Voiced by Amazon Polly
AWS Load Balancer family has a member called Gateway Load Balancer. The following section will look at the functionalities, benefits, limitations, use cases of Gateway Load Balancer, and much more.
- AWS Gateway Load Balancer is a managed service from AWS
- It enables clients to create and maintain multiple inline virtual network appliances scalably.
- It operates at the third layer of the OSI model, the network layer.
- It listens for all IP packets on all ports and sends traffic to the listener rule’s defined target group.
- It has a unique component called Gateway Load Balancer Endpoint (GWLBE). It is a data plane component of GWLB and provides a way for customers to flexibly place interface VPC endpoints in both centralized and distributed deployments.
- A GWLBE is like AWS PrivateLink, which allows you to place your service across many accounts and VPCs without losing centralized control and administration.
- GWLBE is a VPC endpoint that allows virtual appliances in the service provider VPC to communicate with application servers in the service consumer VPC.
2. Before and After Gateway Load Balancer
Let us consider a scenario where users are used to accessing your applications. We know that users can access your applications directly utilizing a load balancer, such as the Application load balancer. The traffic goes directly from the users to the ALB and ALB to the application (fig.1). But what if you wanted all that network traffic to be inspected first before being sent to your application. You must deploy many third-party virtual appliances, for example, EC2 instances that you want all traffic to go through before the traffic reaches your application. As a result, it used to be quite challenging to do so. But now, with a gateway load balancer (fig.2).
Fig 1: Application Load Balancer
The gateway load balancer can be used to implement intrusion detection and prevention systems and deep packet inspection. To get started, one must create a gateway load balancer; what is going to happen is that behind the scenes, route tables have to be updated in the VPC. As a result, the route tables have been altered, and now what happens is that users’ traffic first goes through a gateway load balancer. The gateway load balancer will then spread that traffic across a target group of your virtual appliances. So, all the traffic will reach these appliances, where the traffic will be analyzed. Then, based on decisions made by appliances, traffic will be dropped or forwarded to the VPC endpoint.
Fig 2: Gateway Load Balancer
- The GENEVE protocol is used by the Gateway load balancer and its registered virtual appliance instances to exchange application traffic on port 6081.
- It provides horizontal scaling and fault tolerance to the appliances.
- It is transparent to network traffic as there is no change to source traffic.
- separate security and user admin domains shared across different VPCs, and AWS accounts
- provide the appliance-as-a-service facility (e.g., firewall-as-a-service)
- Endpoints can be created between VPCs and services in the same region but not between VPCs and services in separate regions
- Endpoint support IPV4 traffic only
- Security groups are not supported
- The gateway load balancer endpoint supports a maximum bandwidth of 40 Gbps.
5. Use Cases
Use cases in security
- N-S inspection (VPC to/from Internet) using Internet Gateway
- N-S inspection (VPC to/from Internet) using Transit Gateway
- Inter-VPC traffic inspection using Transit Gateway
Other use cases
- Deploying third-party appliances became faster
- Scale virtual appliances while managing costs
- Improve virtual appliance availability
The AWS Gateway Load Balancer is billed hourly in addition to the number of Gateway Load Balancer Capacity Units consumed, a metric determined by new and active connections or flows per second and the processed bytes.
Region: Asia Pacific (Mumbai)
$0.0133 per Gateway Load Balancer-hour (or partial hour)
$0.004 per GLCU (Gateway Load Balancer Capacity Units)-hour (or partial hour)
The AWS Gateway Load Balancer is massive, bringing to the cloud a capability that has never existed in traditional/legacy data center networks. However, as we have seen, Gateway Load Balancer is not the only load balancer; there are many other load balancers offered by AWS, such as Classic Load Balancer, Application Load Balancer, and Network Load Balancer.
Here at CloudThat are the official AWS (Amazon Web Services) Advanced Consulting Partner and Training partner and Microsoft gold partner, helping people develop knowledge on cloud and help their businesses aim for higher goals using best in industry cloud computing practices and expertise. We are on a mission to build a robust cloud computing ecosystem by disseminating knowledge on technological intricacies within the cloud space. Our blogs, webinars, case studies, and white papers enable all the stakeholders in the cloud computing sphere.
Feel free to drop a comment or any queries that you have regarding AWS services, cloud adoption, consulting and we will get back to you quickly. To get started, go through our Expert Advisory page and Managed Services Package that is CloudThat‘s offerings.
WRITTEN BY Aishwarya Joshi
Aishwarya works as a Research Associate (AWS Media services) with CloudThat. She is an enthusiastic individual and a good team player. A positive attitude is her way of dealing with everything. She enjoys learning new technologies and exploring various ways of problem-solving. As of late, she has become proficient in cloud services and enjoys writing technical blogs.