Q: What’s the difference between “an ALB configured with pass-through traffic without TLS offload” vs “a NLB configured to pass-through traffic without TLS offload” ?

0

I know ALB can be configured to just pass-through the packet without TLS offloading. In that case, because payload is encrypted, then ALB only get limited access to the payload to do any dynamic routing (content based sticky session, etc).

My question is, in this case, is there any difference if I use a NLB without TLS offloading? Does ALB without TLS Offloading functionally the same as NLB without TLS Offloading?

AWS
Rachel
질문됨 3년 전1007회 조회
1개 답변
1
수락된 답변

NLB works at the network layer (Layer 4 in the OSI model). Ignoring the ability to perform TLS offload (which is what you're asking) it "looks" different at the network level to the client than using ALB. ALB works at the application layer (Layer 7).

From the client to the back-end target, when configured for pass-through (ALB) and not offloading TLS (NLB) it they both look like this:

Client ---(A)---> Load Balancer ---(B)---> Target

With NLB:

  • In (A) the source IP is the client; the destination IP is the load balancer
  • In (B) the source IP is the client (there are exceptions but in most cases); the destination IP is the target instance - it is the same TCP session

NLB is doing source (client) IP preservation.

With ALB:

  • In (A) the source IP is the client; the destination IP is the load balancer
  • In (B) the source IP is the load balancer the destination IP is the target instance - and it is a different TCP session (port numbers, sequence numbers)
profile pictureAWS
전문가
답변함 3년 전
profile picture
전문가
검토됨 6달 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠