and other tools. Additional community supported deployment tools, playbooks, and documentation are available from the F5 DevCentral repository.

Both AWS ELB and F5 BIG-IP offer compelling value to organizations deploying applications on AWS. Knowing when and where you might need more control, security, or programmability can help you chose the right solution to support your applications—and your business—in the cloud.